2022 Intro To Process and Plant Safety New

Plant Safety Operation
Introduction to
Process and Plant Safety
ODD SEMESTER 2022

Dr.-Ing. Diah Indriani Widiputri
SWISS GERMAN UNIVERSITY

Motivation
• Learning from accidents

• Safety related characteristics and parameters
• Means for accident prevention and limitation of
consequences
• Chemical reactivity and pressure reliefs
• Methods for safety analysis
• Estimation of risks – Risk analysis
• Human Factors
LEARNING FROM
ACCIDENTS
Major accidents in chemical process industries
• 1974 Flixborough Explosion (cyclohexane)

• 1976 Seveso toxic release (dioxine)
• 1984 Bhopal toxic release (methyl iso-cyanate)
• 1984 Mexico City BLEVE – boiling liquid expanding
vapor explosion (LPG)
• 2001 Toulouse Explosion (ammonium nitrate)
• 2005 BP Texas Explosion
• 2008 Bayer CropScience Explosion (methyl iso-cyanate) USA
• 2012 Corden Pharmachem Explosion (runaway reaction), HF
Ireland
• 2012 Neptune Pharma Explosion, toxic release
Sherbrooke, Quebec
MAJOR ACCIDENTS IN CHEMICAL PROCESS
INDUSTRIES
1974 1984 2001 2008 2012

Flixborough Explosion Bhopal Toulouse Explosion Bayer CropScience Neptune Pharma
(cyclohexane) toxic release (methyl (ammonium nitrate) Explosion (methyl iso- Explosion, toxic
iso-cyanate) cyanate) USA release
Sherbrooke, Quebec
Mexico City Corden Pharmachem

Explosion
BLEVE – boiling liquid
Seveso expanding (runaway reaction), HF
toxic release (dioxine) • vapor explosion (LPG) BP Texas Explosion Ireland
1976 1984 2005 2012

Major Hazards in Chemical industries
Fire
Explosions
Toxic release
Dangerous working atmosphere (hazard

related to occupational safety)
Flixborough (Nypro UK)
• Saturday, 1 June 1974, at around 16:53
• Events prior to the disaster:
27 March 1974: Vertical crack in reactor No. 5 found to be leaking
cyclohexane (highly flammable, flash point at -20°C)
The plant was then shut down for inspection, more serious damage was
found in the reactor and it was decided to remove it and to install a
bypass connecting reactor 4 and 6
Late afternoon, 1 June 1974, the 20 inch bypass system ruptured,
probably caused by a fire in a nearby 8-inch pipe.
This resulted in a massive release of cyclohexane that instantaneously
formed a flammable mixture and found an ignition source.
A massive vapor cloud explosion (VLE) caused extensive damage and
numerous casualties
Flixborough
• The fire continued for as long as 10 days

• 28 people were killed, 36 other were badly injured
• Offsite consequences resulted in 53 injuries
• Lessons learned:
– Modification occurred without full assessment of potential
consequences
– Calculation on the integrity of the bypass line was only
limitedly conducted
– Less sufficient procedures: maintenance, management of
change,
– Inadequate design of plant layout and control room
Past accidents in Chemical Industries
US CSB Safety Videos
Explosion at the Caribbean Petroleum,

or CAPECO, Puerto Rico
https://youtu.be/41QMaJqxqIo
Hazards of Nitrogen Asphyxiation
https://youtu.be/f2ItJe2Incs
Vinyl Chloride Explosion and Fire,

Formosa Plastics
https://youtu.be/IRbC4kowrrY
Bhopal (Union Carbide India Ltd.)
• 3 December 1984, early hours, pesticide plant
• Events prior to the disaster:
During the night 2-3 December, water entered the MIC storage tank,
caused a runaway reaction to occur. The reaction was accelerated by
contaminant, and the presence of iron from corroding non-stainless steel
pipelines. The exothermic reaction increased the temperature as well as
the pressure inside the tank.
Safety relieve was lifted due to the raise in pressure inside of the tank,
which released 30 tons MIC within 45-60 minutes to the atmosphere.
The gas cloud formed (probably contained many other hazardous,

flammable substances) was blown to the southeast of Bhopal.
• MIC (methyl isocyanate – C2H3NO) is an extremely reactive

substance, which is not allowed to be kept in a large storage.
• Effect on MIC on health:
Initial effects: coughing, vomiting, severe eye irritation and feeling
of suffocation
Acute symptoms: burning in respiratory tract and eyes, changes in
lungs, brains, kidneys, livers, and many other health problems
• 2,259 died immediately, 3,928 death were officially certified in 1991
• 558,125 injuries, including 38,478 temporary partial injuries and
3,900 severe and permanently disabling injuries
• Contributing factors:
- Use of a more dangerous pesticide manufacturing method

- Large storage of MIC
- Poor maintenance
- Failure in several safety systems: poor maintenance and cut off to
save money
- Plant location close to a densely populated area
- Plant management deficiencies
- Inadequate emergency action plans
SAFETY-RELATED PROPERTIES
Flashpoints of flammable and combustible
fluids
Flashpoint is defined as:
The lowest temperature, at which there will be enough vapor to
form an ignitable mixture with air
Test method for flashpoint determination: Abel-Pensky apparatus
Source: Fonds der Chemischen Industrie, Germany;

imageseries "Sicherheit in der Chemischen Industrie"
Flashpoints of flammable and combustible
fluids
• Classification of flammable liquids
after OSHA (Occupational Safety and Health Administration)
“flammable liquids” – class I liquids
Class Characteristics
Class I-A liquids Flash points below 22.8°C and
boiling points below 37.8°C
Class I-B liquids Flash points below 22.8°C and
boiling points at or above
37.8°C
Class I-C liquids Flash points at or above 22.8°C
and boiling points below
37.8°C
Safety characteristics – flammable
and combustible fluids
• Classification of flammable liquids
• OSHA (Occupational Safety and Health Administration)
“combustible liquids” – class II and class III liquids
Class Characteristics
Class II liquids Flash points above 37.8°C and
boiling points below 60°C
Class IIIA liquids Flash points at or above 60°C
and below 93.4°C
Class IIIB liquids Flash points at or above 93.4°C
Minimum or Autoignition temperature
(MIT or AIT)
• is the lowest temperature, at which a fuel-air mixture of the most
easily ignitable composition can just be stimulated to burn with a
visible flame. It is also often used to establish the maximum
temperature of hot surfaces in the plant
test apparatus: using erlenmeyer flask
T Classes Ignition point

(a) Observation mirror
(b) Thermocouple
T1 450°C (c) 200-ml Erlenmeyer flask
T2 300°C (d) Heating
T3 200°C (e) Resistance
T4 135°C thermometer
T5 100°C
(f) Thermal insulation
T6 85°C
(g) Test gas
(h) Pipette for liquids
Combustion test of solids
• This test is aimed to determine

the combustibility and the
flammability (firing behavior) of
powdered solid in rest
• The test classifies solids into 6

class numbers, class 1 to class 6
with increasing level of
hazardous potential
Combustion test of solids
Type of reaction Class Reference
number substance
No ignition 1 Table salt
Without flame Ignites for short time period and 2 Tartaric acid
propagation extinguishes
Ignites with local burning 3 lactose
Smoldering or slow flameless 4 1-amino-8-

decomposition naphtol-3,6-
disulfonic acid
Flame or fire Rapid burn or slow and steady 5 Sulfur

propagation burning with flame Ammonium
dichromate
Extremely rapid burning with flame, 6 Gun powder
or rapid flameless decomposition
Minimum ignition energy (MIE)
• Is the minimum amount of

energy to ignite a combustible
vapor, gas or dust cloud due
to different ignition source.
• Ignition source can be a
flame, spark, or electrical
charges.
• All flammables including
dusts, have MIE.
• The MIE depends on specific
chemical or mixture,
concentration, pressure and
temperature.
Source: www.firesandexplosions.ca
Minimum ignition energy (MIE)
• For a discharge to ignite an

Pressure
Combustible (atm) MIE (mJ) explosive atmosphere there
must be enough energy
• For most hydrocarbons
Methane 1 0.29 vapors and gasses the MIE
Propane 1 0.26 lay between 0.1 – 1 mJ
Heptane 1 0.25
Hydrogen 1 0.03 • Many liquids and solids have
Cornstarch 1 0.3 MIE above 10 mJ
dust
Iron dust 1 0.12 • A person walking on a
carpeted floor can develop a
potential difference of as
Source: „Chemical process safety: fundamentals with much as 40 mJ
applications“
EXPLOSIONS
Definitions and types
• An explosion is a rapid expansion of gases resulting in a rapidly
moving pressure or shockwave. The expansion can be mechanical
or a result of a rapid chemical reaction.
• An explosion is a rapid oxidation reaction.
• Deflagration
an explosion in which the reaction front moves at a speed less than
a speed of sound in the unreacted medium
• Detonation
an explosion where the reaction front moves at a speed greater
than the speed of sound in the unreacted medium
Parameters to explosion sensitivity
• Oxygen balance
is used to indicate the degree to which an explosive can be
oxidized. The OB% gives estimation about the amount of
available oxygen for the oxidation reaction.
OB%
OB should be > -200 to be said explosion sensitive/critical

Parameters to explosion sensitivity
• Other parameters used are:

- result of combustion test: class number 4 and above
- result of ignition test: positive results of ignition without
and with deflagration
- a result of DSC (Differential Scanning Calorimetry)
showing energy released of 700 J/g or higher
If any of the above criteria or the oxygen balance of >-200 is

found, the substance is to be examined by a serie of explosion
testing.
Explosion testing: impact test
• Impact testing is carried out by dropping a fixed weight onto a

prepared sample of the explosive to be tested from a given
distance.
• If liquid is to be tested, the sample will be placed in a special
container (cells).
Positive result:
smoke, spark,
deflagration, flame or
fire at <= 40 Nm
 Explosion sensitive
Explosion testing: friction test
• A substance should also be tested of its sensitivity to

explosion due to friction.
• BAM apparatus for friction testing can be used for this
purposed.
Weight of ceramic plate:
0.5 – 3.6 kg
load:
5 – 360 N
Positive result:
smoke, spark,
deflagration, flame or
fire at friction <= 360 N
Explosion testing: “Koenen” test
Plate opening:
1 – 20 mm
Temperature:
700 – 800°C
Positive result:
Explosion (when the
steel coarse is broken
into at least 3 pieces), at
plate openings > 2 mm
Explosion triangle
• Requirements for an
explosion to occur:
– Fuel concentration in a mixture
with oxidation agent must be
between certain range
– Oxidation agent (eg. Oxygen)
must be available at a certain
amount
– An ignition source that has an
energy of at least equal to the
MIE must be available
A gas explosion can result in a T > 1000°C and P = (6-10) x Pinitial

Flammability limits
• Flammability of gases and vapors lays in a certain range, bordered

with flammability limits.
• There are two kinds of flammability limits: LFL (lower flammability
limit) and UFL (upper flammability limit)
• Explosion can only happen within this flammability zone
• The flammability of gases and vapors can only be determined
experimentally in a specially design closed vessel
• As long as it can be guaranteed that the mixture between fuel gas

and oxygen is always outside the flammability zone, the system can
be considered as inert (no oxidation is possible)
• However, since this is not always the case, anticipation must be made
Protections against explosion
• Primary protection
primarily, it is always desired to avoid the presence of flammable
atmosphere (fuel/air mixture) at any condition.
This can be achieved by either keeping the concentration of the fuel
too low or too high in the system, so that explosion is impossible to
occur. Important means: Inerting the system
• Secondary protection
the secondary protection would be to avoid possible ignition
source: grounding, use of safety shoes
• Tertiary protection
is also called the mechanical protection. This can include physical
modification of the plant to be explosion proof.
Inertisation
Limiting oxygen Air line

concentration (LOC)
At this oxygen concentration,
whatever the fuel
concentration is, no
l%
Ine
Vo
explosion is possible
rt
in
in
n
Fuel line
Vo
yge
l%
Ox
Oxygen line
Inert gas:
Nitrogen, argon,
Explosion zone
flue gas
LFL UFL
Fuel in Vol%
N2
O2
N2
Fuel
Oxygen Fuel
Construct a 3-component diagram of Methane-Nitrogen-Oxygen
system, with the following conditions:
1. In the mixture between methane and nitrogen, a minimum

concentration of nitrogen is 86%, so that with the addition of
oxygen, no risk of explosion will be present.
2. If methane is added to a mixture of oxygen and nitrogen, with a

minimum concentration of nitrogen of 80%, no explosion will
happen
a) Draw the partially and full inerted zones.

b) A mixture consists of 5 % methane and 95% air. Identify whether
this mixture lays in the partially inerted, full inerted or none of these
area?
Dust explosion
• Dust explosion is a fast combustion of dust particles suspended in

air.
• A very common example is the coal dust explosion in mining
industries
• But dust explosion can occur anywhere, where any powdered
combustible material is present
• The maximal pressure can reach P = 10 + Pinitial
• The finer the dust particle is, the bigger the potential to cause dust
explosion will be
• Particle size: > 500 µm  dust
100 – 300 µm  fine dust
30 – 100 µm  micro-fine dust
Condition for dust explosion
• dust has a very large surface area

compared to their mass, which causes it to
be much more flammable than bulk
materials
• Source of dust:
– Many materials that are commonly known as
easily to oxidize: coal, magnesium, powdered
metals like aluminium and titanium
– But also: grain, sugar, powder milk, flour,
sawdust.
• Source of ignition:
– electrostatic discharge
– friction
– Hot surfaces
– Fire or flames
Primary and secondary explosion
• Primary dust explosion occurs inside process plants or similar facilities,
and are generally controlled by pressure relief through ducting to the
atmosphere.
• Secondary explosions are result of dust accumulation inside the factory
being disturbed and ignited by the first explosion.
• Secondary explosions can result in a much dangerous and uncontrollable
explosions inside the workplace.
• Many fatalities from dust explosions have mostly been a result of
secondary dust explosion.
Imperial Sugar, USA
• On February 7, 2008, a huge
explosion and fire occurred at the
Imperial Sugar refinery northwest of
Savannah, Georgia
• causing 14 deaths and injuring 38
others, including 14 with serious and
life-threatening burns.
• The location of the explosion was
quickly established as a building
used to store refined sugar prior to
packaging
• The explosion was fueled by massive
accumulations of combustible sugar
dust throughout the packaging
building
West Pharmaceutical dust explosion, 2003
• Occurred in Kinston, United States, January 29, 2003.

• The facility’s purposes were: production of syringe plungers, manufacture
of intravenous components and rubber compounding
• In Oct 2002, there were 22 violations found in the facility, but this was
said to be a routine findings, and the West was fined $10,000.
Investigation found that the explosion started in an area known as Automated

Compounding System, a synthetic rubber processing system, involving mixing,
rolling, cutting and drying polyisoprene. The process adds oils and fillers, and
creating significant quantities of dust.
A particular machine was then identified, where a coating of rubber strips with
finely powdered grade of polyethylene took place. The space and suspended
ceiling above the machine was regularly cleaned.
But, they were unaware that the ventilation system pulled out the dust up into the
ceiling where an accumulation of about 0.25 – 0.5 inch thick had gathered.
• The investigation determined that the explosion happened after

something disturbed the dust, formed a cloud, which ignited
• The investigation failed to reveal what disturbed the dust and what
ignited it, due to extreme damage to the plant
• 6 people were killed, 36 were injured
• But several theories of what had happened were made:
• The machine was known to suffer several internal fires, including one that
was powerful enough to blow off the mixer door
• A batch of rubber was overheated and ignited
• An electrical ballast or light fixture that ignited accumulated dust
• A spark caused by possible electrical fault
• Ignition of dust in a cooling air duct feeding an electric motor
How Much Dust is Too Much Dust?
• NFPA 654 warns that a dust layer > 1/32 of an

inch (or the thickness of a typical paper clip)
accumulated on surface areas of at least 5
percent of a room's floor/or above ceiling area
presents a significant explosion hazard.
• Note: The U.S. Chemical Safety Investigation

Board (CSB) found that West Pharmaceutical
explosion that occurred in Kinston, NC, was
caused by dust accumulations primarily araound
¼ inch.
Dust explosion characterization
• Tendency (likelihood) of dust explosion – ignition sensitivity

• Maximum explosion pressure
• Maximum rate of pressure rise
• Minimum ignition energy (MIE)
• Auto ignition temperature (AIT)
• Flammability/explosion limits
• Limiting oxygen concentration (LOC)
Test apparatus : - modified Hartmann tube

- 20-L sphere apparatus
Modified Hartmann tube
• Test to determine the

likelihood of a dust explosion
• The test answers the
question “can this dust
explode?”
• The apparatus consists of 1.2
L vertical tube
• Dust samples from various
quantities are dispersed in
the tube
• Ignition is attempted through
a source of electrical arc from
various energy
Modified Hartmann tube
a test is considered positive if

• The indication instrument shows a
deflection of the hinged cover
• Or if a dust fire occurs (even if the
hinged cover is not moved)
20 liter spherical explosion test apparatus
• The 20-l sphere is a standardized

apparatus to determine whether
or not the dust is explosible
• Various concentrations and sizes
of dust
• Various ignition energy
• Various level of oxygen
concentrations
• Observation of the maximal
possible pressure at explosion
• Observation of the rate of
pressure rise
20 liter spherical explosion test apparatus
Results obtained from 20-L sphere

test:
– Max. explosion pressure
– Max. rate of pressure rise
– Deflagration index (Kst value)
– Explosion limits
– LOC and MIE
Max. explosion pressure and
max. rate of pressure rise
Explosion Kst values Characteristic

class (bar m s-1)
St 0 0 Non explosible
St 1 0 < Kst ≤ 200 Weak to
moderately
explosible
St 2 200 < Kst ≤ 300 Strongly
explosible
St 3 Kst > 300 Extremely
explosible
Kst values and St classes can be used
to determine the required venting size
Dust explosion protection measures
Primary protection Secondary protection Tertiary protection
Preventive measures by Preventive measures Constructional explosion protection
avoiding explosive by avoiding effective
atmosphere ignition source
Reduction of Analyzing potential Measures to avoiding and/or limiting
concentration of the ignition sources the effect of a dust explosion to a safe
combustible material to level
below the LFL Determining the
Inertisation, ventilation necessary extent of Explosion resistant design: explosion
protective measures pressure resistant vessel,
Prevent the release of
combustible materials or Using suitable Explosion relief: burst disc, venting
at least to limit it equipment panels, explosion doors
regular cleaning to avoid Explosion suppression: use of
dust accumulation, extinguishing agent
proper plant design
Explosion barriers: isolation,
mechanical barriers that immediately
block routes
Zones classification
ATEX Directive (ATmosphere EXplosives) based zones classification:
• Zone 20
A place in which an explosive atmosphere in the form of a cloud of
combustible dust in air is present continuously, or for long periods or
frequently.
• Zone 21
combustible dust in air is likely to occur in normal operation occasionally.
• Zone 22
combustible dust in air is not likely to occur in normal operation but, if it does
occur, will persist for a short period only.
Thermal analysis of thermal decomposition
• Thermal analysis studies the changes in properties of different materials
with change in temperature
• Many materials decompose when heated, eg. Calcium carbonate into CaO
and CO2
• In most cases, the decomposition happens with release of energy, and if

this energy release is too high, a risk to an explosion exists
• The commonly used methods are the DTA (differential thermo analysis)
and DSC (differential scanning calorimetry)
DTA/DSC
• Measurement of the heat

rate difference between the
sample and reference
substance
• with little transformation,
the heat flow can be
obtained which will help the
determination of enthalpy
and total energy involved
Types of DTA/DSC –
temperature programming and isothermal
• Temperature programmed
temperature will be increased with constant rate. This type
of DTA/DSC is used as standard screening test
• Isothermal
the temperature will be held constant during the whole
test
temperature programming
• Temperature programmed
- the most commonly applied method in DTA/DSC
- delivers important information with high precision
- the heat rate used: 1 K/min to 10 K/min
Results:
• the amount of energy involved during the whole transformation
process, and the enthalpy of transition
• The temperature range where the transformation process can
take place
• The temperature, at which the maximum heat capacity can be
observed
• The shift of heat flow
peaks is influenced by the
reaction rate or kinetics
• For most reactions
(reactions with normal
peaks shift), the peak
temperature will move 10
K with an increase in heat
rate of a factor 2 or 3.
• And will move 40 K with
an increase in heat rate of
a factor 10.
100 K - Rule
“in DTA/DSC for materials with normal shift of heat-flow peaks, the
peak temperature will shift 40 K when the heat rate increased with
a factor of 10, or he gradient of d(ln HR)/dT will be = 0.057 K-1. “
“ at heat rate of 10 K/min, the operating temperature should be at
least 100 K below the ONSET temperature
Example
Temperatur [°C]
0 50 100 150 200 250 300 350 400 450 500 550 600 650 700 750 800 850
0,00
-0,20
-0,40
-0,60
dQ/dt [W]
-0,80
-1,00
-1,20
-1,40
isothermal
• Isothermal DTA/DSC
- the temperature is held at a constant value throughout the test
Results:
• Total energy involved in the whole process of transition
• The form of peaks helps determining the information concerning reaction
kinetic
• Estimation of TMR (time to reach the maximum reaction rate)
Drawbacks compared to temperature programmed:

• Time intensive
• The total energy can be integrated directly from the temperature curve,
but the points where the transition process end are more difficult to read
isothermal
Zeit [s]
0.0E+00 5.0E+03 1.0E+04 1.5E+04 2.0E+04 2.5E+04 3.0E+04
0.0E+00
-1.0E-05
T iso=110°C
-2.0E-05
T iso=120°C
-3.0E-05
-4.0E-05 T iso=130°C
dQ/dt [W]
-5.0E-05
-6.0E-05
-7.0E-05
-8.0E-05 T iso=140°C
-9.0E-05
-1.0E-04
-1.1E-04
isothermal
• TMR (time to reach the maximum reaction rate)
Represents the time needed by an exothermic reaction to reach its

maximum rate (corresponding also to the maximum heat production rate)
Evaluation of TMR helps determining the time that would be available to
overcome with process disturbances through reasonable corrective
measures.
Rule of thumb: TMR should be at least 24 hours
TMR = 24 hr would still be safe even in a manual operated plant
TMR = 8 hr requires well trained personnel, process and safety equipment of
high quality, good process control system
TMR = 4 hr only in extremely reliable process
• TMR (Time to Maximum Rate)
• Is the time required for an exothermic system to reach its

maximum rate of reaction (maximum heat production rate)
• TMR can offer information whether enough time would be
available to control the system at safe operation state
SAFETY OPERATION OF CHEMICAL
REACTORS
Heat Explosion Theory
Assumptions:
• Reaction is a simple reaction from A to B, which is carried out
in the batch reactor
• Formal kinetics of zero order
(Approach to Arrhenius)
r : reaction rate
Heat production rate:
 Tools for assessing normal operations
T Frank-Kamenetzkii
Model
 Model for solid bulk
materials
Semenov Model
 Gases and low
viscosity Newtonian
liquid
Wall
Centre of  PLACE
reaction mass
70
Assumptions:
• Reaction is a simple reaction from A to B, which is carried out in the
batch reactor
• Formal kinetics of zero-th order
(Arrhenius Equation)
r : reaction rate
Heat production rate:
71
Heat dissipation through the wall:
In order for a reactor to be operated isothermally, the heat of

reaction generated must be able to be safely removed at any time
72
Semenov-diagram
S : Stable operating point
I : Unstable operating point
73
Semenov-diagram : effect of
Slope of the cooling capacity line
Cooling system temperature

74
Semenov-diagram
75
Cooling
Failure
Scenario -
GYGAX
4 : Process temperature
4 + 2 : MTSR = maximum temperature of

synthesis reaction (without cooling)
4 + 2 + 3 : Maximum temperature of
decomposition reaction
1 : Time available to reach the expected process

temperature  time available to remove
reaction heat
1 + 5 : Time available until decomposition

reaction starts
1 + 5 + 6 : Time available until the

decomposition reaction becomes uncontrollable
The Safety Assessment Of Reaction
Safety related characteristic parameters related to safe operation
of a reactor:
o Adiabatic Temperature Increase (∆Tad)

o Damköhler number (Da)
o Stanton number (St)
o Thermal characteristic (B) – dimensionless adiabatic
temperature increase
78
Adiabatic Temperature Increase
→ shows the exothermal effect of a reaction
Value range:
∆Tad = 10 K (mild exothermic reaction) – 400 K (strongly exothermic reaction)
∆Tad >= 1600 K (Polymerization and Decomposition)
Recommended limit:
∆Tad < 50 K → process reliable/safe
79
Damköhler Number (Da)
→ provides a measure to analyze the reaction rate
Da =
Value range: 0.01 until 100 and higher
Controlled-dosed semi-batch
Slow batch process processes, continuous processes
with high dwell times
80
Stanton Number (St)
→ Characterization of cooling capacity
St =
Assumptions :
Value range :
St = 3 - 5 industrial scale reactor
St = 15 - 20 laboratory scale reactor
81
Thermal Characteristic of Chemical Reaction –
Dimensionless Adiabatic Temperature Increase
 Measure for the potential associated with the chemical reaction
E/R : activation temperature (E/R = 4500 – 12000 K)
Value range:
B = 3 – 5 (process can be safely controlled)
B = 6 – 15 (requires bigger attention)
B > 15 (process is uncontrollable)
82
Models Of Reactors
Ideal model of reactor for continuous operation
Reactants
and solvent
Reaction mixture
Reactants
and solvent Reaction mixture
CSTR : Continuously Stirred Tank Reactor 𝑉𝑅

PFTR : Plug Flow Tube Reactor 𝑡 𝑐h𝑎𝑟 =
𝑉
tchar =
83
Ideal Models Of Reactors
Ideal model of reactor for dis- or semi-continuous operation
Dosed
components
All the components
involved in the
reaction were fed at
the beginning Components
fed initially
BR : Batch Reactor
SBR : Semi Batch Reactor
Reaction time
Dosing time
84
Assessment criterion:
 safe process
 
B = 3…5  (3…5) .
 Only slow batch processes are safelywith
controlled
85
Criticality classes – Stoessel Theory
Temperature
Classes
Crtiticality
a : Tprocess c : Adiabatic
Decomposition Temperature 24
86
b : MTSR d : MTT (max tolerable temperature)
OPERATION OF A BATCH REACTOR
The safe operation of
cooled batch reactor
Industrial application of a cooled batch reactor:

 Isothermal
 Isoperibol
 Partially regulated
88
cooled batch reactor
inner temperature
inner temperature
coolant temperature coolant temperature
Isothermal operation Isoperibol operation
inner temperature
 Schematically illustrated:
temperature vs time profiles
for different BR operating
modes
coolant temperature
Partially regulated operation 89

The safe normal operation of the
cooled batch reactor - isoperibolic
Processes to be carried out as isoperibolic batch process, and:
 either independently of the intended overheating, a value for

the thermal reaction parameter is less than 3
 or in the case of overheating which does not exceed 15% of the

adiabatic temperature increase, a value for the thermal
reaction parameter is less than 5,
are non-critical with regard to the thermal potential.
90
• Batch processes which are to be carried out
isoperibolically,
• and whose value for the thermal reaction parameter is

greater than 6 ,
• may only be carried out if sufficient cooling capacity

ensures that the maximum overheating is less than 40%
of the adiabatic temperature increase.
91
𝐷𝑎 𝑀
Adequate cooling : ≤ 0.7
𝑆𝑡
Maximum temperature : 𝑇 𝑀 =𝑇 𝐶 +0.15 ∆ 𝑇 𝑎𝑑 3<B<5-6
𝑇 𝑀 =𝑇 𝐶 +0.4 ∆ 𝑇 𝑎𝑑 B>6
MTSR: MTSR =
92
The safe normal operation of the cooled
batch reactor - isothermal
𝑇 𝑖𝑠𝑜 −𝑇 𝐾 𝐷𝑎
Adequate cooling : =
∆ 𝑇 𝑎𝑑 𝑆𝑡
𝑅 .𝑇 2𝑖𝑠𝑜
Maximum temperature : 𝑇 𝑖𝑠𝑜 −𝑇 𝐾 <
𝐸
93
OPERATION OF A SEMI-BATCH
REACTOR
cooled semi-batch reactor
Controlled dosing of a key chemical into a stirred vessel

has the widely recognized advantage of minimizing the
amount of energy available for a potential exothermic
runaway.
Industrial application of semi-batch reactor (SBR):

• Isothermal
• Isoperibolic
95
The safe operation of cooled semi-batch reactors
inner temperature
inner temperature
coolant temperature coolant temperature
Isothermal operation Isoperbolic operation
 Schematically illustrated temperature-time profiles for different SBR

operating modes 96
semi-batch reactor
 because of the dosing, the convective heat flow and the heat
transport through the reactor wall must be included in the
balance calculation
˙ 𝑐𝑜𝑛𝑣 =− 𝑉˙ 𝐷 . 𝜌 . 𝑐 𝑃 .(𝑇 −𝑇 𝑑𝑜𝑠𝑒 )

𝑄
˙ =−𝑈 . 𝐴 .(𝑇 −𝑇 ) Energy balance
𝑄 𝐾 𝐾
𝑈 . 𝐴. 𝜏 𝐷
𝑇 𝑑𝑜𝑠𝑒 + 𝑇𝐾
𝑉 𝐷 . 𝜌 . 𝑐𝑃
𝑇 0= Mixing temperature of SBR
𝑈 . 𝐴 . 𝜏𝐷
1+
𝑉 𝐷 . 𝜌 . 𝑐𝑃
97
semi-batch reactor
• The Damköhler number (Da) and the Stanton number (St)
are to be referred to the final volume!
( −𝑉 𝐴 ) . 𝑘 ( 𝑇 0 ) .𝑛 𝐵𝑂 . 𝜏 𝐷 𝑈 . 𝐴 .𝜏 𝐷
𝐷𝑎
2. 𝑂𝑟𝑑
= 𝑆𝑡=
𝑆𝐵𝑅
(𝑉 ¿ ¿ 𝐷+𝑉 𝑂 )¿ (𝑉 ¿ ¿ 𝐷+𝑉 𝑂 ). 𝜌 . 𝑐 𝑃 ¿
(1+ 𝜀)
𝑇 𝑑𝑜𝑠𝑒 + 𝑆𝑡 .𝑇 𝐾
𝜀
 Reference temperature for SBR: 𝑇 0=
(1+ 𝜀 )
1+ 𝑆𝑡
𝜀
𝑉𝐷
𝜀= volume increase factor
𝑉0
98
semi-batch reactor
1.45 𝐷𝑎( 𝑇 0) 𝑘∞ ∙ 𝑒
− 𝐸/ 𝑅𝑇 0
∙𝑛 𝐵 0 ∙ 𝜏 𝐷
≥1 𝐷𝑎(𝑇𝑜) =
𝑉 𝑡𝑜𝑡𝑎𝑙
 Safe cooling : 𝜀
+𝑆𝑡
1+ 𝜀
∆ 𝑇 𝑎𝑑
 Maximum temperature :
𝑇 𝑀 =𝑇 𝑜 +  isoperbol
𝜀
+𝑆𝑡
1+𝜀
𝑇 𝑀 =𝑇 𝑖𝑠𝑜  isotherm
99
semi-batch reactor
Maximum temperature of the synthesis reaction:
Criteria for a safe reaction:
𝐷𝑎 (𝑇 𝑖𝑠𝑜) 1
≤
𝑆𝑡 𝐵(𝑇 𝑖𝑠𝑜 )
100
SAFETY ANALYSIS METHODS
PHASE
Start
Determination of process and Process or plant must

installation conditions be modified
Safety assessment of the process under

normal operating conditions
Identification of possible deviations from

the desired process conditions
yes Can the reaction be reliably mastered even under

these deviating operating conditions?
no
Technical measure and/or Organisational measure
Can the reaction now be controlled?

no
yes
Assessment of further possible yes
process deviations
no
Documentation and Finish
Process Hazard Assessment & Safety Evaluation 102

Methods for analyzing plant safety
• Safety analysis mainly involves two activities: hazard identification

and risk analysis
• Hazard identification aims to the recognition of possible hazards
with significant consequences, such as loss of life and harms to
people, serious damage to facilities and to surrounding environment.
• Moreover it focuses on the identification of the causes of possible
incidents in the plant.
• In safety analysis, hazard identification if often followed with a risk
analysis, where quantification of potential risk associated to each
potential hazard takes place.
• In risk assessment, consideration in judging the tolerability of
potential risk is made
Methods for analyzing plant safety
• Qualitative methods, i.e.:

- what-if analysis
- check-lists
- HAZOP (hazard and operability) studies
• Quantitative methods, i.e:

- FTA (fault tree analysis)
- ETA (event tree analysis)
• Semi-quantitative methods, i.e:

- FMEA (failure mode and event analysis)
Qualitative safety analysis
• Qualitative methods focus on the identification of hazards and

derivation of the corresponding safety measures
• For each process in a chemical plant, 4 main questions to be
asked:
- what are the hazards?
- what can go wrong and how?
- what are the consequences and what are the chances?
- what can be done to prevent and/or mitigate the
consequences?
• What-if analysis
Is a brainstorming method in recognizing things that can go wrong

during operation of a process plant.
The initial step will be to prepare a set of “what-if” questions, which
can include various possible technical failures and human errors.
Next step will be to determine the answers, estimating the likelihood
(qualitatively), determining the consequences, and to make
recommendations.
Tabular worksheet is used as a tool for this analysis.
• What-if analysis
Pros and cons:

• Simple to use and has been effectively applied to various processes
• Can be applied any time of interest (design, construction, operation,
maintenance)
• Results are immediately available and can be quickly applied
• The technique relies heavily on the experience and intuition
(sometimes subjective) of the review team
• With missing necessary questions, the results become incomplete
and the analysis is unreliable
• Safety checklists
Is quite similar to what-if analysis, with the questions are set in form
of yes/no questions.
Questions must be made by experienced people that have been an
expert in conducting hazard analysis.
Still, checklists are not comprehensive if the range of questions listed
are incomplete and overlook the obvious possible hazards.
Checklists are normally used in combination with other safety
methods.
• HAZOP studies
Is by far the most

widely used qualitative
safety analysis of
process plants.
Use of “guide-words”
on each process
parameter to discover
how process deviation
from design intention
can occur and whether
those deviations.
• HAZOP studies
The application requires a team

consisted of experts from different
backgrounds, i.e project engineer,
commissioning manager, operation
manager, instrument/electrical
engineer, safety engineer, operator
team, maintenance technician,
supplier rep., etc.
Results are compiled in form of

tables and summarized in a report.
• HAZOP studies
The strength of HAZOP lies in its systematic. It breaks the system down
systematically, so that significant hazards at every process node can be
identified.
The team involved is very multidisciplinary that involves operational
experiences as well as lessons learned from other incidents from
different perspectives.
Drawbacks are among others: sometimes it is difficult to discover the
interconnection between process nodes
In some cases, hazards that are not related to guide-words might be
overlooked. The analysis is very time consuming. And it requires trained
people to be able to achieve reliable results.
Intro to risk analysis
• Quantitative methods provide a way to a risk analysis
Definition of risk:
“risk is the potential that an action or activity will lead to a
loss.”
Risk can also be defined as:

“risk is the probability of an event times the severity or the
magnitude of the outcome”
R = risk
R=S.P S = severity of the outcome
P = probability of the event
Intro to risk analysis
S R=S.P
k R = risk
Ris
S = severity of the outcome
P = probability of the event
Dangerous
properties
handling
Material
l
r ity ntia
ve te
Se Po
Hazardous
amount
potential
Review on probability theory
• Reliability (R)
a component will fail after a certain period of time.
so that the reliability (R) of that component is determined by

time and µ (failure rate, number of faults/time). The bigger µ, the
faster the reliability decreases. And at t  ~ the reliability will be
zero.
• Unreliability or failure probability (P)
is the compliment of reliability.
Review on probability theory
• Density of failure rate f(t)
is defined as the derivative of the failure probability.
and is used to determine the probability of at least 1 failure

between time t0 to t1.
Bathtub curve of failure rate over time
http://www.weibull.com
• Many components follow the pattern of typical bathtub failure rate curve
• The failure rate is highest when the component is new or very old
Interaction between process units
• Accidents normally happen as a result of complicated interaction

between different components.
• Components are interconnected in 2 fashions: in series and in
parallel
• Series:
if components are connected in series, the reliability of the

overall process is the product of multiplication between the
reliabilities for the individual components.
Interaction between process units
• Parallel:
in parallel, the failure probability is calculated by multiplying the
probabilities for the individual components.
example: if Ri = 0.6 Fi = 0.4 i = 2  PƩ = 0.16 RƩ = 0.84

i = 3  PƩ = 0.064 RƩ = 0.936
Reliability enhancement
• Parallel connection
• Redundancy
- redundancy: two or more identical components are connected
in parallel, connected to separated power source
- diversity redundancy: redundancy with components having
different measurement principles
• Enhancement of redundancy
- stand-by
- voting system
Reliability enhancement
• Enhancement of redundancy
- stand-by
- m-out-of-n voting system

i.e. 2 out of 3 (2/3)
2 out of 4 (2/4)
3 out of 4 (3/4)
Limits attainable on reliability
• Parallel redundancy provides a way to significantly increase

system reliability. However, this is only achievable if the
components are strictly independent one from another.
• One effect can compromise this independence: common-mode-
failure
• Common-mode failure
this results when a single factor (or i.e. component failure) can
simultaneously cause failure in two or more redundant
components.
example: loss of electrical power from one source causes
redundant components to shut down.
Limits attainable on reliability
• Common-mode failure
the presence of common-mode failure can cause serious effect
on the reliability of high-integrity systems.
common mode failure can be modeled to be in series with the
redundant components.
the ratio of the common-mode failure to the total failure
probability is called the β-ratio:
β-ratio approximates 1 as the common-

mode failure becomes dominant and
approaches 0 as it becomes negligible
Quality evaluation of safety concept
• 3 quantities involved in assessing emergency situations

Hazard Rate (HR) : number of occasion per unit time (e.g. per
year, per week) upon which the hazard is expected to arise
Demand (D) : number of occasion per unit time upon which the
emergency shut-down system is called on to operate
Fractional Dead Time (FDT) : fraction of time during which the
emergency system is unavailable, also called the unavailability
HR = [time -1]
D = [time -1] HR = D . FDT
FDT = dimensionless
Fractional Dead Time (FDT) :
FDT = f (µ,T)
µ = failure rate (number of faults per unit time)
T = the regular time interval of checks and maintenance
 A system will be occasionally unavailable due to defects. Is the defects are

revealed, the FDT or unavailability of the system will depend on the length
of time required for repair.
 If the defects are hidden, the faults will be detected during regular checks,
at time interval T.
 It is assumed, that if a fault did occur, it will be likely at any time within the
time interval T.

If the system is unavailable for a certain time period between interval time
(T), then fraction of time (FDT) is:
Tunavailable can be determined from the failure probability P between tests:
So that,
For µ.T << 1  and FDT can be simplified into:
Aim:
FDT ↓ , through µ ↓ and/or T ↓
Remember that: HR = D . FDT
What about demand (D)…??
Quantitative safety
analysis methods will
provide the number of
Demand (D)
Quantitative safety analysis
• Fault Tree Analysis (FTA)

Is a deductive method for identifying and analyzing ways in which
hazards can lead to accidents.
The approach is done in two ways, top-down and bottom-up.
FTA starts with top-down analysis, beginning by the identification of
a top event (an accident), and works backward toward the scenario
that can cause the accident. Quantification is done bottom-up
subsequently.
Logical connectors are used to connect the minor events, so that
they eventually lead to the top event.

Logical connectors or gates
“OR” “AND”
The resulting output event requires

OR gates the occurrence of any individual
input event
Te resulting output event requires
AND gates the simultaneous occurrence of all
input events

Logical connectors or gates
“OR” PA or PB Pout = PA +PB
FA or FB Fout = FA +FB
PA or FB not allowed
“AND” PA and PB Pout = PA . PB

FA and FB not allowed
PA and FB Fout = PA . FB
P = probability, F = frequency
This reactor contains a high-pressure alarm to alert the operator in
the event of dangerous reactor pressures. It consists of a pressure
switch within the reactor connected to an alarm light indicator. For
additional safety an automatic high-pressure reactor shutdown system
is installed. This system is activated at a pressure somewhat higher
than the alarm system and consists of a pressure switch connected to
a valve in the reactor feed line. The automatic system stops the flow
of reactant in the event of dangerous pressures.
Calculate:
The system overall failure probability (P), failure rate (µ) and system
reliability (R).
Construction of a fault tree:
• Event Tree Analysis (ETA)

Event tree begins with an initiating event and works toward the final
result.
ETA helps in configuring safety concept in the plant and to see what
happens if the safety equipment fails and what the probability of the
outcome.
Typical steps:
1. identify an initiating event of interest
2. identify the safety functions designed to deal with the initiating
event
3. construct the event tree
4. describe the resulting accident event sequences
• Event Tree Analysis (ETA)

A safety function can either be functional or not functional
HUMAN FACTORS
Some facts about accidents
• The frequency of
technological failures has
started to diminish, the
role of HF has become
more apparent
• Overestimation of human
capability to adapt
• Unawareness of the
importance of interaction
between many factors
Paradigm shift about causes of accidents
Engineering and
hardware improvements
Number of Accidents
Safety Management Systems

and Procedures
Human Factor
Time
What is Human Factors?
• The term Human Factors (HF) corresponds to the interface between

the scientific knowledge of human, facilities and procedural or
managerial system, that can lead either to better or poorer system
efficiency, safety and reliability.
• “HF is the environmental, organizational and job factors, and human
and individual characteristics which influence behavior at work in a way
which can influence health and safety (HSE, 1999)”
• “HF is the interaction of individuals with each other, with facilities and
equipment and with management system (OGP, 2005)”
Man-Machine-System
Performance Influencing Factors (PIFs)

Plant Design
(Facilities)
Management Operator
Systems (Human)
Latent Conditions Active Errors

(Errors)
Accident
Goals of Human Factors (HF)
• Construction of a plant where

– The potential of human failure is reduced
– Number of injuries, illness and accidents are reduced
– Production efficiency is improved
• Reduction of cost implications due to later modification of a plant
or plant improvement
• Ensuring that injuries and accidents can also be avoided during
construction of the plant
2.)
Cost of accidents
LWC (lost workdays cases) 27,000 €
Fatality 750,000 €
Cost of accidents 3.)
Total cost of accident 3-7 times the direct

loss costs (replacement value of equipment)
2.) European Safety Consultants
3.) International Process Safety Group
Cost of a major accident Yr 2000:
2 fatalities; 50 million $ direct;
5 months delay of S/U of major site
150 barg steam boiler firebox explosion,

contributing causal factor: HF design
Accident addressing HF: Piper Alpha
• One of the biggest events in the process industries that have

changed the paradigm about HF importance
• The disaster occurred in an oil platform on July 6, 1988
• An explosion burned the whole platform and killed 165 people on
board and 2 emergency personnel, leaving only 59 survivors.
The platform was first constructed in 1976 as an oil platform only, which
was then extended to include gas production.
In the first construction, four modules were located separately by using
firewalls between each module. The safety concept had successfully
brought the most dangerous sections distant from the personnel areas.
The introduction of the new gas conversion part forced the utilization of
the available spaces between the modules, which was previously
intended as a safety barrier.
A safety relief valve at a back-up pump was being overhauled. The
overhaul was extended the next day, and still was not finished at 6 pm.
A permit to work (PTW) was previously prepared, estimating that the
service could have been finished on that day. However, after 6 pm,
another PTW was made noting that operation can be permitted on the
next day. The tube where the relief valve should have been installed was
sealed with a plate.
Long after shift change, the primary pump experienced a disturbance.
Quick decision needed to be made, and this was to switch to back-up
pump.
PTW for this back-up pump was found, unfortunately not the newest one,
but the old one stating that the overhaul was completed.
The plate used for sealing the pipe could not hold the high pressure and
burst at once, causing a release of gas that is ignited immediately and
caused explosion.
• Lessons learned:
1. Permit to work (PTW) system.
2. Communication problem during shift turnover.
3. Insufficient procedure to operate safety system, in this case the
fire pump that had been switched to manual due to the presence
of divers around the platform.
4. Insufficient design of the separating wall of the new module for
gas processing, which was fireproof but not explosion proof.
5. Maintenance problems referring to corrosion.
6. Insufficient emergency response training for personnel, especially
for the new platform.
7. Inadequate design of evacuation line and facility
Performance influencing factors (PIFs)
Insufficient Design and Management system Operator failure
Accidents
Design insufficiency
Methods for Human Factors analysis
• Are aiming to the recognition of possible errors by human operators

during the performance of their work.
• Recognizing and understanding human limitations and the
underlying problems that can force humans to conduct errors is
considered to be the key in avoiding them from happening.
• Unfortunately, revealing these problems is not as trivial as it seems.
• A systematic way is necessary to adequately analyze the interaction
between operators and their working environment.
• Task Analysis (TA)

• is the fundamental approach to identify and analyze every operator
task.
• To initiate the analysis, preliminary plant investigations and
observations must be performed
• technical information (P&IDs, flow-charts), operating manuals,
documents of the local conditions (plant lay-out, map of location)
and personnel information (training, personnel qualification) should
be available.
• Techniques for operator actions analysis

• Several techniques that investigate and observe operator actions
during plant operation were developed
• Aim is to prevail over a deficiency of TA, which is the search for the
causes of human errors.
• By understanding what people must do during performance of their
work, the causes why errors are executed can be recognized.
• Examples of such methods are; Identification in the P&I-Diagram,
Disturbance Compensation Graph and the Bar-Graph Method
(Dalijono, et al., 2004)
• Identification on P&ID
• Disturbance compensation graph

• Bar-graph method
• Enhancement of operator actions analysis
• Normal Operation
Distance Operator Workload
Reactor 2
Level 2
1 2 4
Reactor 1
Level 1
Time
• Enhancement of operator actions analysis
• Abnormal Operation
Distance
3
Reactor 1 Level 2
1 2
Reactor 2 Level 1
Error 1
Consequence 1
Corrective actions
Detection
Error 2
Consequence 2
Time
New method: PITOPA
(Process Industry Tool for Operator Actions Analysis)
Task Analysis
Checklist
No No further
Safety-relevant
task? analysis
Yes
Operator Actions
PIFs Evaluation
Analysis
Questionnaire
Identification of
improvement potentials
Catalogue of improvement
suggestions

2022 Intro To Process and Plant Safety New

Uploaded by

Copyright:

Available Formats

You might also like

2022 Intro To Process and Plant Safety New

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2022 Intro To Process and Plant Safety New

Uploaded by

Copyright:

Available Formats

Plant Safety Operation

ODD SEMESTER 2022

SWISS GERMAN UNIVERSITY

• Learning from accidents

• 1974 Flixborough Explosion (cyclohexane)

1974 1984 2001 2008 2012

Mexico City Corden Pharmachem

1976 1984 2005 2012

Dangerous working atmosphere (hazard

• The fire continued for as long as 10 days

Explosion at the Caribbean Petroleum,

Vinyl Chloride Explosion and Fire,

The gas cloud formed (probably contained many other hazardous,

• MIC (methyl isocyanate – C2H3NO) is an extremely reactive

- Use of a more dangerous pesticide manufacturing method

Test method for flashpoint determination: Abel-Pensky apparatus

Source: Fonds der Chemischen Industrie, Germany;

“flammable liquids” – class I liquids

• OSHA (Occupational Safety and Health Administration)

“combustible liquids” – class II and class III liquids

T Classes Ignition point

• This test is aimed to determine

• The test classifies solids into 6

Smoldering or slow flameless 4 1-amino-8-

Flame or fire Rapid burn or slow and steady 5 Sulfur

• Is the minimum amount of

• For a discharge to ignite an

OB should be > -200 to be said explosion sensitive/critical

• Other parameters used are:

If any of the above criteria or the oxygen balance of >-200 is

• Impact testing is carried out by dropping a fixed weight onto a

• A substance should also be tested of its sensitivity to

A gas explosion can result in a T > 1000°C and P = (6-10) x Pinitial

• Flammability of gases and vapors lays in a certain range, bordered

• As long as it can be guaranteed that the mixture between fuel gas

Limiting oxygen Air line

1. In the mixture between methane and nitrogen, a minimum

2. If methane is added to a mixture of oxygen and nitrogen, with a

a) Draw the partially and full inerted zones.

• Dust explosion is a fast combustion of dust particles suspended in

• dust has a very large surface area

• Occurred in Kinston, United States, January 29, 2003.

Investigation found that the explosion started in an area known as Automated

• The investigation determined that the explosion happened after

• NFPA 654 warns that a dust layer > 1/32 of an

• Note: The U.S. Chemical Safety Investigation

• Tendency (likelihood) of dust explosion – ignition sensitivity

Test apparatus : - modified Hartmann tube

• Test to determine the

a test is considered positive if

• The 20-l sphere is a standardized

Results obtained from 20-L sphere

Explosion Kst values Characteristic

ATEX Directive (ATmosphere EXplosives) based zones classification:

• In most cases, the decomposition happens with release of energy, and if

• Measurement of the heat

Drawbacks compared to temperature programmed: