The overall safety of a process depends on multiple layers of protection. Process design features generally considered as the first layer of protection, following other layers of protection as BPCS (basic process control system), ESD (emergency shutdown), alarms with operator intervention, and emergency response plans, etc. Inherent safety in general specifically directed towards process design features. An inherently safer plant is more tolerant of operator errors and abnormal conditions.

The idea of Inherent Safety Design (ISD) began with chemical safety expert Trevor Kletz; and his mission endures with four key principles of ISD, as outlined by the Center for Chemical Process Safety (CCPS):

  • Substitute – If a less hazardous material is available, it should be considered.
  • Minimize – Reduce the quantity of hazardous materials whenever possible.
  • Moderate – Cooler temperatures or lower pressures often can lead to less hazardous conditions.
  • Simplify – By removing unnecessary complexity, processes become more user-friendly and less prone to failure.

Considering Inherent Safety Design (ISD) during a PHA Study (HAZOP)

One of the important objectives of any PHA study is to address the consequences with complete and detailed information, considering both upstream and downstream impact on the process as worst credible case scenario, not just the worst-case scenario. Also, it has been noted that occasionally the PHA team inadvertently overlooks the concept of ISD, and goes too far in addressing the consequence, where in reality that is not the case. It could happen due to several reasons such as incomplete process safety information (PSI), inexperience facilitator and/or team members, unfamiliar with PHA methodology, etc. etc. In simple words, ISD can be define as engineering design features that cannot fail/malfunction or compromised by human error or nature doing operation, such as;

  • Storage capacity – Maximum inventory limited by storage tank size
  • Vessel design for full vacuum conditions
  • Vessel MAWP greater than maximum attainable pressure from the process (but remember that this is temperature dependent)
  • Material selection – Use of non-toxic material vs toxic substitutes

Example - Inherently Safe Design

Consider what happens if level control valve LV-7318 malfunctions closed.

However, the vessel may fill with liquid, an overpressure may not always be credible. If the vessel is designed for 60 kg/cm2g, and the pump moving liquid into the vessel has a maximum (cutoff) pressure of only 50 kg/cm2g, then a vessel overpressure would not be expected.

So, an overpressure may be the worst case, but it is not the worst-credible case. The design of the process determines the consequence that would need to be reviewed. Inherently safe design will reduce the impact of some consequences, and may eliminate others altogether.