Inherent Safety in Process Design

Basic Concepts

  • Definition of Inherent Safety: Implementation of designs that eliminate hazards, negating the need for external safety systems (extrinsic safety).

  • Examples of Inherent Safety Strategies:
      - Avoidance of highly toxic, flammable, or sensitive materials.
      - Strategic placement of equipment in hazard-mitigated locations.
      - Operating under mild conditions (temperatures and pressures).
      - Designing systems that provide sufficient degrees of freedom.

  • Timing of Safety Consideration: Must be integrated into early, conceptual design stages and revisited post-final design adjustments.

The Bhopal Disaster

  • Incident Overview:
      - Location: Bhopal, India.
      - Year: 1984.
      - Impact: Thousands killed due to a catastrophic release of methyl isocyanate (MIC).

  • Desired Chemical Reactions:
      1. CH3NH2+COCl2<br>ightarrowCH3N=C=O+2HClCH_3NH_2 + COCl_2 <br>ightarrow CH_3N=C=O + 2HCl
         - Components: Methylamine and Phosgene yielding Methyl Isocyanate.
      2. CH3N=C=O+extbNaphthol<br>ightarrowextOCNHCH3+ext1NaphthylNmethylcarbamate(Carbaryl)CH_3N=C=O + ext{b-Naphthol} <br>ightarrow ext{O-CNHCH}_3 + ext{1-Naphthyl-N-methylcarbamate (Carbaryl)}

  • Undesired Reactions: High potential for undesirable reactions if operating conditions are altered, all of which are exothermic.

  • Design Failures:
      - Poor reaction scheme choice leading to stability issues.
      - Large storage quantities of methyl isocyanate in proximity to populated areas.
      - Operational and structural safety errors amplifying risks; multiple failures often lead to accidents.

Texas City Disaster, 2005

  • Incident Overview:
      - The event involved a raffinate splitter tower being started-up on an isomerization unit.
      - Key Problem: Liquid level and temperature management during startup.

  • Operational Question: How to decrease the liquid level in the tower?
      - Suggested Actions:
        - Add heat while increasing the bottoms flowrate.
        - Noting interaction: Increasing heating and bottoms flow heats the feed.

  • Consequences of Actions:
      - Attempting to create vapor for level reduction led to large bubbles forming which eventually forced liquid out through the vapor exit.
      - Additional risk factors due to inadequate relief equipment and trailing edge site layouts.

Heuristics for Inherent Safety

  1. Material Selection in Process Design:
       - Choosing safe solvents, mass separating agents, reaction media, and reaction intermediates and raw materials.
       - Avoid corrosive, unstable, air-sensitive, or highly toxic materials to minimize leak potential.

  2. Pressure Management:
       - Importance of controlling pressures to prevent vessel rupture.
       - Potential Causes of Rupture:
         - Underpressure situations resulting from blocked vents and excessive vacuum.
         - Chemical reactions within vessels associated with contaminants or temperature deviations.
         - Vessel corrosion leading to structural failure.
         - External collisions impacting vessel integrity.

  3. Control of Ignition Sources:
       - Identification of common sources of ignition in chemical plants, including:
         - Unit operations involving open flames.
         - Layout-induced hazards from vehicles or personnel in flammable zones.
         - Electrical equipment sparking due to static discharge from material movement.

  4. Temperature Deviations Consideration:
       - Factors Contributing to Temperature Changes:
         - Runaway reactions continuing post-shut down.
         - Fire incidents linked to equipment failure in other units.
         - Failures in control elements of heating equipment.
       - Material Consideration: Select material type and thickness designed to withstand worst-case scenarios.

What this lecture is about

This is the Inherent Safety lecture. The core argument is simple and profound: the best way to make a chemical plant safe is to design out the hazard from the beginning — not to add safety systems on top of a dangerous design. That distinction between inherent safety and extrinsic safety is the foundation of everything in this lecture.

Inherent Safety vs Extrinsic Safety — know this cold

Extrinsic safety means you have a hazardous process and you add external systems to manage the danger — pressure relief valves, gas detectors, sprinkler systems, emergency shutdowns. These are reactive — they respond when something goes wrong.

Inherent safety means you design the process so the hazard doesn't exist in the first place. If there's no methyl isocyanate in the plant, it can't leak and kill thousands of people. That's inherent safety in its purest form.

The lecture is very clear that inherent safety must be considered at the early conceptual design stage. Once you've committed to a process chemistry and a plant layout, it becomes extremely expensive or impossible to change the fundamental safety characteristics. This is a critical exam point — safety isn't something you add at the end, it's something you design in from the start.

The four approaches to inherent safety

The lecture gives you four specific design heuristics — these are your exam answers when asked "how do you design an inherently safe plant?"

First — eliminate hazardous materials. If the material doesn't exist in the plant, it cannot leak, react, or harm anyone. In process design you have control over three categories of materials: the solvents and mass separating agents you choose, the reaction intermediates and raw materials you select through your choice of process chemistry, and the materials of construction. Every one of these is a design decision that affects inherent safety.

Second — control pressure carefully. High pressure vessels can rupture catastrophically. Vacuum conditions are equally dangerous and often overlooked. The lecture walks through four ways a simple storage tank can fail: underpressure (when the vent gets blocked and a pump creates a vacuum that collapses the tank roof), unexpected reactions (a contaminant or temperature excursion causes a reaction that generates vapor and overpressures the vessel), corrosion (the vessel wall thins until it fails), and collision (physical impact causes rupture). An exam question might ask you to list ways a storage tank can fail — these four are your answer.

Third — control ignition sources in flammable environments. Common ignition sources include furnaces and fired heaters (permanent open flame ignition sources), layout errors that allow vehicles or smokers into flammable areas, electrical equipment that can spark, and — this is the one people miss — the movement of non-conducting materials including steam can generate static electricity. Static discharge is a real ignition source that engineers must account for.

Fourth — account for temperature deviations in conceptual design. Temperatures in a plant can deviate from design specifications in several ways: runaway reactions that generate more heat than expected, reactions that continue after a supposed shutdown, reactions triggered by contaminants entering the process, fires from other units that heat adjacent equipment, and electrical heating equipment whose control element fails and causes overheating. The design conclusion here is that you must select materials of construction — type and thickness — to withstand the worst-case scenario, not just the normal operating case.

The Bhopal Disaster — understand this deeply

Bhopal, India, 1984 is one of the worst industrial accidents in history. Thousands of people were killed by a release of methyl isocyanate (MIC). This is not just historical trivia — it is the defining case study for inherent safety in chemical engineering.

The process was making Carbaryl, a pesticide. The chemistry involved two steps: first, methylamine reacted with phosgene to produce methyl isocyanate and hydrochloric acid. Second, the methyl isocyanate reacted with beta-naphthol to produce the final product Carbaryl.

The fundamental design problem was that the process required storing large quantities of methyl isocyanate as an intermediate. MIC is extraordinarily toxic — it reacts violently with water, generating heat and toxic byproducts. Under the changed conditions that occurred that night, undesired reactions took place. All of the reactions involved are exothermic, meaning they release heat, which can accelerate further reactions in a runaway scenario.

The lecture asks the exam question directly: "What went wrong from a design standpoint?" The answer is not operator error — it's a design failure on multiple levels. The reaction scheme was a poor choice because it required storing large quantities of a highly toxic intermediate. An inherently safer alternative exists: you could make the MIC on demand and use it immediately, never storing a significant inventory. Or you could find a completely different reaction pathway that doesn't use MIC at all. The plant was also located in or near a residential area, which compounded the consequences enormously. Multiple operational and extrinsic safety failures also occurred, which highlights the lecture's key principle: most accidents happen because of multiple simultaneous failures, not a single cause.

The Texas City 2005 Explosion — understand the engineering

This is more technically complex and tests your understanding of process design degrees of freedom.

A raffinate splitter tower on an isomerization unit was being started up. The liquid level in the tower began to rise and the liquid temperature was too high — a dangerous situation because high liquid level with high temperature can cause the tower to flood.

The normal response to high liquid level is to increase the bottoms flowrate to drain liquid out of the tower. The normal response to high temperature is to reduce heat input. But here's the critical design flaw: the bottoms stream was heat integrated with the feed stream. This means the hot bottoms flowing out of the tower were being used to preheat the incoming feed before it entered the tower.

When operators increased the heating rate AND increased the bottoms flowrate to try to solve the level problem, they inadvertently increased the temperature of the incoming feed because more hot bottoms were flowing through the feed-bottoms heat exchanger. This removed a degree of freedom from the system — you could not independently control the column temperature and the bottoms flowrate because they were coupled through the heat integration.

The operators tried to generate vapor to push liquid out of the tower through the vapor outlet. Eventually a large vapor bubble formed at the base of the column and pushed liquid up and out through the vapor line — a phenomenon called liquid carryover or flooding. This sent a slug of hot flammable liquid out of the system, which ignited.

The broader lessons the lecture draws: heat integration is an efficiency tool but it can remove degrees of freedom from your control system and make the plant harder to operate safely during abnormal situations. The type of relief equipment on the tower was also inadequate. Additionally, the site layout had temporary trailers located too close to the unit, and the people working in those trailers were killed. This connects directly back to the layout safety principles from the P&ID lecture.

The Conclusions — memorize these

The lecture ends with four conclusions that are essentially exam-ready statements:

Safety in chemical processing starts at the conceptual design stage where inherently safe design is considered — not after the design is finalized.

The selection of process chemistry makes a huge impact on inherent safety — Bhopal is the proof of this. A different reaction pathway might have avoided the need for MIC storage entirely.

Unit operations should be designed with efficiency in mind, but sufficient degrees of freedom must be maintained to handle deviations from normal operation — Texas City is the proof of this. The heat integration was efficient but removed the degrees of freedom needed to respond to the startup upset.

Temperatures and pressures must be controlled carefully and safety must be considered the primary factor — not cost, not efficiency, not throughput. Safety first.

Likely exam questions and how to answer them:

"What is the difference between inherent safety and extrinsic safety?" — Inherent safety eliminates the hazard by design. Extrinsic safety adds systems to manage a hazard that still exists. Inherent is always preferred because extrinsic systems can fail.

"When should safety be considered in process design?" — At the earliest conceptual stage, when chemistry and layout decisions are still being made. Changes at this stage are cheap. Changes after detailed design is complete are extremely expensive.

"What were the design failures at Bhopal?" — Poor reaction scheme requiring storage of large quantities of highly toxic MIC, plant sited in or near a residential area, multiple operational failures occurring simultaneously.

"What happened at Texas City and what design principle does it illustrate?" — Heat integration between the bottoms and feed removed a degree of freedom, preventing operators from independently controlling column temperature and bottoms flowrate during an abnormal startup. Illustrates that efficiency features can compromise operability and safety.

"List four ways a storage tank can fail." — Underpressure from blocked vents and pump suction, unexpected reaction from contaminants or temperature excursion, corrosion of vessel walls, physical collision.

"What are common ignition sources in a chemical plant?" — Furnaces, layout errors allowing vehicles or smokers in flammable areas, electrical equipment sparking, static electricity from movement of non-conducting materials including steam.

"What materials can a process designer select to improve inherent safety?" — Solvents and mass separating agents, reaction intermediates and raw materials through choice of process chemistry, materials of construction.

"What design lesson does Texas City teach about degrees of freedom?" — Sufficient degrees of freedom must be maintained in unit operation design to handle deviations from normal operation. Coupling process streams through heat integration reduces operational flexibility and can prevent operators from responding effectively to upsets.

Conclusions

  • Importance of Early Safety Integration: Safety considerations in chemical processing design begin at the conceptual stage.

  • Impact of Process Chemistry: The choice of process chemistry significantly affects the plant's inherent safety.

  • Design Focus: Operational efficiency must be balanced with maintaining adaptable degrees of freedom for handling deviations.

  • Control Over Temperatures and Pressures: Critical for ensuring safety remains the forefront priority throughout design and operation.