CE20223 - Safety and Ethics Flashcards

Question

What are the key ethical aspects when considering leadership and communication?

Answer 1

Promote equality, diversity and inclusion Promote public awareness and understanding of the impact and benefits of engineering achievements Be objective and truthful in any statement made in their professional capacity Challenge statements or policies that cause them professional concern

Answer 2

Honesty and integrity Respect for life, law, the environment and public good Accuracy and rigour Leadership and communication

Answer 3

Consequentialism Deontology (duty ethics) Virtue ethics

Answer 4

Values - lasting matters that people feel should be strived for in general to realise a just society Norms - rules that prescribe what actions are required, permitted or forbidden Virtues - certain type of human characteristic or quality

Answer 5

Consequences of actions are central to the moral judgement of those actions. Utilitarianism actions are judged by the amount of pleasure and pain they bring about - by their ability to benefit a majority. Considers profits and losses / pleasure and pain.

Answer 6

Duty is a better guide to decision making than pleasure. Action is considered morally right if it agrees with a certain moral rule. This rule says ‘you may not lie’ and there are no circumstances under which it is morally right to lie.

Answer 7

An ethical theory that focuses on the nature of the acting person. This theory indicates which good of desirably characteristics people should have or develop to be moral.’ Variant: Aristotle’s (322 – 322 BC) Theory Each moral virtue (character virtue) holds a position of equilibrium and it is the middle course between two extremes of evil E.g. A courageous person will not act as a coward in a dangerous situation, but he/she will also not be reckless and ignore the danger.

Answer 8

A system of norms and values that are universally applicable to everyone, independent of time, place or culture.

Answer 9

Categorical imperative A universal principle of the form “Do A” which is the foundation of all moral judgments in Kant’s view. When judging the morality of an action, it should not lead to a contradiction (self-defeating) Universality principle: First formulation of the categorical imperative: Act only on that maxim which you can at the same time will that it should become a universal law. (1) Assume the action is morally correct when you act on it – (2) Assume that everyone can also follow this norm (universality principle) – (3) will this norm survive? Reciprocity principle Second formulation of the categorical imperative: Act as to treat humanity, whether in your own person or in that of any other, in every case as an end, never as means only.

Answer 10

We can speak of good will if our actions are led by the categorical (= unconditional) norm ( = rule). E.g. If rule says ‘ you may not lie’ there are no circumstances under which it is morally right to lie. Vs. Hypothetical norm A condition norm, that is, a norm which only applies under certain circumstances Criticism: According to Kant all moral laws can be derived from the categorical imperative. Bending rules is not allowed. Do all these laws form an unambiguous and consistent system of norms? What about contradictory norms (e.g. whistle-blowing) Kantian theory (and duty ethics) often elicits the objection that a rigid adherence to moral rules can make people blind to the potentially very negative consequences of their actions

Answer 11

Ford made a cost-benefit analysis to justify actions which showed that total social costs of retrofitting all the cars > social costs of the expected accidents. Objections against utilitarianism: (1) amounts of money attached to different kinds of pain (dead, injuries) seem rather arbitrary (some were based on government documents) (2) Reliability of the estimates (e.g. the number of fatalities) By deciding solely based on considerations of overall welfare or happiness, Ford adopted a policy of allowing a certain number of preventable deaths/injuries. The case reveals abuse because the victims were sacrificed to optimize overall welfare (the ends justify the means). Abandoned the “you cannot put a value on human life” or the freedom principle of Mill. Universality principle: “Ford will market the Ford Pinto, knowing that the car is unsafe and without informing the consumers” Can this become a universal law and be without contradiction? “Marketing unsafe cars without informing the consumers is allowable.” - Loss of customer trust and hence marketing a car would become impossible. Reciprocity principle: Implies respect for people’s moral autonomy in making their own choices - Ford should have informed its consumers about the safety of the Pinto - so they can make an autonomous rational decision on the car purchase. Failing to inform them, the rational agency of the consumer was thus undermined, and they were used as merely a means to achieve Ford’s aim: increasing Ford’s turnover

Answer 12

A tool in structuring and improving moral decisions by making a systematic and thorough analysis of the moral problem, which helps to come to a moral judgement and to justify the final decision in moral terms. 1) Moral problem statement 2) Problem analysis 3) Options for actions 4) Ethical evaluation 5) Reflection Leading to morally acceptable actions

Answer 13

1. State what the problem is 2. State relevant facts 3. State relevant moral values Consider shareholders and their interests, who has to act and the moral nature of the problem.

Answer 14

Black-and-white strategy Cooperation strategy Whistle-blowing strategy

Answer 15

A strategy for action in which only two options for actions are considered: doing the action or not. (Not useful for more complex situations)

Answer 16

The action strategy that is directed at finding alternatives to help solve a moral problem by consulting other stakeholders (can lead to win-win situations)

Answer 17

Going public with the information; used as a last resort strategy as it is quite damaging to both the individual employee and the organization.

Answer 18

You must evaluate the moral acceptability of the various options for action. These judgments need not be the same because different frameworks can result in different preferred options for action in each situation. Based on both formal (based on professional ethics such as codes of conduct and the main ethical theories) and informal moral frameworks (intuitions and common sense) Intuitivist framework: indicate which option for action in your view is intuitively most acceptable and formulate arguments for this statement. Common sense method: weigh the available options for actions in the light of the relevant values. Eg: although making a profit is important, the value that is really at stake is public safety

Answer 19

Hazard and operability (HAZOP) Hazard identification (HAZID)

Answer 20

Risk is a measure of the hazard release potential. It’s the likelihood of something negative happening - Prerequisite: you know/understand the hazard! - Minimise hazard (and risk) through inherently safer design - Minimise release potential through designed and procedural control measures

Answer 21

1) Dow Fire & Explosion Index (F&EI) - Semi-quantitative approach (numerical result). - Output provides an overview of risk exposure and not a specific list of potential deficiencies/hazards. - Can provide estimate of Maximum Probable Property Damage. - Useful in ranking different alternatives. 2) Monod Index - Developed by ICI (Imperial Chemical Industries) after Flixborough. - Based on Dow Index, modified to address wider scope of hazards. - Includes plant layout and separation between hazardous units.

Answer 22

1-60: light 61-96: moderate 97-127: intermediate 128-158: heavy 159 < : severe

Answer 23

A measure of intrinsic rate of energy release due to fire or explosion.

Answer 24

F&EI = MF * F1 * F2 Where MF is the material factor, F1 are the general process hazards and F2 are the special hazards.

Answer 25

``` From NFPA (national fire protection association) ratings. Based on most dominant/highest risk material present. ``` It’s the product of Nf (flammability) * Nr (reactivity) (Non-combustible/stable - MF equals 1 Highly reactive/flammable - MF equal 40)

Answer 26

F1/2 = total number of penalties + 1 1 is the base factor

Answer 27

Loss control credit factor

Answer 28

LCCF = C1 * C2 * C3 Where: C1 considers process control factors C2 considers material isolation factors C3 considers fire protection factors

Answer 29

C1 - Process Control Factors E.g. Emergency power, cooling, computer control, inert gas, hazard analysis, operating Instructions. C2 - Material Isolation Factors E.g. Remote control valves, dump tanks, drainage, interlocks C3 - Fire Protection Factors E.g. Leak detection, steel protection, fire water supply, deluge, foam, monitors, cable protection Loss Control Credit Factor (LCCF) = C1xC2xC3 Individual control factors are in the range 0.9 to 0.99 (For example 5 x control factors @ 0.95 gives a LCCF = 0.77)

Answer 30

Maximum probable property damage. It’s a function of the Dow F&EI index and LCCF

Answer 31

Minimise (E.g. reduce inventories, reduce vessel hold-up, use loop reactor) Substitute (E.g. use non-flammable refrigerants) Moderate (E.g. lower T and P) Simplify

Answer 32

- 28 employees were killed (mostly inside buildings) and 36 injured. - Extensive damage to process plant. - 53 members of public injured and 1800 houses damaged. • Release occurred due to failure of temporary piping/flexible bellows. - A relatively simply bypass had been installed to allow one of the reactors to be taken out of service for repairs.

Answer 33

• Cyclohexane was oxidised to cyclohexanone (a precursor for the manufacture of Nylon) by injecting air in the presence of a catalyst. • The process of oxidation is relatively slow and six stirred reactors were used in series. • Reaction kinetics dictated that the cyclohexane in the reactors should be maintained at 155°C and 9 barg – liquid phase. • When released to atmosphere some of the liquid flashed-off creating a vapour cloud. Adiabatic flash of reactor inventory (100 t) gives ~40 t vapour cloud.

Answer 34

The temporary bypass had not been properly engineered or reviewed. - No engineering drawing prepared and only basic calculations were carried out. - Lack of necessary engineering expertise. - Maintenance team did not recognise that offset piping created bending moment and high shear forces at bellows. • No structured process for reviewing and authorising changes. • Occupied buildings were not blast resistant and were located too close to process areas handling highly flammable material. This could be prevented by double checking calculations

Answer 35

- Low P in tractor caused back-flow of hydrocarbons from the main DC, which escaped into the regenerator and ESP (electrostatic precipitator) - Slide values unable to maintain catalyst barrier to prevent fuel and air from mixing (due to corrosion) - Overpressure caused steam to leak into the air side of the FCC, making it hard to repair - Leaking HX allowed addition of different, light, heated hydrocarbons - Thermal runaway - Poorly installed equipment ``` Ignition source: * ESP Fuel-air mix: * Air continued to move through the ESP * Hydrocarbons leaked to the air side of the reactor ```

Answer 36

Cone roof (CR) tankage Floating roof (FR) tankage

Answer 37

Tank roof is fixed. There is always a vapour space above the liquid level. Used for storing materials at temperature < flash point. (So no vapours for ignition form) Cone roof useful to drain rainwater / snow away, preventing additional weight on tank (if tank were to have flat roof)

Answer 38

Tank roof floats on top of the liquid surface and rises/falls as the liquid level in the tank changes. There is no vapour space between the liquid and the roof. Used for storing materials at temperature > flash point. Not suitable for liquids with TVP (True Vapour Pressure, ASTM D 2879) > 0.9 bara. (Since P above atmospheric would cause the roof to move and tilt, and scratching against the tank wall could create an ignition source)

Answer 39

Liquid overfill Tank Overpressure or vacuum Ignition of flammable vapour space inside tank Tank overheated caused - flammable vapour space/fire - foam over (water heel)

Answer 40

Liquid overfill - use level indicators, secondary containment. (LHA- level high alarm) Tank Overpressure or vacuum - use vent valves Ignition of flammable vapour space inside tank - locate safe distance away from other equipment / ignition sources Tank overheated causing flammable vapour space/fire or foam over (water heel) - high temp alarm or cut-out on tank heater coil

Answer 41

Liquid overfill Tank Overpressure or vacuum Vapour release/fire, causing high vapour pressure material or gas blow through Tank roof sinking Tank fire, causing vulnerability to lightning Rim seal fire Full surface fire (FSF) - (hard to recover from)

Answer 42

Liquid overfill - use level indicators, secondary containment. (LHA - level high alarm) Tank Overpressure or vacuum - use vent valves Vapour release/fire, causing high vapour pressure material or gas blow through - THA (temp high alarm) - LLCO (level cut-off) on upstream tower Tank roof sinking - roof drain - routine operator checks - multiple pontoon roof design - maintenance ``` Tank fire, causing vulnerability to lightning + Rim seal fire + Full surface fire (FSF) - (hard to recover from) (For all three...) - HTA and temp control / cut-off - foam damn - FSF attack strategy ```

Answer 43

The Joule-Thomson (JT) effect is a thermodynamic process that occurs when a fluid expands from high pressure to low pressure at constant enthalpy (an isenthalpic process). If this coefficient is positive, then the fluid cools upon expansion and if it's negative the fluid warms upon expansion.

Answer 44

To store materials that are vapour/gas at atmospheric conditions and too volatile to store in CR or FR tanks.

Answer 45

Above ground sphere Above ground drum (bullet) Mounded drum (bullet)

Answer 46

Liquid Overfill - Three independent level measurements (and safety valve) Tank Overheating (BLEVE from sustained pool fire) - Fixed water spray/deluge, often automatically activated - Fire-proofing - Sloped ground under tank Vapour release/fire - Gas detection/alarm - Water flood (to fill tank rapidly and float LPG up and away from leak site) Sampling and water draw-off - Freeze-proof design

Answer 47

Boiling liquid expanding vapour explosion. Main hazard is due to radiant heat from fire ball (up to 500 m) • When vessel is exposed to fire the metal weakens. As liquid inside the vessel boils-off the vessel wall dry out and metal surface temperature increases - Metal softens, yields and ruptures releasing expanding liquid vapour

Answer 48

Gas and fire detection Emergency Block Valves (EBV) Drencher system Containment area slopes away from sphere Use of mounded drum (inherently safe)

Answer 49

Liquified pressurised gas

Answer 50

An operator was draining water from the sphere to local sewer. * A valve was partially blocked due to hydrate (crystal-like) formation (sub-zero temperature) * Blockage suddenly cleared – valve was still fully open. * Leak ignited 25 min later by car travelling on nearby road (150m) * 90 min after fire started sphere BLEVE occurred * 18 killed; 80 injured

Answer 51

To position the sphere on slopes. Install a series of drainage valves, farther away from the sphere. Some of the valves may remain closed throughout. Drainage system at an angle. (If Fire is ‘taken away’, the BLEVE is stopped/taken away)

Answer 52

Used to store materials that are vapour/gas at normal atmospheric conditions – too volatile to store in CR or FR Tanks Liquefied natural gas, LNG. NBP = - 160 C° Storage container operates at low pressure (typically 0-5 psig) - Tank is insulated - Liquid boils off at a controlled rate due to heat inputs - Vapour is compressed back to liquid and refrigerated * Release of liquid from refrigerated storage does not have same potential for VCE * BLEVE scenario is also not credible • Materials of construction need to be suitable for low operating temperatures (Brittle Facture)

Answer 53

Liquified natural gas

Answer 54

There was a large distribution terminal, occupied by 3 separate companies (Hertfordshire Oil Storage Ltd (HOSL), UK Oil Pipelines Ltd and BP Oil UK Ltd.) Gasoline was released from the HOSL west site The terminal is fed by 3 separate pipelines, and handles gasoline, diesel and jet products The west boundary of the site adjoins an industrial estate The severity of the explosion was much higher than would have been predicted given the low level of confinement. Actual overpressure in open areas of Northgate and Fuji car parks were 0.7-1.0 barg. • Normal scenario for an atmospheric storage tank overfill is fire. • However, there is some past experience of gasoline tank overfill resulting in explosions. - Typically involve large quantity of fuel (>100m3). - In each case wind speed was low (or zero) allowing a large vapour cloud to form. Buncefield explosion appeared to be unique due to apparent lack of obstacles which would induce turbulence and lead to rapid flame propagation. - HSE are carrying out further work involving industry experts

Answer 55

On the evening of 10th December 2005 Tank 912 started to receive a pipeline transfer of gasoline (550m3/h) At approx. 3 am on 11th December, the tank level gauge indicated a static level. However, the tank continued to receive product at the same rate, and the actual level in the tank continued to rise. The tank started to overflow at 0520 and by 0600 approx. 480m3 of gasoline had overflowed into the bund and surrounding area. A vapour cloud had spread approx. 200m from the tank towards the Industrial Estate. At 0601 the first of several explosions occurred causing significant damage to both commercial and residential property in the vicinity. - Fire engulfed over 20 large fuel tanks - 2000 people were evacuated and sections of the adjacent motorway were closed. - 43 people were injured, none seriously (incident occurred early on Sunday morning)

Answer 56

Immediately following the incident the HSE carried out a review and inspection of all Major Hazard sites in the UK to verify that existing standards and best practices were being followed. The release was due to a tank being overfilled – tank was being filled by pipeline ~ 550m3/h. The ignition source was believed to be the electric fire pumps. The tank was fitted with a level instrument, independent LHA and LHCO. * The level instrument had stuck (14 malfunctions had been reported in previous 5 months). * LHCO and alarm did not work - it was not responded to or was disabled? • Evidence that some shifts allowed tank level to exceed ‘high’ and even ‘high-high’ alarm to accommodate pipeline parcel. • Specific HSE Alert issued concerning design and operation of LHA – concern that alarm can be disabled if test lever is inadvertently left in the incorrect position. Believe an aerosol could have formed

Answer 57

Major Incident Investigation Board issued recommendations on Design and Operation of sites storing highly volatile materials. - Provision of independent LHA and automatic overfill protection. - All elements of overfill protective system should be tested (eliminate use of internal floats). - Use of gas detection, CCTV etc. to provide early detection of loss of containment (linked to automated response). - Modified design of new tanks to reduce risk of aerosol/vapour formation in the case of tank overflow. - Industry to share incident/near miss data. - Develop Process Safety indicators.

Answer 58

Explosion severity was far greater than would normally have been expected for a vapour cloud. - A VCE typically results in deflagration (< 1barg overpressure). - Based on damage to cars, drums and lamp posts the max estimated overpressure was 2barg – this would require some form of detonation. Detonation normally requires a confined volume such as inside a building, pipe or vessel. - Evidence suggests that the ignition source was inside the fire pump house. - However, once outside the building the flame front would de-accelerate rapidly. For the flame front to continue to accelerate requires congestion to create turbulence. - Piping, vessels and plant structures have been shown to create deflagration type explosion only. - Tests and analysis have shown that congestion due to trees/shrubs along adjacent lane may have been responsible for the higher overpressures.

Answer 59

Pressure relief valves, PRVs, (spring loaded valve which opens at a given set pressure. Pressure vacuum valves (typically for low pressure systems – use dead weights). ‘U’ seal or dip leg (for low pressure systems – hydraulic head provides fixed backpressure). Bursting disc (thin plate – ruptures at specified pressure).

Answer 60

Closed systems: - Dump tank/scrubber/quench vessel - Flare ring main connected to an elevated flare stack - For older facilities, PRVs are often routed to atmosphere providing material is not liquid phase.

Answer 61

``` Body Blowdown adjustment ring Nozzle Seat disk Disc holder Bonnet Spring Set pressure adjusting screw ``` Spring opens at set differential pressure between inlet and outlet. For relieving pressure that is independent of outlet pressure, use bellows.

Answer 62

Benefits + PRV set pressure for actual device can be tested prior to installation and at routine intervals. + Device should reseat after lifting once pressure has been reduced Disadvantages - Increased risk of blockages due to corrosion products - Valve seat leakage - PRV inlet and outlet pipework pressure drop needs to be low to avoid instability (PRV chatter) - Slower response time (tenths of a second up to > 1 second)

Answer 63

Benefits • Very fast response times (milliseconds); • Less risk of blockage than relief valves • Lower cost to install and maintain • Available in a wide range of materials • No leakage Disadvantages • Non re-closing hence may allow large discharges even when pressure falls below relieving (rupture) pressure • Potential for premature failure due to pressure pulsation, especially if the rupture pressure is close to the operating pressure • Rupture pressure affected by back pressure • Risk of incorrect assembly (upside down) !!! (Ie it would never burst) • Cannot be tested so regularly replaced

Answer 64

American society of mech engineers (ASME): Relieving pressure shall not exceed MAWP (normally DP) by more than: - 3% for fired and unfired steam boilers - 10% for vessels equipped with a single pressure relief device - 16% for vessels equipped with multiple pressure relief devices - 21% for fire contingency EU pressure equipment directive (PED) has a different interpretation: + 10% for all pressurized equipment with DP >0.5 barg, under all circumstances.

Answer 65

``` Issues e.g. • Instrument air failure • Steam failure wide open • Electric power failure • Blocked outlet - operator error • Cooling water failure • Loss of reflux • Tube rupture • External Fire ``` Detailed over pressure contingency analysis needs to be carried out to determine required PRV capacity. - Evaluate credible scenarios and calculate required relief load under these scenarios - EU Pressure Equipment Directive requires that all “foreseeable” causes of overpressure be considered - Two unrelated events (double contingency) are not normally considered

Answer 66

Closed system needs to be sized to handle largest pressure relief demand: - Single largest relief load - Emergency manual depressurisation of reactor systems - Multiple PRD activated due to failure of plant utility (electricity, instrument air, cooling water, steam) Facilities need to be provided to contain any liquid and to scrub or flare any hazardous vapours. Vent/flare stacks need to be sufficiently elevated to ensure good dispersion and should be located away from public areas/process units to minimise exposure of people to radiant heat Liquid seal drum and dip leg arrangement to prevent flash back from flare stack in to flare ring main Alternative to flare isa gas scrubber and atmospheric vent which needs to be available at all times

Answer 67

Used extensively in speciality chemicals and pharmaceuticals industries - Low volume - Facilities sometimes used to produce different grades/products

Answer 68

Potential for rapid thermal decomposition causing deflagration/detonation High bulk temperature can cause material to boil/vaporise. Potential for contents to overpressure and erupt from vessel. Reaction generates high volumes of gas which overpressures the reactor Secondary fire/explosion due to loss of primary containment

Answer 69

Reactive chemistry not fully understood Reactants added in wrong quantities or wrong order Contaminants Inadequate temperature control Poor mixing Inadequate emergency venting facilities Failure to take emergency action in the event of high temperature

Answer 70

Rate of heat production is proportional to volume Natural cooling capacity is proportional to surface area

Answer 71

Literature search, industry experience and laboratory data Conduct calorimetric tests Oxygen balance can help identify whether CXHYOZ compounds could decompose violently CXHYOZ +(2X+Y/2–Z)O->XCO2 +Y/2H2O Oxygen balance = -1600(2X + Y/2 – Z) ÷ MW (High Risk if > -200) From the Heat of Reaction (ΔH) can estimate maximum Adiabatic Temperature Rise (ΔTad) ΔTad = - ΔH/Cp Check if max. temperature is below temperature at which: - Other reactions start to take place (e.g. decomposition) - Reactants boil - Gas evolution occurs

Answer 72

Emergency cooling facilities Chemical inhibitor injection to suppress reaction or poison catalyst Drown-out or quenching - Use an inert medium to quench and dilute the reactants - May need to dump contents to a secondary vessel if insufficient space in reactor Provide adequately sized emergency venting facilities (bursting disc) - Consider hazards of venting reactor to atmosphere and need for scrubber tower/containment facility Protective instrument systems can be used to automate some or all previous control measures Consider Inherently Safer design (e.g.) - Use semi-batch operation, add reactants gradually - Use CSTR - Use smaller reactor volume (e.g. loop type reactor) - Design reactor to withstand worst case temperature/pressure conditions

Answer 73

Elimination - physically remove the hazard Substitution - replace the hazard Engineering controls - isolate people from the hazard Administrative controls - change the way people work PPE - protect the worker with Personal Protective Equipment

Answer 74

BPCS - basic process control system SIS - safety instrumented systems HPS - hardware protective systems SIF - safety instrumented functions

Answer 75

Temperature High Cut-in (THCI) quench/cooling activation for exothermic reactor Level High Cut-out (LHCO) to prevent vessel overfill Furnace Flow Low Cut-out (FLCO) to prevent tube rupture

Answer 76

H = D * F Hazard rate = demand rate * failure of hazard controls ``` Once found, you must consider: • Is this low enough/acceptable? • if not, what are the options? • Independent cut-out? This hazard control would be a safety instrumented function but it too can fail so... • How reliable does it need to be? ```

Answer 77

Safety Instrumented Function (SIF) – monitors a unique process variable or variables and takes a specific action when a prescribed limit is exceeded. Each SIF will have its own availability target defined by the process designer.

Answer 78

Availability Target (AT) – the required reliability of the SIF to manage the risk adequately.

Answer 79

Safety Integrity Level (SIL) – defined availability ranges for standardising protective equipment design and certification

Answer 80

Probability of Failure on Demand (PFD) – the chance that the safety instrumented function will fail when required.

Answer 81

Independent - no point in sharing the same power supply as the basic control system that just failed Fail-safe - if the power or actuating signal fails, system goes to its safe condition. Maintained/Testable - it should be possible and safe to test the function periodically to maintain assurance that it will work on demand. Well documented- future engineers/managers understand what it is protecting and how reliable it needs to be. Essential for future management of change.

Answer 82

Based on max. foreseeable internal pressure/vacuum, unless uneconomic. Pressure Relief Valve (PRV) set at a given margin (e.g. ASME, EU PED) to avoid unnecessary lifting PRV.

Answer 83

Normally based on Max. Operating Temperature (MOT) from Heat and Material Balance. Typically a margin of 10-15°C added to MOT to give DT. DT is also used for piping when assessing thermal stresses from expansion/ contraction. Material strength decreases as temperature increases.

Answer 84

When all the valves / outlets are all closed

Answer 85

The DP is normally set by the pressure source (pump or compressor) shut-in conditions i.e. blocked outlet, zero flow. * Overpressure should be limited by set pressure of PRV protecting the circuit (typically 10% above DP). * Some equipment operated in a batch or semi-continuous manner may have potential to be ‘boxed-in’ (all outlets closed) * Liquid filled equipment can be subjected to high internal pressures due to thermal expansion caused by solar gain or external heat tracing. * Heat exchanger/reboiler tube rupture can expose low pressure side to high pressure fluid. * Equipment that is subjected to vacuum conditions should be identified. * Do not assume that vessel can withstand full vacuum if not specified.

Answer 86

Relief path blocked Safety valve too small or not fitted Oxidiser in system with flammable - new volatile gas components are created that were not expected Inadvertent mixture of reactants Thermal expansion Connected non-design pressure source Design pressure under specified Wrong spec break

Answer 87

Unexpected cooling Composition changes Loss of heating P/V Vent Capacity Inadequate (or plugged) and • Pump out • Rain shower • Ambient temperature/pressure drop

Answer 88

* The maximum feed temperature from upstream unit. * The max. outlet temperature from fired heater or other heating medium. * Max temperature if an upstream heat exchanger (cooler) is bypassed e.g. for maintenance. * Predicted reactor outlet temperature (at “end of run” condition). * Joule-Thomson cooling effect. * Auto-refrigeration due to liquid evaporating/boiling to vapour when pressure is reduced * Solar radiation * Local site min/max ambient temperatures * Especially min temperature e.g. Norway -25°C

Answer 89

External Fire Reaction Runaway Loss of Cooling Pumps/Compressor Energy Loss of Furnace Feed (overheats tubes) Heat Tracing on Idle Line Pyrophoric Materials - Likely to auto-ignite Electrical heating element control not sensing highest temperature Inadvertent Catalysis

Answer 90

Loss of Heating Auto Refrigeration Process Composition Changes Low Ambient Temperatures Hydro testing

Answer 91

A specification break is a point in the piping where the material or flange rating changes, typically at a valve that might be closed • This is allowable if the lower rated section is independently protected from overstress. ``` • Line identification typically must include size, flange class and material (and sometimes the corrosion allowance in mm). ```

Answer 92

As flow increases, frictional pressure drop through the system increases as the square of flow. (System resistance curve) As centrifugal pump flow increases, delivery pressure decreases due to frictional drop within the pump, also as the square of flow (pump head curve). As flow demand on centrifugal pumps increase, the capability of the pump to deliver pressure decreases while the pressure demand increases. With no control valve, the system quickly reaches a single stable flow (at the intersection of the system and pump curves), only dependent on fluid density. With a control valve, maximum flow is approximately the same, but adjustable down to zero.

Answer 93

Hazard and Operability study. A formal systematic method for examining the potential hazards that may arise due to mal-function or mal-operation of individual items of equipment or processes. Identify hazards that can result in SHE consequences. Identify operability issues (e.g. no spare pump, inadequate facilities to isolate and drain equipment for maintenance). It’s aim is to identify hazards, not solve them

Answer 94

They’re best done at front end engineering and design (FEED) stages as changes are less costly. HAZOP is carried out on the P&ID (Process and Instrumentation Drawing) or Flowsheet (less effective).

Answer 95

HAZOP is carried out on the P&ID (Process and Instrumentation Drawing) or Flowsheet (less effective). • The study is carried out by a multi-discipline team of experienced people. - Provides opportunity to explore/brain storm “what could go wrong?” in a systematic way. -The team help to stimulate and build on each other’s ideas and questions. • The P&ID is divided into “nodes”. - Each equipment item within the node is examined in turn. - Guide Words are used to prompt discussion. - The drawing is marked-up to show what has been completed. o Potential concerns are documented. - The role of HAZOP is to identify potential concerns. - Hazard analysis and resolution is a separate follow-up activity (LOPA). - Team can propose a suggested action where this is obvious.

Answer 96

None (no) - no forward (or reverse) flow. E.g. Control valve closes shut or check valve fails to open ``` More of (high) - more of a physical property E.g. More pump discharge head due to higher SG. High tank level due to instrument faults. ``` ``` Less of (low) - less of a physical property E.g. Less flow due to filter blockage. Lowe temperature due to TC failure. ``` Part of - composition of stream is different from what it should be. E.g. reactants added in wrong quantities ``` More than (as well as) - more components present than should be. E.g. water entrained in feed from storage tank. Impurities in feed material. ``` Other than - what else can happen from normal operations. E.g. start-up, shut-down and maintenance

Answer 97

Layers of protection analysis. A semi-quantitative method evaluating the effectiveness of independent protection layers (IPL) in reducing the likelihood/severity of an undesirable event.

Answer 98

Initiating event frequency - expressed in terms of events per year

Answer 99

Independent protection layer. To qualify as an IPL, it must be effective, independent, auditable and documented. They can be passive or active, and each IPL has a PFD Visual checks and warning signs do not qualify as IPLs

Answer 100

Basic process control systems. They’re designed to maintain a process within a defined safe operating window.

Answer 101

Factors which may contribute to the frequency of an event e.g. weather, human occupancy or the probability of ignition of a flammable cloud.

CE20223 - Safety and Ethics Flashcards

(125 cards)