Process safety fundamental - We operate within the limits

The Unseen Guardian of Process Safety: Why "We Operate Within Limits" is Non-Negotiable

A fundamental pillar of process safety, "we operate within limits," is a simple yet profound statement that stands as a critical barrier between safe, reliable production and catastrophic incidents. This principle is not merely a suggestion but a foundational element of a robust safety culture, demanding unwavering commitment from the control room to the boardroom. Lessons gleaned from decades of incident investigations by organizations like the U.S. Chemical Safety Board (CSB) and the AIChE's Process Safety Beacon repeatedly underscore the dire consequences of deviating from established operational boundaries.

This article delves into the core of this process safety fundamental, exploring harrowing lessons from the past, providing a roadmap for effective implementation, and outlining key messages that must be embedded in your operating procedures and monitoring systems.

Echoes from the Past: Lessons from CSB and AIChE Beacon

The chilling reality is that many major industrial accidents can be traced back to a failure to respect operating limits. These are not just numbers on a screen or in a manual; they are the scientifically determined safe operating envelopes for our equipment and processes.

CSB Investigations: A Stark Reminder

Numerous CSB investigation reports serve as grim testaments to the consequences of operating outside of established limits. A recurring theme is the normalization of deviance, where small excursions from safe operating parameters are tolerated until they culminate in disaster.

For instance, investigations into refinery explosions have often revealed that equipment was operated beyond its design life or under conditions that exceeded its metallurgical limits, leading to catastrophic failures. The CSB's investigation into the 2010 Tesoro refinery accident in Anacortes, Washington, highlighted how a heat exchanger failed catastrophically after being subjected to conditions that were not adequately understood or controlled, resulting in the tragic loss of seven lives.

Similarly, investigations have pointed to inadequate definition of safe operating limits for various modes of operation, including startup, shutdown, and idle states. A lack of clarity in these non-routine situations can create a fertile ground for human error and equipment failure.

AIChE Process Safety Beacon: Illuminating the Path Forward

The AIChE's Process Safety Beacon provides invaluable, bite-sized lessons from incidents, many of which touch upon the "operate within limits" principle. Key takeaways include:

• The Peril of Sluggish Controls: A delayed or inadequate response from a control system can allow a process to drift beyond its safe operating limits. This highlights the importance of not only defining limits but also ensuring that the systems designed to maintain them are robust and responsive.

• The Imperative of Functional Safeguards: Safety instrumented systems, relief valves, and other protective devices are the last lines of defense when operating limits are approached or exceeded. The Beacon frequently warns against the dangers of bypassing or disabling these critical safeguards for the sake of production. A culture that tolerates such practices is gambling with safety.

• The Insidious Nature of Aging Facilities: As equipment ages, its safe operating envelope can shrink. Corrosion, erosion, fatigue, and other degradation mechanisms can reduce the margin for error. A proactive approach to managing the integrity of aging infrastructure is paramount to ensuring that operating limits remain valid and respected.

• The Criticality of Situational Awareness: Operators must have a clear understanding of the current state of the process and where it is in relation to its safe operating limits. This requires not only well-designed control system interfaces but also a culture that encourages questioning and a healthy sense of unease when things don't seem right.

From Principle to Practice: Implementing "We Operate Within Limits"

A commitment to operating within limits must be more than a slogan; it requires a systematic and disciplined approach embedded in the very fabric of your process safety management system. Here’s how to translate this principle into tangible actions:

1. Defining and Documenting Safe Operating Limits:

The foundation of operating within limits is a comprehensive and well-documented set of safe operating limits (SOLs) for every process. This involves:

• A Multi-Disciplinary Approach: The determination of SOLs should not be a siloed activity. It requires the collective expertise of process engineers, control system specialists, materials engineers, and experienced operators.

• Considering all Operating Modes: Define limits for normal operation, as well as for transient phases like startup, shutdown, and idle periods. Don't overlook the potential for unique hazards during these non-routine operations.

• A Clear Rationale: For each limit, document the consequences of deviation. What happens if the temperature gets too high? What are the risks of the pressure dropping too low? This "why" is crucial for operator understanding and buy-in.

• Distinguishing Between Normal and Safe Limits: It's essential to define both the normal operating window and the absolute safe operating limits. The latter represents the point at which a process must be shut down to prevent an imminent hazard.

2. Embedding Limits in Operating Procedures:

Operating procedures are the primary tool for communicating how to safely run a plant. To effectively integrate the "operate within limits" principle, your procedures should:

• Clearly State the Limits: Don't bury operating limits in dense paragraphs of text. Use tables, bold formatting, and clear headings to make them stand out.

• Specify Actions for Approaching and Exceeding Limits: Procedures should provide clear, step-by-step instructions for operators to follow when a parameter is approaching or has exceeded its safe operating limit. This removes ambiguity in high-stress situations.

• Include the "Why": Briefly explain the potential consequences of deviating from a specific limit. This reinforces the importance of adherence and builds a deeper understanding of the process hazards.

Example of an Effective SOP Clause:

3.2 Reactor Temperature Control

• Normal Operating Range: 150°C - 160°C

• High Alarm: 165°C

• High-High Alarm/Interlock (Shutdown): 170°C

Consequences of Deviation: Exceeding 170°C can lead to a runaway exothermic reaction, resulting in a rapid increase in pressure and potential vessel rupture.

Operator Action at High Alarm (165°C):

1. Immediately acknowledge the alarm.

2. Verify cooling water flow to the reactor jacket is at its maximum setpoint.

3. If the temperature continues to rise, immediately notify the Shift Supervisor and prepare for a manual shutdown as per procedure SD-101.

3. Vigilant Monitoring and Effective Alarms:

You cannot control what you do not monitor. A robust monitoring and alarm management strategy is essential for maintaining awareness of the process in relation to its limits.

• Meaningful Alarms: Every alarm should be meaningful and require a specific operator action. An "alarm flood" during an upset condition can overwhelm operators and mask the most critical information.

• Prioritization is Key: Not all alarms are created equal. Prioritize alarms based on the severity of the potential consequences and the time available for a response. Critical safety alarms should be distinct and unmistakable.

• Clear and Intuitive Displays: Control system graphics should provide operators with a clear visual representation of the process and its proximity to safe operating limits. Trend displays are invaluable for identifying a process that is drifting towards a limit.

• Regular Review and Rationalization: Periodically review your alarm system to ensure it remains effective. Remove nuisance alarms, adjust setpoints as necessary, and ensure that the system is aligned with the current process hazards.

Key Messages for a Culture of Compliance

To truly embed the "operate within limits" principle, it must be a cornerstone of your safety culture. This requires consistent and clear messaging from all levels of the organization:

• For Operators: "You are the guardians of our operational integrity. Know your limits, respect them, and never hesitate to act when a deviation occurs. Your proactive intervention is our most critical safeguard."

• For Engineers: "Design and maintain our processes with clear and robust operating limits. Provide our operations team with the tools and information they need to succeed in keeping us safe."

• For Leadership: "We will not compromise on safety for the sake of production. We will empower our people to operate within limits, and we will provide the resources and support necessary to do so. A deviation from a safe operating limit is a serious event that will be investigated and learned from."

In conclusion, "we operate within limits" is far more than a catchy phrase. It is a fundamental principle that demands a rigorous and systematic approach to process safety. By learning from the tragedies of the past, diligently implementing robust systems for defining, documenting, and monitoring our operational boundaries, and fostering a culture of unwavering adherence, we can ensure that our facilities operate safely and reliably, protecting our people, the environment, and our communities.