|
|
|
xix | |
|
|
|
xxi | |
| Files on the Web Accompanying This Book |
|
xxiii | |
| Acknowledgments |
|
xxv | |
| Foreword |
|
xxvii | |
| Preface |
|
xxix | |
|
|
|
1 | (16) |
|
1.1 Process safety management |
|
|
3 | (1) |
|
1.1.1 Identifying process safety management system deficiencies |
|
|
3 | (1) |
|
1.2 Normalization of deviance |
|
|
4 | (1) |
|
1.3 A strategy for response |
|
|
5 | (2) |
|
1.4 Maintaining organizational memory and a healthy sense of vulnerability |
|
|
7 | (1) |
|
1.5 Risk Based Process Safety |
|
|
8 | (3) |
|
|
|
11 | (1) |
|
|
|
12 | (1) |
|
1.8 Case study - Toxic gas release in India |
|
|
13 | (4) |
|
|
|
17 | (12) |
|
2.1 Incidents do not just happen |
|
|
17 | (1) |
|
|
|
17 | (10) |
|
2.2.1 The difference between incidents and catastrophic incidents |
|
|
18 | (1) |
|
2.2.2 The Swiss cheese incident model |
|
|
19 | (3) |
|
2.2.3 The bonfire incident analogy |
|
|
22 | (1) |
|
2.2.4 The dam incident analogy |
|
|
22 | (1) |
|
2.2.5 The iceberg incident analogy |
|
|
23 | (1) |
|
2.2.6 Incident trends and statistics |
|
|
24 | (1) |
|
2.2.7 Root cause analysis |
|
|
25 | (1) |
|
2.2.8 Multiple root cause theory |
|
|
26 | (1) |
|
2.3 Case study - Benzene plant explosion in China |
|
|
27 | (2) |
|
|
|
29 | (20) |
|
3.1 How does leadership affect culture? |
|
|
29 | (3) |
|
|
|
30 | (1) |
|
3.1.2 Operational discipline |
|
|
30 | (1) |
|
3.1.3 Process safety culture |
|
|
31 | (1) |
|
3.1.4 Process safety versus occupational safety |
|
|
31 | (1) |
|
3.2 The leadership and culture related warning signs |
|
|
32 | (15) |
|
3.2.1 Operating outside the safe operating envelope is accepted |
|
|
33 | (1) |
|
3.2.2 Job roles and responsibilities not well defined, confusing, or unclear |
|
|
34 | (1) |
|
3.2.3 Negative external complaints |
|
|
34 | (1) |
|
3.2.4 Signs of worker fatigue |
|
|
35 | (1) |
|
3.2.5 Widespread confusion between occupational safety and process safety |
|
|
35 | (1) |
|
3.2.6 Frequent organizational changes |
|
|
36 | (1) |
|
3.2.7 Conflict between production goals and safety goals |
|
|
37 | (1) |
|
3.2.8 Process safety budget reduced |
|
|
37 | (1) |
|
3.2.9 Strained communications between management and workers |
|
|
37 | (1) |
|
3.2.10 Overdue process safety action items |
|
|
38 | (1) |
|
3.2.11 Slow management response to process safety concerns |
|
|
39 | (1) |
|
3.2.12 A perception that management does not listen |
|
|
39 | (1) |
|
3.2.13 A lack of trust in field supervision |
|
|
39 | (1) |
|
3.2.14 Employee opinion surveys give negative feedback |
|
|
40 | (1) |
|
3.2.15 Leadership behavior implies that public reputation is more important than process safety |
|
|
40 | (1) |
|
3.2.16 Conflicting job priorities |
|
|
41 | (1) |
|
3.2.17 Everyone is too busy |
|
|
41 | (1) |
|
3.2.18 Frequent changes in priorities |
|
|
42 | (1) |
|
3.2.19 Conflict between workers and management concerning working conditions |
|
|
42 | (1) |
|
3.2.20 Leaders obviously value activity-based behavior over outcome-based behavior |
|
|
42 | (1) |
|
3.2.21 Inappropriate supervisory behavior |
|
|
43 | (1) |
|
3.2.22 Supervisors and leaders not formally prepared for management roles |
|
|
43 | (1) |
|
3.2.23 A poorly defined chain of command |
|
|
44 | (1) |
|
3.2.24 Workers not aware of or not committed to standards |
|
|
44 | (1) |
|
3.2.25 Favoritism exists in the organization |
|
|
45 | (1) |
|
3.2.26 A high absenteeism rate |
|
|
45 | (1) |
|
3.2.27 An employee turnover issue exists |
|
|
45 | (1) |
|
3.2.28 Varying shift team operating practices and protocols |
|
|
46 | (1) |
|
3.2.29 Frequent changes in ownership |
|
|
46 | (1) |
|
3.3 Case study - Challenger space shuttle explosion in the United States |
|
|
47 | (2) |
|
4 Training and Competency |
|
|
49 | (16) |
|
4.1 What is effective training, and how is competency measured? |
|
|
49 | (2) |
|
4.1.1 Three basic levels of training |
|
|
50 | (1) |
|
4.1.2 Competency assessment |
|
|
51 | (1) |
|
4.2 The training and competency related warning signs |
|
|
51 | (11) |
|
4.2.1 No training on possible catastrophic events and their characteristics |
|
|
52 | (1) |
|
4.2.2 Poor training on hazards of the process operation and the materials involved |
|
|
53 | (1) |
|
4.2.3 An ineffective or nonexistent formal training program |
|
|
53 | (1) |
|
4.2.4 Inadequate training on facility chemical processes |
|
|
54 | (1) |
|
4.2.5 No formal training on process safety systems |
|
|
55 | (1) |
|
4.2.6 No competency register to indicate the level of competency achieved by each worker |
|
|
56 | (1) |
|
4.2.7 Inadequate formal training on process-specific equipment operation or maintenance |
|
|
56 | (1) |
|
4.2.8 Frequent performance errors apparent |
|
|
56 | (1) |
|
4.2.9 Signs of chaos during process upsets or unusual events |
|
|
57 | (1) |
|
4.2.10 Workers unfamiliar with facility equipment or procedures |
|
|
57 | (1) |
|
4.2.11 Frequent process upsets |
|
|
58 | (1) |
|
4.2.12 Training sessions canceled or postponed |
|
|
59 | (1) |
|
4.2.13 Procedures performed with a check-the-box mentality |
|
|
59 | (1) |
|
4.2.14 Long-term workers have not attended recent training |
|
|
60 | (1) |
|
4.2.15 Training records are not current or are incomplete |
|
|
60 | (1) |
|
4.2.16 Poor training attendance is tolerated |
|
|
61 | (1) |
|
4.2.17 Training materials not suitable or instructors not competent |
|
|
61 | (1) |
|
4.2.18 Inappropriate use or overuse of computer-based training |
|
|
62 | (1) |
|
4.3 Case study - Gas plant vapor cloud explosion in Australia |
|
|
62 | (3) |
|
5 Process Safety Information |
|
|
65 | (14) |
|
5.1 Critical information to identify hazards and manage risk |
|
|
65 | (1) |
|
5.2 The process safety information related warning signs |
|
|
66 | (10) |
|
5.2.1 Piping and instrument diagrams do not reflect current field conditions |
|
|
67 | (1) |
|
5.2.2 Incomplete documentation about safety systems |
|
|
68 | (1) |
|
5.2.3 Inadequate documentation of chemical hazards |
|
|
69 | (1) |
|
5.2.4 Low precision and accuracy of process safety information documentation other than piping and instrument diagrams |
|
|
70 | (1) |
|
5.2.5 Material safety data sheets or equipment data sheets not current |
|
|
70 | (1) |
|
5.2.6 Process safety information not readily available |
|
|
71 | (1) |
|
5.2.7 Incomplete electrical / hazardous area classification drawings |
|
|
72 | (1) |
|
5.2.8 Poor equipment labeling or tagging |
|
|
72 | (1) |
|
5.2.9 Inconsistent drawing formats and protocols |
|
|
73 | (1) |
|
5.2.10 Problems with document control for process safety information |
|
|
74 | (1) |
|
5.2.11 No formal ownership established for process safety information |
|
|
75 | (1) |
|
5.2.12 No process alarm management system |
|
|
75 | (1) |
|
5.3 Case study - Batch still fire and explosion in the UK |
|
|
76 | (3) |
|
|
|
79 | (18) |
|
6.1 Safe and consistent operation |
|
|
79 | (2) |
|
6.2 The procedure related warning signs |
|
|
81 | (14) |
|
6.2.1 Procedures do not address all equipment required |
|
|
81 | (1) |
|
6.2.2 Procedures do not maintain a safe operating envelope |
|
|
82 | (1) |
|
6.2.3 Operators appear unfamiliar with procedures or how to use them |
|
|
83 | (1) |
|
6.2.4 A significant number of events resulting in auto initiated trips and shutdowns |
|
|
84 | (1) |
|
6.2.5 No system to gauge whether procedures have been followed |
|
|
85 | (1) |
|
6.2.6 Facility access procedures not consistently applied or enforced |
|
|
86 | (1) |
|
6.2.7 Inadequate shift turnover communication |
|
|
87 | (1) |
|
6.2.8 Poor quality shift logs |
|
|
88 | (1) |
|
6.2.9 Failure to follow company procedures is tolerated |
|
|
88 | (1) |
|
6.2.10 Chronic problems with the work permit system |
|
|
89 | (2) |
|
6.2.11 Inadequate or poor quality procedures |
|
|
91 | (1) |
|
6.2.12 No system for determining which activities need written procedures |
|
|
92 | (1) |
|
6.2.13 No established administrative procedure and style guide for writing and revising procedures |
|
|
93 | (2) |
|
6.3 Case study - Nuclear plant meltdown and explosion in the Ukraine |
|
|
95 | (2) |
|
|
|
97 | (20) |
|
7.1 Systematic implementation |
|
|
97 | (2) |
|
7.2 The asset integrity related warning signs |
|
|
99 | (15) |
|
7.2.1 Operation continues when safeguards are known to be impaired |
|
|
100 | (1) |
|
7.2.2 Overdue equipment inspections |
|
|
100 | (1) |
|
7.2.3 Relief valve testing overdue |
|
|
101 | (1) |
|
7.2.4 No formal maintenance program |
|
|
102 | (1) |
|
7.2.5 A run-to-failure philosophy exists |
|
|
102 | (1) |
|
7.2.6 Maintenance deferred until next budget cycle |
|
|
103 | (1) |
|
7.2.7 Preventive maintenance activities reduced to save money |
|
|
103 | (1) |
|
7.2.8 Broken or defective equipment not tagged and still in service |
|
|
103 | (1) |
|
7.2.9 Multiple and repetitive mechanical failures |
|
|
104 | (1) |
|
7.2.10 Corrosion and equipment deterioration evident |
|
|
105 | (1) |
|
7.2.11 A high frequency of leaks |
|
|
105 | (1) |
|
7.2.12 Installed equipment and hardware do not meet good engineering practices |
|
|
106 | (1) |
|
7.2.13 Improper application of equipment and hardware allowed |
|
|
107 | (1) |
|
7.2.14 Facility firewater used to cool process equipment |
|
|
107 | (1) |
|
7.2.15 Alarm and instrument management not adequately addressed |
|
|
108 | (1) |
|
7.2.16 Bypassed alarms and safety systems |
|
|
108 | (1) |
|
7.2.17 Process is operating with out-of-service safety instrumented systems and no risk assessment or management of change |
|
|
109 | (1) |
|
7.2.18 Critical safety systems not functioning properly or not tested |
|
|
109 | (1) |
|
7.2.19 Nuisance alarms and trips |
|
|
110 | (1) |
|
7.2.20 Inadequate practices for establishing equipment criticality |
|
|
110 | (1) |
|
7.2.21 Working on equipment that is in service |
|
|
111 | (1) |
|
7.2.22 Temporary or substandard repairs are prevalent |
|
|
111 | (1) |
|
7.2.23 Inconsistent preventive maintenance implementation |
|
|
112 | (1) |
|
7.2.24 Equipment repair records not up to date |
|
|
112 | (1) |
|
7.2.25 Chronic problems with the maintenance planning system |
|
|
113 | (1) |
|
7.2.26 No formal process to manage equipment deficiencies |
|
|
113 | (1) |
|
7.2.27 Maintenance jobs not adequately closed out |
|
|
114 | (1) |
|
7.3 Case study - Refinery naphtha fire in the United States |
|
|
114 | (3) |
|
8 Analyzing Risk and Managing Change |
|
|
117 | (22) |
|
|
|
117 | (4) |
|
8.1.1 Hazard identification and risk analysis |
|
|
117 | (1) |
|
8.1.2 The definitions of hazard and risk |
|
|
117 | (2) |
|
8.1.3 Management of change |
|
|
119 | (1) |
|
8.1.4 What is your role in risk management? |
|
|
120 | (1) |
|
8.2 The risk analysis and management of change related warning signs |
|
|
121 | (11) |
|
8.2.1 Weak process hazard analysis practices |
|
|
122 | (1) |
|
8.2.2 Out-of-service emergency standby systems |
|
|
123 | (1) |
|
8.2.3 Poor process hazard analysis action item follow-up |
|
|
123 | (1) |
|
8.2.4 Management of change system used only for major changes |
|
|
124 | (1) |
|
8.2.5 Backlog of incomplete management of change items |
|
|
124 | (1) |
|
8.2.6 Excessive delay in closing management of change action items to completion |
|
|
124 | (1) |
|
8.2.7 Organizational changes not subjected to management of change |
|
|
125 | (1) |
|
8.2.8 Frequent changes or disruptions in operating plan |
|
|
125 | (1) |
|
8.2.9 Risk assessments conducted to support decisions already made |
|
|
126 | (1) |
|
8.2.10 A sense that we always do it this way |
|
|
126 | (1) |
|
8.2.11 Management unwilling to consider change |
|
|
127 | (1) |
|
8.2.12 Management of change item review and approval lack structure and rigor |
|
|
127 | (1) |
|
8.2.13 Failure to recognize operational deviations and initiate management of change |
|
|
128 | (1) |
|
8.2.14 Original facility design used for current modifications |
|
|
128 | (1) |
|
8.2.15 Temporary changes made permanent without management of change |
|
|
128 | (1) |
|
8.2.16 Operating creep exists |
|
|
129 | (1) |
|
8.2.17 Process hazard analysis revalidations are not performed or are inadequate |
|
|
129 | (1) |
|
8.2.18 Instruments bypassed without adequate management of change |
|
|
129 | (1) |
|
8.2.19 Little or no corporate guidance on acceptable risk ranking methods |
|
|
130 | (1) |
|
8.2.20 Risk registry is poorly prepared, nonexistent, or unavailable |
|
|
131 | (1) |
|
8.2.21 No baseline risk profile for a facility |
|
|
131 | (1) |
|
8.2.22 Security protocols not enforced consistently |
|
|
132 | (1) |
|
8.3 Case study - Cyclohexane explosion in the UK |
|
|
132 | (7) |
|
|
|
139 | (10) |
|
9.1 Audits support operational excellence |
|
|
139 | (2) |
|
9.1.1 Audit team characteristics |
|
|
139 | (1) |
|
9.1.2 Internal and external audits |
|
|
140 | (1) |
|
|
|
140 | (1) |
|
9.1.4 Addressing audit results |
|
|
141 | (1) |
|
9.2 The audit related warning signs |
|
|
141 | (6) |
|
9.2.1 Repeat findings occur in subsequent audits |
|
|
142 | (1) |
|
9.2.2 Audits often lack field verification |
|
|
142 | (1) |
|
9.2.3 Findings from previous audits are still open |
|
|
143 | (1) |
|
9.2.4 Audits are not reviewed with management |
|
|
143 | (1) |
|
9.2.5 Inspections or audits result in significant findings |
|
|
144 | (1) |
|
9.2.6 Regulatory fines and citations have been received |
|
|
144 | (1) |
|
9.2.7 Negative external complaints are common |
|
|
145 | (1) |
|
9.2.8 Audits seem focused on good news |
|
|
145 | (1) |
|
9.2.9 Audit reports are not communicated to all affected employees |
|
|
146 | (1) |
|
9.2.10 Corporate process safety management guidance does not match a site's culture and resources |
|
|
146 | (1) |
|
9.3 Case study - Chemical warehouse fire in the UK |
|
|
147 | (2) |
|
10 Learning from Experience |
|
|
149 | (14) |
|
10.1 Methods for continuous improvement |
|
|
149 | (2) |
|
10.1.1 Incident investigation |
|
|
149 | (1) |
|
10.1.2 Measurement and metrics |
|
|
150 | (1) |
|
10.1.3 External incidents |
|
|
150 | (1) |
|
10.1.4 Management review and continuous improvement |
|
|
150 | (1) |
|
10.2 The learning from experience warning signs |
|
|
151 | (8) |
|
10.2.1 Failure to learn from previous incidents |
|
|
151 | (1) |
|
10.2.2 Frequent leaks or spills |
|
|
152 | (1) |
|
10.2.3 Frequent process upsets or off-specification product |
|
|
153 | (1) |
|
10.2.4 High contractor incident rates |
|
|
153 | (1) |
|
10.2.5 Abnormal instrument readings not recorded or investigated |
|
|
154 | (1) |
|
10.2.6 Equipment failures widespread and frequent |
|
|
154 | (1) |
|
10.2.7 Incident trend reports reflect only injuries or significant incidents |
|
|
155 | (1) |
|
10.2.8 Minor incidents are not reported |
|
|
155 | (1) |
|
10.2.9 Failure to report near misses and substandard conditions |
|
|
156 | (1) |
|
10.2.10 Superficial incident investigations result in improper findings |
|
|
156 | (1) |
|
10.2.11 Incident reports downplay impact |
|
|
157 | (1) |
|
10.2.12 Environmental performance does not meet regulations or company targets |
|
|
158 | (1) |
|
10.2.13 Incident trends and patterns apparent but not well tracked or analyzed |
|
|
158 | (1) |
|
10.2.14 Frequent activation of safety systems |
|
|
159 | (1) |
|
10.3 Case study - Space shuttle Columbia incident in the United States |
|
|
159 | (4) |
|
11 Physical Warning Signs |
|
|
163 | (12) |
|
11.1 The everyday things matter |
|
|
163 | (1) |
|
11.2 The physical warning signs |
|
|
164 | (8) |
|
11.2.1 Worker or community complaints of unusual odors |
|
|
164 | (1) |
|
11.2.2 Equipment or structures show physical damage |
|
|
164 | (1) |
|
11.2.3 Equipment vibration outside acceptable ranges |
|
|
165 | (1) |
|
11.2.4 Obvious leaks and spills |
|
|
165 | (1) |
|
11.2.5 Dust buildup on flat surfaces and in buildings |
|
|
166 | (1) |
|
11.2.6 Inconsistent or incorrect use of personal protective equipment |
|
|
167 | (1) |
|
11.2.7 Missing or defective safety equipment |
|
|
168 | (1) |
|
11.2.8 Uncontrolled traffic movement within the facility |
|
|
168 | (1) |
|
11.2.9 Open and uncontrolled sources of ignition |
|
|
169 | (1) |
|
11.2.10 Project trailers located close to process facilities |
|
|
169 | (1) |
|
11.2.11 Plugged sewers and drainage systems |
|
|
169 | (1) |
|
11.2.12 Poor housekeeping accepted by workers and management |
|
|
169 | (1) |
|
11.2.13 Permanent and temporary working platforms not protected or monitored |
|
|
170 | (1) |
|
11.2.14 Open electrical panels and conduits |
|
|
170 | (1) |
|
11.2.15 Condensation apparent on inner walls and ceilings of process buildings |
|
|
170 | (1) |
|
11.2.16 Loose bolts and unsecured equipment components |
|
|
171 | (1) |
|
11.3 Case study - Resin plant dust explosion in the Unites States |
|
|
172 | (3) |
|
|
|
175 | (12) |
|
12.1 Actions that you can take now for each warning sign |
|
|
176 | (1) |
|
12.1.1 Periodic employee participation in analyzing warning signs |
|
|
176 | (1) |
|
12.1.2 Use the warning signs as part of your next process safety audit |
|
|
177 | (1) |
|
12.2 A simple plan to consider for rigorous implementation and follow-up |
|
|
177 | (3) |
|
12.2.1 Perform an initial warning signs survey |
|
|
177 | (1) |
|
12.2.2 Build warning sign analysis into your management system |
|
|
178 | (1) |
|
12.2.3 Use the new system and track related action items |
|
|
178 | (1) |
|
12.2.4 Evaluate effectiveness in the next compliance audit |
|
|
179 | (1) |
|
12.2.5 Maintain vigilance against recurring warning signs |
|
|
179 | (1) |
|
|
|
180 | (3) |
|
|
|
180 | (1) |
|
|
|
181 | (1) |
|
|
|
181 | (1) |
|
12.3.4 Using incident warning signs for operations leader training |
|
|
182 | (1) |
|
|
|
183 | (1) |
|
|
|
183 | (1) |
|
12.5 Case study - Oil platform explosion and fire in the North Sea |
|
|
183 | (4) |
| Appendix A Incident Warning Sign Self-Assessment Tool |
|
187 | (12) |
| Appendix B Composite List of Catastrophic Incident Warning Signs |
|
199 | (6) |
| References and Selected Regulations |
|
205 | (8) |
| Acronyms and Abbreviations |
|
213 | (2) |
| Glossary |
|
215 | (6) |
| Index |
|
221 | |
