Train accident updates
Post Date Jan 20, 2019 11:00 AM
The accident investigation has focus on a number of different issues:
- The mechanism which locks tractor trailors to the rail cars, and how to ensure they work properly. The system is used across Western Europe, and there has been at least one more event involving the locking mechanism.
- Wether the wind measurements on the south side of the bridge are representative of the wind the train is exposed to on the north side - especially when the wind direction is from the north.
- The basis for the wind limits to reduce train speeds and to stop train passage altogether.
We will continue to bring updates on the investigation.
Post Date Jan 03, 2019 04:15 PM
Here about about a little more than one day after the accident the following facts are known: 8 people died in the event, of 16 people hospitalized only 2 remain in hospital. Also is appears a truck trailor with empty beer bottles hit the train and severely damage the left side of the train (the one you can't see on the picture). What remain to be established is why the trailor did not remain on the freight train. From the news coverage part of the investigation appear to focus on how the trailor was attached to the freight car. One cause of the traior being blown of the freight car could be metal fatique. However, finding the exact accident mechanisn will properly require simulations by experts in the pressure dynamics around passing trains.
Source of picture: Jyllandsposten.
Major train accident on Great Belt Bridge in Denmark on a January morning
Post Date Jan 02, 2019 10:30 AM
Police on Fuen in Denmark report about a train on the way towards Copenhagen being hit by items from a freight train passing in the direction of Fuen around 7:30 AM local time. At this all that is know is that several persons have died and other have been seriously injured.
Appearantly the passenger trains was hit by items from the passing freight train resulting in the damage shown. Source of picture: TV2 News on Twitter.
Cause of train accident currently unknown, but strong wind perpendicular to bridge could be a factor in damaging trailors
Post Date Jan 02, 2019 10:30 AM
It is well known, that when trains travelling in opposite directions are passing each other at high speed, then dynamic pressures are created between the two trains. It is possible that strong winds from the north at the time could have combined with the effect of the passing trains to rip appart one or more trailers on the freight train. Source of picture: Jyllandsposten.
Are your button level control loops working correctly?
Post date: Nov 04, 2018 10:35:00 AM
When I joined the process industry as a chemical engineer with some knowledge of process control more than 40 years ago the site had a team of engineers like me, whoes job it was to create higher level control applications on site for a major player in the oil and gas industry. These higher level control applications, e.g. destillation column product quality control, depended on the performance of the button level instrumentation control loops, such as flow control loops and level control loops.
Replacing people with software
In those days part of our job was to tune the lower loops often in collaboration with instrument technicians. Since then most of the team of engineers have gone due to downsizing. So today there are no one to take care of improperly tuned control loops after the commissioning is finished. The result is, at descripted in the PAS webinar, that operators put more loops in manual, which generally give higher variability and hence poorer loop performance. Since the people for loop tuning have been made redundant, it is good news, that you can now get software, that automatically monitor the performance of lower level control loops and recommends improvements. One set of such software tools are ControlWizard and TuneWizard from PAS. However, there are many others, so you may want to read an article in Control Engineering or listen to PAS on-demand webinar on operations risk management here. The above slides are from this webinar.
Know what a safety life cycle is?
Post date: Oct 21, 2018 09:15:00 PM
If after watching this 2 minute long video you can define what a safety life cycle is, then please tell me, by writing to firstname.lastname@example.org . At Safepark we started by defining what WE mean by safety, and particularly process safety.
However, how many times have you listened to someone taking about safety without including af definition of the term in their talk or presentation? How about combined terms, like functional safety?
Are you Safe from Process Incidents?
Post date: Oct 22, 2018 10:00:00 PM
The October issue of "CONTROL" has a feature story headlined "Safe yourself" with the subheading "Use standards and software to achieve process safety". However, the opening message is that in US the current regulations don't do the job of improving safety as well as the goal based European Seveso III directive in the EU.
Several safety consultants, such as Angela Summers of SIS-TECH, argue that currently on the big players such as ExxonMobil, Shell and DowDupont perform safety at the highest level, but insurers are pushing others in the right direction. And a Calgary company have created a Functional Safety Index, which already is being used to indicate ROI of process safety investments.
Read the whole article here: https://www.controlglobal.com/issues/2018/september/ . Read the latest remarks from Dr. Sam Mannan, the director of the Mary Kay O'connor Process Safety Center at Texas A&M University, who past away on September 11, 2018.
A short video intro to HMI
Control Global provides education videos in process control
Post date: Sep 23, 2018 08:45:00 AM
Control Global has started publishing a series of control education videos. Safepark has watch the 4th of these, which gives an introduction to HMI. It is a short just 10 minute video, so very basic. However, it does provide som excellent advice in those 10 minutes. In particular the fact that an emergency shutdown button cannot be replaced with a soft button on a display. Ever!
You can find the other 3 videos on level measurements, flow measurements and industrial networking here. Once Safepark have watched these comments will be added here.
New clamp-on temperature sensors
- can they be used in tower control?
Post date: Oct 4, 2017 10:21:40 AM
At Emerson Global Users Exchange BP reported on a test comparing the new wireless clamp-on pipe temperature sensor with a type K temperature sensor in a thermowell. The test showed the clamp-on sensor measured 5 Deg.F lower than the nearby thermowell thermocouple in the temperature range from 446 Deg.F to 485 Deg.F. A typical type K thermocouple has accuracy of +/- 4 Deg.F. So the observed lower readings from the clamp-on sensor could easily be due to incorrect parameters for either the clamp-on sensor or the thermowell thermocouple. The clamp-on sensor have three parameters: pipe diameter, pipe material and pipe wall thickness. The thermowell thermocouple have nine design inputs.
Having worked quite a bit with tower control both in chemical plants and in academia, it is easy to ask if it would be possible to developed a "clamp-on" sensor for distillation towers to give control engineers a low cost option to monitor the tower temperature profile and use it for advanced process control? Would be nice if some enterprising academics could follow up on this idea.
Don't break your privacy on LinkedIn!
Microsoft tries to protect you email on LinkedIn by the InMail feature to connect with others
Post date: Jun 24, 2017 7:25:31 PM
LinkedIn protect your privacy by not directly exposing your email adress in discussion groups such as HSEQ Professionals, which has more than 130,000 members currently. However, lately some group members have promoted rather simple excel templates they have created in this group. These post look like the one in the picture on the right (identifying information have been removed using GIMP).
Group members are promised an Excel template for creating a funnel chart, if they respond to the post with their email address. In stead of given away you email to the poster (and all other group members) then google the term "excel funnel chart template" or take a look at http://asli.aetherair.co/funnel-charts-excel/ , which has several more elegant suggestions for funnel charts, that the one posted in the LinkedIn group. Then choose the one, that best fit your data.
However, generally LinkedIn is quite good at not showing people your email adress. But by posting your email adress in a response to post, then you break the privacy, which LinkedIn is attempting to create. Similarly LinkedIn protect you from receiving messages form members you are not connected with.
If one google either "how to create funnel chart in excel" or "how to create funnel chart in google sheet" then one get links to numerous posts with instruction on how to create such charts. So I wonder if HSE professionals are so internet illiterate, that they are unable to find simple things on the internet, such as instructions on how to create certain charts? I how that is only the case for the minority 0.15% who responded to the post shown here.Here is a link to a 3 minute video on YouTube, which shows you how to make a funnel chart in Excell: https://youtu.be/c4dSHaKHc_8
Above is another of the same programmers contributions. An audit tracking chart. It shows open, closed and total audits per department, i.e. three bar charts for what could better be shown on a single stacked bar chart. So again, you are better off creating your own charts for reporting HSE data, and protecting your privacy on LinkedIn.
The "human error" during the Oscars
- What we can learn from it!
Post date: Mar 5, 2017 2:21:50 PM
At the Oscars 2017 the wrong movie was at first declared a winner of the best movie award. That turned out to be a mistake. Others would properly call it a human error, because the wrong envelope was handed to one to the two host on the stage in Hollywood. If you are in the latter group, then I suggest using a few minutes to watch a video from Lund University's Human Factors and System Safety department here.
First learning from the Oscars is that, what happened at the Oscars was NOT a human error.
I would classify it as an envelope design error. However, one could also argue, that it was a envelope circulation control error. Maybe it was actually the circulation system, which did not work this time around.
In his blog Steven Shorrock points out, that what happened at The Oscars was essentially the start of the discipline human factors and ergonomics during WWII. More relevant however, is that the design of the envelopes, were such, that it is a surprise, that this has not happened before in the history of The Oscars. On the outside all the envelopes at the Oscars were completely identical. This means if was completely up to the assistancts from PriceWaterhouseCooper to ensure that the correct envelope was handed to the host on the stage. Given the number of envelopes and the fact, that duplicates of each were available the likelihood of a wrong envelope being handed to a host can easily be calculated.
Second learning from the Oscars is that, handing information from one person to another should be analyzed as a transportation system,
where items can e.g. be wrongly delivered. Although the Oscars considered something could happen to the host on stage, their risk assessment did not consider the transportation risk involved in handling the envelopes.
As Steven writes: "Experience of human factors suggests a number of coding methods, e.g. shape, colour, size, that used appropriately, can help to make vital distinctions.", and points out that within the pharma industry both the European Medicines and the UK's National Health Service have developed guidelines for design for patient safety of medication packaging, attached below.
From the outside it appears, the stage host at the Oscars did in some way realize, that he did not have the correct envelope. Since this situation was properly not covered in the rehearsal for the Oscars, the host became uncertain about what to do.
Third learning from the Oscars is that, you should train people on abnormal situation handling
Steven finnish by writing that, for the post part the human in the system is less like a golden Oscar, and more like someone using the abilities of mind and body to connect parts of a system that only work because people make them work. This aspect of human performance in the wild is usually taken for granted. But in the real world, peopel create safety. And for that, they deserve an Oscar.
Could this hazard have been discovered
using a computer assisted HAZOP analysis?
Post date: Jan 28, 2017 8:00:59 PM
Safepark certainly believe the answer to this question is YES. The reason is that MFM models of the unit can easily be developed, and that such models allow the reasoning about causes and consequences of deviations, the results of which would assist HAZOP teams during either a MoC or HAZOP study. A simple model could be developed with less than a days work by an expert in MFM model development.
The video to the left was recently released by the #CSB. A small design change that was performed at the Willams Olefins Plant many years ago to allow a distillation tower to run with just one reboiler instead of two in parallel resulted in 2013 in an #overpressurization and rupture of one of the reboilers. The resulting explosion killed two workers and injure many more. A copy of the CSB Case Study can be downloaded from this page. The above pictures are curtesy of CSB.
The design change resulted in it being possible to isolated the reboiler from its protective safety valve. This hazards was not discovered during a MoC or 3 later PHAs. That different teams of experts did not identify the hazard which caused the explosion in 2013. It would be relatively easy to construct a functional model using multilevel flow modelling (MFM) to investigate possible over-pressure scenarios, and hence identify the hazard, which humans overlooked. Safepark was involved with a Danish research group at DTU, which is working to make computer assisted HAZOP a reality for situations, such as this one.
Decision support requires more than display of info
Post date: Aug 12, 2016 3:47:10 PM
At Safepark we believe, that a decision support aimed at operators in chemical plants and refineries is not just about the display of situation relevant information for the process operators, such as the attached brochures about Foxboro's Evo and GE's Smart Operator appear to suggest. It requires a means for accessing the situation, that the operator is in. And that requires a model of how the process is working and interacting with the automatic control and safety systems, Such a model should not be a simulation model, because in a critical situation, there is little time to have people run simulations and analyse what the mean before an advice is given to the operator. It stead we need a model, which can be used for reasoning about current process situation using live data from the running process in order to suggest actions, which the operator can immediately review and act on.
The necessary models should reflect the functionality of the process and its automatic control and safety systems.Such models can be developed using Multilevel Flow Modeling (MFM) and good process operating knowledge. The MFM models, which are based on fundamental theories of action, have the ability to exhibit the same functional behavior as the actual process and take into account current process status - including trends - arrive at a pertinent advise to the operator.
Intelligent alarm systems
based on understanding of philosophy
Post date: Aug 9, 2016 8:05:52 AM
Safepark is involved in artificial intelligence (AI) as we are involved in the application of Multilevel Flow Modeling (MFM) in connection with the development of alarm systems for complex technical artifacts, such as chemical plants or oil platforms. In this connection some concepts from philosophy is very relevant, such something being observer independent or observer relative. For example a mountain is observer independent, ie. it exist outside the observer. However, things like pain or fear are observer relative, since these don't exist outside the observer feeling them. In this lecture as Google John Searle explains these concepts and others, such as objectivity and subjectivity as well as epistemic and ontological.
Ones you have finished the video posted here, than watch this one from the University of Cologne in Germany about perception and intentionality: https://youtu.be/VddLlnOZIfY (Note: This is a 2 hour long seminar!). However, it may give you a hint about the ability of process operators to focus their attention on a particular part of a complex process schematic during a situation in a control room in a chemical plant or refinery.
20th Anniversary of Suncor Tank Fire
Post date: Jul 20, 2016 7:04:59 PM
Today is the 20th Anniversary of the extinguishing of the Suncor Tank Fire at the Suncor Refinery, Sarnia, Ontario, Canada. The fire was caused by a direct lightning strike on a tank containing a gasoline component. After battling the fire for more than six hours is was successfully extinguished by a coordinated foam attact by several Sarnia Chemical Valley fire departments in just 30 minutes. At the time in July 1996 it was the largest tank fire ever extinguished. Later is was surpassed by a lightning strike during Hurricane Allison in 2001 of an Orion Refinery tank containing gasoline.
Less than a year earlier the Sarnia Chemical Valley Emergency Coordination Organisation (CVECO) simulated the rescue of two men from the top of a tank on fire during their annual disaster simulation exercise. That exercise provide excellent training for the actual event occurring the next summer. The attached conference paper from the the 2004 Loss Prevention and Safety Promotion Symposium in Prague describe the CVECO, which is a cross border emergency response organisation.
Safepark can provide training for your process and design engineers in the use of tools like the Dow Fire & Explosion Index to create facility layouts, which minimize the risk of a fire spreading from one tank to another or from one unit to another. A related tool called the Dow Chemical Exposure Index provide guidance of how close vulnerable community facilities should be from your plant, and what action to take in an emergency.
Do you simulate disasters in your area?
Post date: Apr 10, 2016 5:59:42 PM
Many years ago in the early eigthies,when I was employed as a process control engineer in Sarnia (a city in south-eastern Ontario, Canada), and were working out of a temporary barracks in the Chemical Valley I and most of my colleagues were declared dead during that years Sarnia Area Disaster Simulation. That years disaster simulation involved the release of hydrogen bromide from a facility located a few kilometers south of our offices. Hydrogen Bromide is a heavy gas, which spread along the ground in the prevailing wind direction. The prevailing wind direction at the time for the simulation was from the south, so the spread was simulated by having a man walk from the release site towards the north along the main road Vidal St S. When the alarm sounded shortly after lunch we started putting tape around all the windows in our temporary office building. However, the exercise official declared us dead because they judged the floor of the building not to be air tight.If we had decided to leave the building and drive north, then we would have saved our lives. However, when the alarm sounded we did not know 1) what caused the alarm, 2) where the event was taking place, and hence the chosen action: shelter-in-place.
What did we learn from this exercise? We learned, that also office building at or close to plants need to be equipped with emergency phones, and not just rely on the alarm horns of the plants, which correctly informed us to shelter-in-place. Our shelter was just not good enough.
This kind of exercise is not cheap to arrange. It involve emergency responders from several plants in the area, police activation of traffic control to and form the industrial area, and hence significant loss of work hours at all the involved plants. However, it was judged that this cost was reasonable compared to the potential loss of a real disaster. One of the real benefits were improved collaboration among emergency responders from different plants, police and municipal authorities.
These Sarnia Area Disasters Simulations continue to this day. The above picture was from BlackburnNews.com is from the 2014 simulation. Today the public is informed about an upcoming exercise through the local media, and signs are posted that around the community during the exercise. This is one of the results of an exercise involving a school bus being pierced by an iron bar on the side of the main local highway. That event resulted in the police being unable to place phone calls due to incoming phone calls from concerned parents. Last years exercise involved a tank fire due to a lighting strike. The community actually experienced just that during a thunderstorm in the summer of 1996.
To maximize the benefits of such area wide disaster simulations the objectives of the exercise and the learning goals must be clear. Otherwise, the whole thing is just a waste of time and money.
What to be alarmed about
in your chemical plants and refineries?
Post date: Mar 31, 2016 5:21:41 PM
Alarm systems are integral to the safe operation of chemical plants and refineries. They alerts the operations personel when a plant condition is about to escalate to an undesired situation, such as the fire shown in the picture to the right (Source of picture: www.csb.gov). The fire at Morton International was the result of a so-called run away reaction. A run away reaction in chemical plant or refinery happens, when the energy and / or material balance are significantly off balance.
What to be alarmed about in chemical plants and refineries is usually decided by senior process engineers in collaboration with senior operators. Sometimes equipment vendors provide long lists of things to be alarmed about around the operation of a particular piece of equipment. We call such list c.y.a.-lists, and recommend, that you either ignore them completely - after all the plant and its operation is your responsibility - or at least reduce them from alarm events to just logging events in the secondary control room or the maintenance shop. Otherwise your operators become accustomed to just acknowledging these nuisance alarms. However, the big question is how do senior engineers and senior process operators decide what to be alarmed about in your particular plant or refinery? Most likely the answer will be based on experience! So what happens when your plant involve new technology?
We think a more fundamental approach is needed to decide what to be alarmed about in chemical plants and refineries. If a chemical plant or refinery runs smoothly, then energy and material balances are in balance. That means there is no accumulation of neither energy nor material in your facility. Accumulation of energy and material in a chemical plant or refinery usually occur, then something is not working or functioning as designed. We believe, that this is where functional models such as Multilevel Flow Models - MFM - can help you decide what to be alarmed about and when to be alarmed. A properly designed MFM model of your plant or refinery will allow you to reason about how a deviation moves through your facility until it eventually disturb the ability of the facility to achieve its goal, e.g. producing certain chemicals in certain amounts and purety. The result of reasoning with the MFM model and plant status information will allow your operators to intervene in the process before the deviation has escalated beyond recovery. The MFM model may even be used to arrive at possible actions for counteracting the initial deviation.
Currently we are working closely with researchers and others at leading universities and companies to make these ideas move from research to operations. For more information about this project write to email@example.com.
Should safety be measured?
Post date: Dec 17, 2014 9:23:20 PM
Today Safepark attended a seminar with Erik Hollnagel and Sidney Dekker with the title "Measuring Safety". Erik Hollnagel, who is currently at Syddansk University, opened the show with a presentation titled "Should safety be measured?" about the difference between safety I and safety II. Safety I is what we have been doing for the past 80 years, that is measuring the absence of safety. This is done by counting things, which are easy to count, such as number of fatalities, number of near miss event (a bit more difficult), number of first aids and other such numbers. However, the events behind these numbers clearly indicate the absence of safety. If safety existed, then no one would die or get hurt. Safety II focus on understanding the work being done. This is much more in line with how performance is measured and improved in professional sports. You measure what is happening, and you try to become the best. To me this is much in line with the ideas of Jens Rasmussen, who used to work at RISØ in Denmark, on analyzing work.
Sidney Dekker started by describing the Australian problem, that many top level people spend almost a quarter of their workweek on compliance with regulations. Clearly that leaves less time for making things safer. Much along the same line is was reported earlier this week, that the average hospital department had to deal with thousands of regulations during their daily work. These regulations take time away from focusing on patients and their needs. So too many rules is not just an Australian problem.
What about counting incidents?
Can safety be measured by counting incidents? The opinion of world-leading safety experts Erik Hollnagel and Sidney Dekker were very clear at today's seminar: No! In order to improve safety you need to focus on the work being done and how it is being done. Erik Hollnagel and Sidney Dekker argued that our well-known and widely implemented measurements tend to be misleading and thus an unfortunate waste of the limited resources dedicated to safety. We tend to measure failures rather than successes, and we focus on what we believe to be precursors of accidents, but rarely are. Are there better and more useful ways of measuring safety?
Erik and Sidney does not say, that we should stop doing PHA, HAZOP, FTA and ETA and all that. They just say that in order to improved safety we need to put more focus on the outcome of the work actually being done. To me, that seem to have parallels in the Japanese approach to quality after WWII guided by Deming and Conway. What do you thing?
Programme in Risk and Safety Management
New 2 year M.Sc. program at AAU in Esbjerg
Post date: Feb 13, 2014 6:43:08 PM
Starting this month Aalborg University in Esbjerg, Denmark are accepting enrolment in their new 2 year M.Sc. programme in Risk and Safety Management. The language of instruction is English, and in order to be enrolled in the program you need a relevant bachelor of science or bachelor of engineering degree.
You can read more about the programme on the Aalborg University in Esbjerg homepage at http://www.studyguide.aau.dk/programmes/postgraduate/78503/. Or in the document attached to this note.
Currently Safepark Consultancy is performing a survey of engineering education in Europe with a special focus on process safety elements.
Computers & Chemical Engineering
- most downloaded paper award
Post date: Jun 14, 2014 4:16:26 PM
We have just been informed, that the Editor-in-Cheif Rafiqul Gani and the Publisher Angela Welch of Elsevier's Computers & Chemical Engineering journal that our paper "A functional HAZOP methodology" authored by Netta L. Rossing - currently at FLS, Morten Lind - emeritus professor at DTU, Niels Jensen - owner of Safepark, and Sten Bay Jørgensen - emeritus professor at DTU, was the most downloaded in the period from September 2012 to August 2013.
The work on the functional HAZOP methodology is currently being extended by visiting Chinese Ph.D.-student Jing Wu under the supervision of Gürkan Sin from DTU-Kemiteknik and Morten Lind from DTU-Elektro, and by Ph.D.-student Xinxin Zhang under the supervision of Morten Lind from DTU-Elektro.
Recently Jing Wu presented work on validation of functional models at a World Oil & Gas Conference in Okayama, Japan.
Computers & Chemical Engineering
- also a most cited paper award
Post date: Oct 12, 2013 10:55:24 AM
We have just been informed, that the Editor-in-Cheif Rafiqul Gani and the Publisher Angela Welch of Elsevier's Computers & Chemical Engineering journal have given the award "Most Cited Articles, 2010 - 2012" to the paper "A functional HAZOP methodology" authored by Netta L. Rossing - currently at FLS, Morten Lind - emeritus professor at DTU, Niels Jensen - owner of Safepark Consultancy, and Sten Bay Jørgensen - emeritus professor at DTU.
- The work on the functional HAZOP methodology is currently being extended by visiting Chinese Ph.D.-student Jing Wu under the supervision of Gürkan Sin from DTU-Kemiteknik and Morten Lind from DTU-Elektro.
Prescriptive Process Safety
- US may move away it
Post date: Jul 11, 2013 12:58:08 PM
In a recent hearing in the US Senate Committee on Environment and Public Works related to the ammonium nitrate explosion in West, Texas and the more recent Williams Olefins explosion the chairperson of the US Chemical Safety Board Rafael Moure-Eraso hinted that a changed approach to process safety could be needed in the USA. At the end of his prepared statement he said that the current situation some of the positives are:
- "Following the Chevron refinery fire last year, and acting on CSB recommendations, California is poised to triple the number of dedicated process safety inspectors ... funded by industry fees.
- Another promising approach is the 'safety case' - successfully used in other nations, which insurers say have much lower petrochemical accidents rates than we do.
- Companies identify and commit to follow the best safety standards from around the world, subject to approval and oversight by a competent, well-funded regulator. Many experts believe this is the best safety regime for complex, technological industries, rather than the US system which calls upon a prescriptive and often outdated rule book."
As a past teacher of risk assessment to chemical engineering students at DTU for more than 10 years I can only agreed. However, it is important that the entities given commercial permits to different activities are aware of the risk involved and know when to ask for advice outside ones own organisation. In my view it is the duty of state legislators to ensure that facilities are covered no mater where they locate themselves.
During the course at DTU groups of students should prepare a safety report according to the EU Seveso II directive including aspects such as site selection, and transportation routes for raw materials and products. The object was not to make them experts at HAZOP, FMEA, ETA or any other tool, but to give them a overview of the complexity and bread of preparing a 'safety case' according to the EU Seveso II directive. The course continue to this day, and I know international students are most welcome. It is my experience that multicultural groups add an extra dimensions to the group work by giving students insights into the different regulatory regimes in different countries around the world.
Safepark Consultancy would be most happy to participate in the development of similar courses for chemical engineering students elsewhere or for groups of professionals from industry or regulators.
What is all the fuss about alarms?
Post date: Jun 27, 2013 1:39:22 PM
In recent years we have gotten an updated EEMUA guide on the design, management and procurement of alarm systems and also new ISA standard on Management of Alarm Systems for the Process Industries. Both of these documents recommended, that an individual operator is not exposed to more than 300 alarms per day. But what does 300 alarms per day mean?
300 alarms per day means we are asking an operator to solve potentially 300 unique problems each day. That is 12½ unique problems per hour or approximately 1 new problem every 5 minutes! Who in the world can be expected to cope with that kind of a workload? I am pretty sure that I can't. Unless many of the alarms require little or no analysis - and hence in my view should be handled by the automatic process control system (DCS or SCADA) - the requirements of the recent standard and guideline are in my view insane. Even half these numbers could be too much - just imagine an engineer having to work on a new problem every 10 minutes?
I recall being introduced to a very closely managed approach to alarms on my first job as a computer process control engineer - computer applications engineers, we were called - with a major Canadian integrated oil company. The general philosophy was, that computer process control applications should not generate any alarms, and they should cope with situations such as an online analyzer not being available due e.g. to calibration by the instrument technician without any bothering of the operator. Only when the measurement was unavailable for an extended period should the computer control application hand the situation over to the operator.
I recall days when there was less than one alarm every hour. We were using Honeywell's PMX II process control computers on which is was very easy to implement alarms both on the TDC 2000 image points and on the computer control points. However, that did not result in a large number of alarms because, an alarm required the process engineer to specify the required operator action. Alarms hence were being managed - even without an alarm management application.
So what has happened since these early days of process control computers in the 1980's? My guess is that in many companies the process engineer has been eliminated as a filter of alarms implemented on the DCS or SCADA. This has allowed e.g. equipment vendors to implement alarms on turbines at major power plants - alarms without any required operator action. This should be stopped!
I believe articles such as Kevin Patel's "Managing the Alarms That Manage You" are treating the symptoms in stead of the root cause of too many alarms. However, the ISA standard does provide facility owners with a framework for managing alarms during the whole plant life cycle, just like all other aspects of plant operations.
Who is responsible for safety at work?
The company performing the work is responsible for safety at work. Period!
Post date: Apr 29, 2013 3:18:00 PM
The fireworks seized on Hawaii consisted of so-called cakes - in Denmark they are called firework batteries, and are sold to the general public in the week prior to the New Years celebrations on December 31st, when people greet the new year by a country wide fireworks display during the first half hour after midnight. In Denmark these cakes are sold in either cardboard boxes - like those seized on Hawaii - or wooden boxes, as shown on this picture.Here in Denmark the Danish Working Environment Act is a framework act, which lays down the general objectives and requirements in relation to the working environment. The act aims at preventing accidents and diseases at the workplace and at protecting children and young persons on the labor market through special rules. WEA guidelines give specific direction in many areas, e.g. crane operators. The guidelines are not binding on companies, but the authorities will take no further action if the guidelines have been followed. After the explosion and fire at Seest near Kolding (that event should properly have been referenced in the report) the Danish Working Environment Authority have had increased focus on places manufacturing and/or handling fireworks, and unused firework has to be handled as dangerous waste. In Denmark the unused fireworks is destroyed by NORD on Fuen, but especially dangerous firework is handled by the DoD's EOD. The question has as far as I know never come up, but my guess is that seized firework would be handled by the DoD's EOD.
The CSB investigation report on the explosion and fire at DEI contain 12 recommendations. However, strangely enough none are directed to Donaldson Enterprises, Inc. who ultimately was responsible for the safe disposal of the seized firework. I think that in line with the Baker Report after the BP Texas City event, that at least the CSB should recommend to the board of Donaldson Enterprises, Inc. that the company ensure they have the necessary expertise to handle the contracts into which they enter. Clearly DEI did not have that in the area of fireworks disposal. Sadly enough it appear that the company who lost the bid to DEI did have the necessary expertise.
In CSB's investigation report about the explosion and fire on Hawaii it is never directly stated, that a subcontractor with insufficient knowledge was selected. However, 9 of the 12 recommendations aim to improve the contractor selection process for fireworks disposal. I somehow feel this would be additional work on any subcontractor, and hence increase cost on all disposal subcontracts. In my view a much simpler approach would be to let the subcontractor selection for disposal of dangerous goods, such as firework, be handled by an office in the DoD which has the necessary expertise. This would also be in line with another CSB investigation on recycling of ammunition. As always I am attempting to keep things as simple as possible.
Why do you perform HAZOP?
- Chevron Richmond Refinery did because they had to!
Post date: Apr 26, 2013 9:46:00 AM
Last Monday the Chemical Safety Board (CSB) released a draft report on the pipe rupturing event at Chevrons Richmond Refinery last August. This report is scary reading about a company that goes through the motions, a public inspection service that don't see the problems and company management not listening to either local or corporate experts. The picture of the vapor cloud is courtesy of CSB.
The most surprising is paragraph #57 where a Chevron employee recommended replacement of the pipe, which ruptured last August, in the 2007 turnaround because in had just 4 years life left until it reached refinery throwaway thickness. Unfortunately this employee was to correct about his predictions.
Apparently Chevron perform PHA (HAZOP) just because it has to. One example from the draft report is that the HAZOP of the crude unit did not include corrosion. Another is that Chevron after the rupture event ruched to replace some carbon steel piping in the crude unit without first considering what would be the best replacement material. Or when a unit to remove hydrogen sulfide from the #4-sidecut was removed a MoC was not performed. Neither was a MoC performed when switching to feeding more sulphur rich crudes to the unit.This draft report is also richly illustrated and with many references to relevant literature from both CCPS, API and others. There is a good explanation of abbreviations at the start, and many explanatory footnotes, which makes the report very informative for non-experts. Unfortunately the draft report does not clearly identify the root causes of the release and fire. I hope this will happen in the final report, although it seems clear, that among the root causes are an insufficient mechanical integrity program at the refinery. At another refinery I had the opportunity to visit with a group of university professors about 10 years ago we were told that corrosion measurement points were moved if a particular point did not indicate any corrosion during 3 measurement periods.
The draft report contain 14 (or 20 depending on how one count them) recommendations of which only two are to the company. Of the remaining one is to US EPA and the remaining to authorities in the City of Richmond, the Contra Costa County and the State of California. This distribution of recommendations concerns me. A recommendations usually means that the receiving part have to do some new or extra work. For authorities already under significant economic pressure this is unsustainable. We need to find an approach, to the burden of work after a process safety event is on the company, and not the authorities.
Furthermore any regulation should use shall, and be as broad and general as possible. After all the purpose is simple enough: to ensure no employees or members of the public are harmed by the activities of the company. This is not that different from requiring, that drugs produced and marketed by pharmaceutical companies are safe to use for their intended purpose. After all the purpose of physical design of a refinery is to keep the hydrocarbons inside the process, and the purpose of maintenance is to ensure this continues to be the case.
- Safepark continue to be involved!
Post date: Jan 21, 2013 9:04:52 PM
Safepark continues to be involved in functional modeling and in particular MFM. Last november Niels presented ideas on functional alarm design at the International Workshop on Functional Modelling (IWFM) at DTU. The workshop was attended by about 25 researcher involved in functional modeling - some from as far away as Japan and China.
During the fall part of our involvement centered around the synthesis of inorganic reactions using so-called Solvay circles. More information about the results of this effort should be available later this year.
PDF-files with the abstract of Niels Jensen's contribution and his presentation at IWFM are attached below.
The Cyber Threat
- does the process industry understand it?
Post date: Dec 20, 2012 9:15:57 PM
On December 14th Joe Weiss asked on the Control Global Community pages "Another survey says utilities taking cyber security seriously - really?". The background for the question is the so-callled Aurora Vulnerability, which is a threat to electrical distribution grid reliability, which appearantly can be mitigated by a hardware change in the substations. Joe Weiss is questioning if the utilities have really upgraded their substations.
Some years ago I visited a major hospital and had a tour of their ventilation system. That was quite impressed just by the size of the ventilations channels, and the underpressure generated on the doors to these. However, the system was controlled by standard of-the-shelf hardware which quite conveniently included an internet connection. That internet connected saved the technician for many 100 kilometer trips to fix small operational problems at odd hours of the day and on weekends. They simply connected to the ventilation control hardware using another of-the-shelf product: PC Anywhere. However, at the time a single login was shared among all the technicians. I wonder if this has changed today?
I also wonder how many facilities still use software vulnerable to Stuxnet? Many facilities would require a shutdown to upgrade software on critical hardware. For some that shutdown window has yet to appear. Today I also learned about some malware in the Middle East which erase all non C: partitions on the Windows computers it finds itself on.
Cyber threats are really annoying, since they require you to change how you work on a day to day basis, and you never know if you have stopped anything. For example you may need to establish special procedure for getting data from the process control network to the business network for e.g. performance analysis, design debottleknecking etc.
Have you ever heard about mainframe virus or mainframe malware? Maybe the exist in a laboratory somewhere, but their development and deployment would require Stuxnet like efforts. Have you considered a mainframe solution for your plant? Some did in the 1970's. They are now extending the life of their more than 30 year old investment. That is they have been running the same process control computer for more than 30 years! What other computer systems can provide that length of service?
Today you can actually get a mainframe with one or more extenders. So you naturally place the mainframe in or close to your head office (or other protected environment) and then extenders in each of your major plants. The extender can run both Windows and Linux software. Now the trick is to ensure there is no connections to your extenders except form your process control system - and that this system don't have any direct internet connections. Then there is a safe data channel from the process to the head office mainframe, where the process data could be used for optimization, performance monitoring using complex models, etc. Since the Windows and Linux systems on the extenders are isolated from the internet, there should be no need to regularly patch them with security upgrades.
Well, at the moment there is a small problem with the concept described here: The mainframe and the extender currently have to be rather close to each other. That currently rules out the mainframe solution, but the basic idea of a secure data channel from the process to computers for optimization, etc. could properly be implemented with other means. The concept is based on secure data delivery from plant to user, and no internet connection directly to any part of the process control systems.
Will such a structure eliminated the cyber threat? Only if you can prevent your engineers from using random USB-drives to transport process data away from the process control network. For this to be a reality you would to provide the engineers with another easy means for access to the necessary process data. That I think is possible!
Failure is NOT an option!
- upgrade of DCS on a running plant
Post date: Dec 14, 2012 8:15:04 PM
A recent article on ControlGlobal "DCS Migration: Failure is not an option!" reminded me on a simple upgrade of a Honeywell DCS during my time in the Canadian petrochemical industry. The plant had been running for a number of years using the PMX variant of Honeywells DCS at the time, and our team of control and system engineers at the time had the attitude: if it is not broken, then don't fix it. The result was, that after half dozen years of operation an upgrade of the PMX software had become unavoidable. Unfortunately business was doing well, and there was no window long enough to bring down the computer control system, upgrading and testing the new software and including our local add-ons, and restarting the system with all computer control strategies operational. Failure was not an option.
Since we were in the lucky situation, that the control computer room had enough empty floor space to stage a second PMX computer control system, it was decided to do that. That is to buy a new PMX computer system, install the software including our local patches and our computer control applications on this system, and then do a fast switchover from the old PMX system to the new PMX system. This was successfully done with minimal impact on process operations - except for some temporary postponement of computer control application improvements to after the upgrade.
That was more then twenty years ago. Long since the PMX system have been replaced with current generation Honeywell process control systems.
Bayer CropScience event
- Critical review of CSB report
Post date: Sep 15, 2012 7:25:25 PM
The CSB investigation report into the process safety event at Bayer CropSciences in Institute, WV on August 28, 2008 is quite unusual. As usual it gives event causes and recommendations, but the majority of these are aimed at regulatory issues. You can read the full critique in the attached PDF-file.
This critique is part of our project which look at how learning from the events being investigated by the CSB can be improved. Comments on this and the previous critique of the investigations into the events at DuPont's Belle site, are most welcome. Just write to firstname.lastname@example.org.
- Critical review of CSB report
Post date: Sep 13, 2012 11:30:13 AM
As part of a project concerned with learning from past process safety events Niels have started reading of the latest CSB investigation reports. The first report which has been reviewed as part of this effort is CSB Report No. 2010-6-i-WV from 2011. That is the investigation report form the methyl chloride, oleum and phosgene releases occurring in January 2010 at E I DuPont de Nemours Belle site in the Khanawha Valley near Charleston in West Virginia.
The critical review of this investigation report is attached below. The review contains commendation on good work, and recommendations on how learning from the process safety events through the report could be improved.
Laboratory safety presentation
at conference in Lodz, Poland
Post date: Nov 28, 2011 9:00:23 AM
Last week the 1st International Conference on Modern management standards of Occupational Safety and Health took place in the city of Lodz in central Poland. Niels was invited to give a key note talk on laboratory safety titled "A sandbox - risk assessment in experimental research". The presentations featured forms for risk assessment of chemicals (Chemical APV Form - see below) and risk assessment of experimental setup (Laboratory ExpSetup Risk Assessment - see below). These forms are based on input from industry, and have been used for a number of years in a university environment.
The conference on Wednesday, November 23rd featured simultaneous translation between Polish and English. The first session on day one were "Occupational safety and health management as a system including law regulation and control institutions", which included presentations from the National Labour Inspectorate in Poland on accident prevention and from the University of Lodz on psychosocial threats in the working environment. The second session was "Role of education ub forming proper OSH attitudes" was dominated by presentations from the University of Lodz, while the third session "Psychological and physiological aspects of occupational safety" featured an excellent presentation by professor Teresa Makowiec- Dabrowska from the Nofer Institute of Occupational Medicine.
The second day featured visits to one of two local companies: Sonoco Poland - Packaging Services or Flextronics Logistics Poland. Niels visited Flextronics, which is part of a major international corporation involved in logistics as well as assembly and repear of electronics. The tour of the warehouse showed, that the degree of automation is not as high as in comparable facilities in Denmark and other western European countries. Niels wonders what the long term prospects of such manually operated warehouses are?
The next Conference on Modern management standards of Occupational Safety and Health is planed to take place on 17. - 18. September 2013 in Lodz, Poland. Further information at www.mordernsafetystandards.com.
Process Safety Competence
Presentations at special session at ECCE-8
Post date: Oct 7, 2011 7:37:55 PM
The two day special session on "Process safety competence - European strength degrading to weakness" at ECCE-8 in Berlin included the following presentations:
- "Avoiding accidents - process safety competence could make the difference" was the title of the keynote by Dr. Mauel Gomez, who is director of recommendation at the US Chemical Safety Board in Washington, DC.
- "Competence - concepted introduction form a pedagogic and scientific point of view" was the title for the first presentation delivered by professor P Dehnbostel from the Helmut Schmidt University in Hamburg.
- "Universities teaching process and plant safety - the European map" was the second presentation by Niels Jensen from Slangerup, Denmark.
- "Process and plant safety - ProcessNet's curriculum recommended to universities" was the titel of J. Schmidt presentation after lunch. Dr. Schmidt is with BASF in Ludwigshafen and Karlsruhe Institute of Technology.
- "Safety competence - key insights from a study of the Dutch situation" was the titel of Dr. Hans Pasman's presentation. Dr. Pasmas represented the Council of Harzardous Substances due to be disbanded by the government in the following week.
- "How to achieve high quality teaching in higher education? General approaches applied to the field of process and plant safety" was the titel of professor J. Steinbach's presentation. Dr.Steinbach is with the Technical University of Berlin.
- "Leading form the top in making process safety competence a reality" was the titel of talk delivered by Lee Allford of the EPSC on behalf of Dr. D. Brown of the Institution of Chemical Engineers in Rugby, UK.
- "Process safety competence management" was the titel of the first presentation after the coffee break by Dr. Paul Delanoy of the Dow Chemical Company in Norfolk, UK.
- "Promoting process safety competency - work of the Center for Chemical Process Safety (CCPS)" was the titel of the talk given by Louisa Nara of the CCPS in New York.
- "The DECHEMA approach to process and plant safety knowledge transfer" was the titel of the presentation by Dr. A. Förster from DECHEMA in Frankfurt.
- "Promoting Incident prevention - decades of experience to share" was the titel of the presentation by Dr. G. Uhlmann from Berufgenossenschaft der chemischen industrie (BG Chemie) in Malkammer.
- "Teaching safety in chemical engineering - what, how and who?" was the titel of professor Martin Pitt's keynote as the start of the second days session. Professor Pitt is from University of Sheffield in UK.
- "Process and plant safety competence - the authorities view" was the titel of Jan Slijpen's presentation. Jan Slijpen is with the Ministry of Social Affairs and Employment in Utrecht, the Netherlands.
- "Process and plant safety competence - how to sustain the success factor for European chemical industry" was the titel of the presentation by Dr. Peter Schmelzer, who in this connection represented a committee under CEFIC.
- "High process safety competence - an asset to a chemical company" was the title of Dr. H.V. Schwarz presentation after lunch. Dr. Schwarz is with BASF in Ludwigshafen.
- "Process safety through operational management" was the titel of van Roost presentation. van Roost is with Total Petrochemicals in Brussels.
- "Training engineers in safety and risk management: the OECD experience" was the titel of Mr. M. Hallwood's presentation. Mr. Hallwood is with LUBW Landesanstalt für Umwelt, Messungen und Naturschutz in Baden- Würtemberg.
After presentation of the 2011 EPSC Process Safety Award to a German researcher in the field of static electricity the two day special session was rounded off by a panel discussion. The panel included Dr. Hans Pasman, who is currently at the Mary Kay O'Connor Process Safety Center in Texas, Prof. Martin Pitt from University of Sheffield, Dr. Norbert Pfeil from BAM, Dr. Peter Schmelzer from Bayer and Ms. C. Schalbe representing an NGO in Brussels. The panel discussion was titled "Process Safety Competence - the way forward".
The organizers of the two day special session on process safety competence promissed to have updated presentations and conclusions from the two day event available on an unspecified website before the end of November this year. Presenters have until the end of October to sanitize their presentations for publication. Further details will be provided here when available.
European map of process safety education
presented at special session at ECCE-8
Post date: Oct 7, 2011 6:25:38 PM
Last week - more specifically Wednesday September 28th, Niels presented the European map of process safety education at the university level at the special two day session "Process safety competence - European strength degrading to weakness" in connection with the 8th European Congress of Chemical Engineering at the ICC in Berlin.
The two day special session was attended by more than 50 people from industry, consultancies and academia. The four organizers Peter Schmelzer from Bayer, Norbert Pfeil from BAM, Christian Jochum from EPSC and Konstantinos Mitropetros form Dechema had put together a program which covered all aspects of process safety competence.
A highlight of the special session was the keynote on the second day given by professor Martin Pitt from Sheffield University. He delivered a very entertaining talk about teaching process safety in a university environment. In the talk he called process safety the most difficult subject to teach, and showed how a simple investigation of runaway reaction, such as the explosion at T2 Laboratories in the USA would required knowledge of all subjects of chemical engineering as well as solid knowledge of physics.
Niels' presentation was the last one before lunch on the first day of the special session. A PDF-file with presentation slide has been attached to this note together with a short document with the oral comments delivered to the attendees at the symposium. Further information from the successful two day session will be provide by the organizers of the event in the coming months, and a link will then be added to this note.
The Eurpean map was created by surveying websites of almost 1400 hundred European universities. The initial survey only considered the traditional engineering disciplines such as civil, chemical, electrical and mechanical plus process safety. However, an updated survey which includes the many new types of engineering education available at European university have been started based on feedback from attendees at the special session in Berlin. The spreadsheet with information gathered have also been attached to this note in the LibreOffice format. If you find errors in the information in the spreadsheet, then please tell us using the contact us form.
EFCE WP Loss Prevention web-site
Post date: Feb 6, 2011 8:59:17 PM
The European Federation for Chemical Engineering (EFCE) Working Party on Loss Prevention and Safety Promotion (WP Loss Prevention) now has it own web-site at www.wp-lossprevention.eu. Take a look!
Update July 2018
Safepark is no longer active on the Working Party on Loss Preventation and Safety Promotion, and therefore the update and maintenance of the website has been passed on to an active member of the WP. In fact Safepark already at the end of the Symposium in Firenze announced, that we Niels Jensen no longer would be the Danish representative on the WP.
Goal based HAZOP article
published in International Electronic Journal of Nuclear Safety and Simulation
Post date: Aug 8, 2010 2:43:42 PM
In the June issue of International Electronic Journal of Nuclear Safety and Simulation (IJNS) the article "A goal based methodology for HAZOP analysis" by Rossing et.al was published. You can read the article online or download a PDF-file at IJNS. You can also download the PDF-file in our resources section.
Niels was supervising the M.Sc.-thesis work of Netta Rossing on which the work is based. Co-supervisors were professors Sten Bay Jørgensen and Morten Lind from DTU. Nette Rossing is currently employes af FLSmidth - a Danish engineering company with more than 100 years of experience in delivering equipment for the globla cement and minerals industries.
25+ years after Bhopal - have we learned the lesson?
"Properly NOT!" was the answer at LP 2010 in Bruges
Post date: Jun 11, 2010 1:06:18 PM
There was standing room only at Safepark's presentation Tuesday afternoon on the second day of the Loss Prevention 2010 symposium in Bruges. The point of the presentation titled "25+ years after Bhopal - Have we learned the lesson? Properly NOT!" was the reason for the continuously increasing number of government regulations both in the USA and in Europe since the watershed events at Seveso in 1976 and Bhopal in 1984 is the lag of proactive action by industry and its organizations, such as Responsible Care. The presentation was given by Niels Jensen, the owner of Safepark.
Currently there is however insufficient evidence, that the increased regulation of the industry - expected to further increase as a result of Deepwater Horizon - is actually reducing the number of accidental releases of chemicals or the nummer of fires and explosions involving chemicals. Each new major event, such as the explosion at BP's Texas City refinery in March 2005 or the explosion at the Buncefield Oil Depot in December 2005, are one of a kind events, even though evidence presented at Loss Prevention 2010 showed this not to be the case.
Safepark at LP 2010 in Bruges
Post date: May 23, 2010 9:56:36 AM
The tri-annual international symposium of the EFCE Working Party on Loss Prevention and Safety Promotion will take place in the Belgian city of Brugge from June 6th to June 9th this year. This event is the largest gadering of safety professionals in Europe.
Safepark Consultancy will present a paper at this important event. The paper will be presented by Niels Jensen and it is a reflection on what is happening in the chemical process industry here a bit more than 25 years after the Bhopal disaster. The paper discuss if the lessons from Bhopal has been learned or not. Some indications are, that some lessons are still to be learned.