Prevention and mitigation layers in hazardous events

Jun 05, 2019 / by GM International

Topics: Safety news

Safety within a production plant entails the adoption of a multipurpose approach encompassing aspects such as control, design, implementation and system testing within the plant, besides the safety of the whole plant, from suppliers to personnel, up to the documents relating to the activities undertaken and the measures adopted. The approach is therefore consistent and measurable, taking into account the entire life cycle of safety systems.

The risk is to be first understood, analyzed and then addressed.


The risk in a plant environment

What is the risk in a plant system? It refers to the possibility for a given catastrophic event to occur and is the outcome of three factors: hazardousness, i.e. the possibility that a given event may occur with a given frequency in a given context; vulnerability, i.e. the degree of damage suffered by persons, facilities or the environment; and extent, i.e. the set of goods or persons endangered by the damage.

Risks are addressed in two ways: through prevention, to minimize the probability of a dangerous event, and then through mitigation, to reduce the effects of a dangerous event or its consequences. In short, these are represented by a series of precautions taken at the design and management stages; in addition to Good Engineering Practice (Gep), they are commonly identified as "stand-alone protection layers". In order to identify and evaluate the relevant effectiveness in terms of risk reduction, there are specific formal procedures defined by the IEC 31010 standard, such as LOPA (Layer Of Protection Analysis), HAZOP (HaZard and OPerability studies), or QRA (Quantitative Risk Assessment).


Prevention and mitigation layers

Protection levels, or layers, are therefore barriers between the dangerous event and everything that needs to be protected. These can be divided into prevention layers, i.e. process plants, process control systems and safety systems, and mitigation layers, such as physical containment measures, plant evacuation procedures and the general emergency response. CCPS (Center for Chemical Process Safety) of AIChE (American Institute of Chemical Engineers) provides for eight protection layers, ranging from process design to general emergency response, including standard monitoring, warnings, operators' oversight, critical warnings, manual procedures, automatic actions (SIS or ESD), physical protection and the plant's safety plan.

Safety layers can also be divided into process control systems and tooled safety systems. The first are protection layers designed to ensure seamless functioning and process variables within preset layers so as to reduce the risk of hazardous events. Safety instrumented systems, on the other hand, respond only in case of hazardous events and are designed to prevent an accident, therefore requiring regular maintenance and control.

With regard to the eight standard layers, process design should forecast and support any deviation from the standard operating conditions. The second layer, core controls, warnings and oversight, must be designed, installed and managed as a tool-based safety system. The next layer, critical warnings, operator oversight and manual measures, has the goal to prevent specific adverse events within the process. The automatic actions (fourth layer) are SIS (Safety Instrumented System) or ESD (Emergency Shutdown Device), these automations are generated within the process and do not require any control or action by the operator but are rather directly carried out by machines when a given event occurs. The fifth and sixth layers are made up of different types of material safety systems, such as pressure relief devices or a weir that holds a pouring. The seventh layer, the plant safety plan, provides for the procedures required for personnel in case of an accident. Finally, the general emergency response is the last line and relies on resources outside the plant, such as firefighters, ambulances, and qualified emergency rescue personnel.

Safety layers must be self-standing, otherwise their effectiveness is reduced or nullified, and must be monitored and quantified according to their actual effectiveness in response to a hazardous event.

New Call-to-action