IMPLEMENTING INHERENT SAFETY THROUGHOUT PROCESS
Markku Hurme, Mostafizur Rahman
Helsinki University of Technology,
Laboratory of Plant Design, P.O. Box 6100, FIN-02015 HUT, Finland
Inherent safety should be implemented as early as possible in the design life cycle, since the
changes in process design are easier and cheaper the earlier they are done. The problem is, how
to evaluate process alternatives in the terms of inherent safety in the early design phases, w hen
much of the information is missing. In this paper the process life cycle phases, the inherent
safety analysis techniques used in them and the accuracy of methods is discussed.
The aim of process design is to create a process that is economic, safe, and environmentally
benign throughout the whole lifetime of the plant. It is required that the safety of a process plant
fulfils certain level because of general society requirements, company image and economic
reasons. An unsafe plant cannot be profitable due to potential losses of production and capital.
The safety of a chemical process can be achieved through inherent (internal) and external means.
The inherent safety is related to the intrinsic properties of the inherent safety to remove hazards
rather than to controlling them by added-on protective systems, whic is the principle of external
As a process goes through the phases of lifecycle, such as research and development,
design, construction, operation, modification, and finally decommissioning, inherent and added
on safety have a varying emphasis. The major decisions on process principle are done in the
process development and conceptual design phases. Therefore the process development and
conceptual design phases give the best opportunities of implementing inherent safety, whereas
added on safety has its applications in detailed process and plant engineering. In fact the
possibility of implementing inherent safety decreases as the design proceeds (Fig.1). Thus the
inherent safety characteristics should be evaluated systematically as early as possible to gain
larges benefit. However, the lack of detailed information especially in early design phases
complicates safety evaluations and decision making. At this point, much of the detailed
information - on which the decisions should be based - is still missing, because the process is not
yet designed. Once the process is designed, one would have all the information, but not the
freedom to make conceptual changes. This design paradox makes it necessary to implement a
dedicated methodology for estimating inherent safety in the early design phases to allow its early
adoption. This paper will discuss the principles of inherent safety implementation and evaluation
throughout the process lifecycle.
Knowledge of process
Opportunities for installing
add-on safety features
Opportunities for installing
inherently safer features
Figure 1. The design paradox and inherently safer design
2. Evaluation of inhe rent safety
Most of the existing safety analysis methods have been focussed on existing plants or design
phases where all documents are already available, because they require detailed information
about equipment and plant layout. Safety aspects are however most effectively being considered
early in chemical process development. This is hindered by lack of knowledge of the process. At
the early stages, only quite limited information on equipment and plant layout exists. Thus, most
common methods intended for analysing full designs or plants in operation cannot be used. For
this purpose in inherent safety indices have been developed. They are based on the information
available in the early design phases.
The first index published for evaluating the inherent safety was the Prototype Index for
Inherent Safety (PIIS) by Edwards and Lawrence (1993). The Inherent Safety Index (ISI) by
Heikkilä and Hurme (1996 and 1999) was developed to include more aspects than PIIS. The i-
Safe Index was developed by Palaniappan et al. (2002 and 2004). The indices use somewhat
different criteria to evaluate inherent safety and therefore have to some extent different data
requirements (Rahman et al. 2004a,b).
In this paper the problems of implementing inherent safety evaluations and their
accuracies in process lifecycle are discussed. For this purpose we have to look more closely,
what are the lifecycle phases and how the amount of the knowledge on the process will increase
3. Process lifecycle phases
A process goes through various stages of evolution. Progression through these stages is typically
referred to as the process life cycle:
2. Research and development
3. Preliminary process design
4. Basic engineering
5. Detailed engineering (Plant engineering)
6. Procurement, fabrication, construction, installation
7. Start up
8. Operations, maintenance
9. Modifications, retrofitting
Many of the phases are separated by decision phases as shown in Figure 2.
Aims and decisions
Research decision Design decision Investment decision Plant is ready for operation
Figure 2. Life cycle phases of a process in a development and design project
3.1 Idea phase
New ideas often deal with new or improved products and processes. The first check o f the
viability of a new idea is often done quite quickly. If the idea looks promising in economic,
safety and environmental terms, preliminary research and development can be started by a
research decision (see Fig. 2). In idea phase information is collec ted on competing processes,
patent situation, legal aspects and environmental and safety considerations, as well as raw
materials, reaction chemistry and product specifications. Typical information available in this
phase on a new process is the main reaction chemistry and the basic physical, chemical and
toxicity properties of the compounds present (Figure 3). The methods used in safety analyzes
have to be based on these basic properties. The result of inherent safety estimation by index
methods is very rough and does not give a right ranking of process routes (Table 2).
3.2. Research and development phase
As a new project is started, the chemical synthesis route is selected. The main goals are yield,
product quality and safety. To apply inherent safety, research chemists must make an in-depth
investigation on the process chemistry. Reaction hazards have to be investigated by reaction
calorimeter to find out the conditions, where possible side reactions take place and to find out the
possibilities of a runaway reaction.
After the definition of the chemistry, reaction conditions the basic concept of the future
process is defined. Research engineers have now many opportunities to incorporate inherent
safety principles in the choice of chemical synthesis route for example by:
1) implementing catalysts leading to less severe operating conditions
2) eliminating a hazardous solvent by using a safer one such as water
3) reducing reaction temperature, pressure and concentration
4) using a more volatile solvent that refluxes and provides efficient cooling of reaction.
After the process chemistry has been established, which defines the hazards of the materials,
process development personnel needs to focus primarily on process synthesis and unit operations
used. This includes the process scheme with reaction and separation steps. In this phase bench
and pilot experiments may be necessary for scale- up. Nowadays also mini plants are used to
allow continuous process testing in small scale.
In R&D phase, which includes also conceptual phase, the designer has the greatest opportunity
to implement inherent safety principles, since most major decisions are done in this phase. Also
most inherent safety principles can be considered in conceptual design as shown by Kletz (1991)
in Table 1.
Table 1. Inherent safety principles considered in first project stages (Kletz, 1991)
Feature Conceptual stage Flowsheet stage PI-diagram stage
Intensification X X
Substitution X X
Attenuation X X
Limitation of effects:
- By equip ment design X
- By changing reaction conditions X X
Avoiding knock-on effects:
-By layout X X
-In other ways X X
Making incorrect assembly impossible X
Making status clear X
Simp lification X X
Ease of control X X
Because many fundamental decisions are made, creative thinking is important in new process
development and in looking opportunities to make the process more inherently safer. New
principles, such as process intensification, can systematically be imple mented to reach the goal
(Rong et al., 2004).
In R&D phase inherent safety can be estimated quite well by using the Inherent Safety
Index, since most of the information needed is already available (Fig. 3). The accuracy of
evaluation is nearly as good as in the process predesign phase coming next. The ISI index can
give a quite reliable inherent safety ranking of the process alternatives as presented in the MMA
process case study (Table 2). In some cases ranking gave however same ranks to some quite
3.3 Preliminary process design
Preliminary engineering (or process predesign) is often done only for one process concept based
on a pre-feasibility study done earlier. Material and heat balances for the process concept are
calculated and flowsheet diagrams generated. For this purpose the type of unit operations have to
be decided, if not already done in process development. Preliminary sizing of main equipment
and a preliminary layout is also done. More accurate estimations of cost and profitability, safety
and environmental aspects are made in a feasibility study to find out, if the project is still
In process predesign the decisions are related to process dimensioning and unit operation
types. Even the operating conditions of key equipment are partly determined already in process
development, there are still good opportunities to implement inherent safety principles; see Table
1: Intensification and simplification can be done further by using process intensification
methodologies (Rong et al., 2004). It may also be possible to substitute some chemicals with
safer ones. Attenuation can be practised on temperature and pressure. Knock-on effects can be
limited by layout. Using smaller vessels and reducing need for intermediate stora ges can change
process inventories. This may however have a negative effect on controllability.
Plant location is analysed. It may be possible to reduce or eliminate transportation risk by
locating the plant, where hazardous raw materials or intermediates are produced, if the risk from
transporting the raw materials or intermediates outweights the risk of transporting the final
product. Locating plants at the same site will provide additional opportunities for risk reduction
by inventory reduction.
In inherent safety evaluation there are some new data is available for the ISI index;
equipment types, process structure and a more exact inventory. The accuracy of estimation is
however not much increased compared to conceptual phase in the MMA case study shown in
Table 2. Other methods available are a pre Hazop, which can be done by the designer as a
simplified form, and Dow F&I index, which can be applied to large extent even some
information is missing.
3.4 Basic engineering
A plant construction project starts with basic engineering. The main task is to make the PI-
diagrams to AFD (accepted for design) phase and to complete all equipment process datasheets.
This means all process data for equipment is defined. Automation designers make the basic
definition of the automation system, which includes the number of instruments and controllers.
Facility designers make only a layout in this phase. Some companies require also that a Hazop
(hazard and operability study) is done already in this phase. Also a cost estimate and a project
plan for the design and construction project is done. In basic engineering no pipeline or
instrumentation design is made, neither equipment diagrams.
In basic engineering phase the normal operating conditions and the limits for safe
operation are defined. The key equipment is the chemical reactor. All their possible hazardous
situations should be covered and possibilities of them minimized. Means to deal with these
situations should be taken into account. The information defined in process design phase
determines the values for mechanical design. For example, the materials of construction of
equipment should be in accordance with process materials and also with all possible impurities
and trace elements. Because over half of the hazardous inc idents are associated with start- ups,
shut-downs, maintenance work and abnormal operations, all the abnormal situations, including
start-ups and shut-downs, should be considered. Assessments can be done in different ways. A
commonly used method is a critical examination, especially the Hazop study.
In process design it is important to get the fundamentals right from the start. As the
design project proceeds, it becomes more and more expensive and difficult to change process
fundamentals. Earlier decisions may limit the options in the later design stages, but inherently
safer principles can still be applied. Basic design is the last step when changes can be made at
moderate cost. Once the facility is constructed the cost of modification usually increases notably.
The situation of implementing inherent safety principles is somewhat changed from the
previous design steps (see Table 1). The inherent safety aspects are now related to process
components such as process design aspects of equipment, piping and instr umentation. Inherent
safety indices cannot any more be applied to measure safety level but more detailed methods
such as Dow F&I index and Hazop studies can be applied.
3.5 Detailed engineering
The detailed design includes mechanical design of the equipme nt, piping, structural, civil
engineering and electric design and specification and a design of ancillary services. Also a
detailed layout is done. The key objective of the detailed design phase is to make documents and
drawings for construction, procurement and commissioning. However the plant cannot always
be engineered as the process engineers have designed. Therefore checking of piping, equipment
and instrument design documentation has to be done by the process engineer. The differences
between process and detailed engineering documents have to be analysed and the effect on safety
studied. Small changes may change the process behaviour and ruin the inherently safer design
principles adopted. As an analysis method a complete Hazop study can now be done, since all
engineering documents are now available. However, making changes is expensive and can cause
delays and further errors. So no changes are welcomed in this phase.
3.6 Construction and start-up
The construction phase starts with preparation of fo undations and buildings. When equipment is
installed, work continues with the installation of pipes, steel structures, electric devices and
instrumentation. From safety point of view the proper installations of equipment is necessary.
This is checked by inspection. The start-up phase begins with the testing of the facility. The
testing of the facility starts with water drives when all utility systems are operational and
instruments and control system are tested. It should be also ensured that process sequences
operate as they are planned. When the water drives have been fully completed, testing is carried
out with processing materials.
A key point in safety is the training given to operators. The training of workforce should
be started early before the start-up of the plant. They should understand the operation principle
of the process and automation system to be able to operate the plant in an inherently safer way.
3.7 Ope rations, maintenance and modifications
In addition to the safe operation and maintenance principles, which include proper training and a
work permit system, it is necessary that the inherently safer features, which are built into the
installation, must be documented and maintained. Often in process modifications these are not
understood or appreciated and changes are made, which change also the operation principle of
the process. Therefore the inherently safer aspects may be lost. In fact when making changes, we
should look for opportunities to make the system inherently safer and to reduce the risk level of
the process. This can be done based on the experience gained, i.e. there is a learning process
taking place during the plant operation.
In operation there are possibilities to human operating errors. Therefore the design should
be operating error tolerant. From this perspective, the chemistry of the process should be made
inherently safer by selecting materials that can better tolerate error in handling and charging.
Making systems easier to understand, operate, repair and assemble corr ectly can make the
process more inherently safer and more human error tolerant.
Decommissioning means activities that take place after the normal production cycle and result
from recognition that a process has reached the end of its useful life time.
The design and implementation of inherently safer chemical processes includes also a
consideration on the safety of dismantling of process equipment, reusing the site, and which
impact chemicals left behind in the plant or left in the soil or groundwater have at the plant site
or nearby. The process equipment and ancillary equipment must be removed or at least left in a
safe condition. There is a temptation to delay the cleanup of decommissioned plants as long as
possible. However, it is less expensive to do all the plant closure related activities immediately
after the plant is closed. This is also inherently safer.
A summary of tasks, information produced and safety tools available in various process lifecycle
phases is given as Appendix 1.
4. Accuracy of inhe rent safety evaluations in process lifecycle phases of MMA processes
The Inherent Safety Index (ISI) developed by Heikkilä and Hurme (1996, 1999) was tested in
three stages of process design lifecycle; in idea phase, R&D phase a nd predesign phase. The
information requirements of the ISI index for evaluating inherent safety are presented in Figure
3. In the idea phase there is typically available information on reactivity, flammability,
explosiveness and toxicity of chemicals. In R&D phase there is available in addition to the
previously mentioned information also: heats of reaction, chemical interaction, corrosiveness,
yield, temperature, pressure. In process predesign phase in addition to the previous ones also:
inventory, type of equipment and process structure. Part of this information becomes gradually
more exact as shown in Figure 3 by dotted lines.
Idea phase R & D phase Predesign
Heat of reaction
Heat of side reaction
Type of equipment
Figure 3. Criteria used in the Inherent Safety Index and their availability in the test case
The testing was done by calculating the ISI index values for methyl methacrylate (MMA)
subprocesses and process routes in these three design steps by supposing the availability of
information described above. The process and index calculation principles are discussed by
Rahman et al. (2004a,b). The results were compared to expert evaluations presented by
Lawrence (1996). The results are shown in Table 2. It can be seen that the information available
in idea phase is not enough to rank process routes properly even the difference of subprocess
evaluations is quite small compared to expert evaluations. One explanation is that the experts
may have based their evaluations on component safety properties to a large extent, since they
were given only reaction equations, temperatures, pressures and the properties of chemicals
involved as the back ground information.
Table 2. The difference between Inherent Safety Index -based and expert evaluations of MMA
processes in different design phases
Idea phase R&D phase Process predesign
Sub-process values 13% 11% 10%
Route values 7.0% 3.5% 3.4%
Route ranking 67% 0% *) 0% *)
*) in some cases close routes give similar rankings
The paper has discussed the implementation of inherently safer design principles and the
evaluation of inherent safety in process lifecycle An inherently safer process development and
design involves iterative application of chemical engineering and inherent safety principles at
each decision point along the process life cycle. The key decision points from the inherent safety
point of view are: (1) synthesis route selection; (2) conceptual design; (3) flowsheet
development; (4) basic engineering and (5) later modifications. The major decisions on process
principle are done in the process development and conceptual design phases. Therefore the first
lifecycle phases give the best opportunities on implementing inherent safety principles. The most
crucial thing in process design concerning safety is getting the fundamentals right as early as
possible. As design project proceeds, it becomes more and more expensive and difficult to
change process fundamentals. Therefore a dedicated methodology, such as inherent safety
indices, to estimate inherent safety of conceptual alternatives is needed. It seems that inherent
safety can be evaluated quite well in the R&D phase involving conceptual design of the process.
A right inherent safety ranking of process alternatives was received in the MMA case study;
even there was not enough accuracy to rank some closely similar alternatives.
Edwards, D.W., Lawrence, D. (1993), Assessing The Inherent Safety of Chemical Process Routes: Is
There a Relation Between Plant Costs and Inherent Safety?, Trans IChemE, 71 Part B 252-258.
Heikkilä, A.-M., Hurme, M., Järveläinen, M. (1996), Safety Considerations in Process Synthesis,
Computers chem. Engng, 20 S115-S120.
Heikkilä, A.-M. (1999), Inherent Safety in Process Plant Design, D.Tech. Thesis, VTT Publications 384,
Technical Research Centre of Finland, Espoo; www.inf.vtt.fi/pdf/publications/1999/P384.pdf
Kletz, T.A. (1991), Plant Design for Safety: A User-Friendly Approach, Hemisphere, New York.
Lawrence, D. (1996), Quantifying Inherent Safety of Chemical Process Routes, Ph.D.Thesis,
Loughborough University of Technology.
Palaniappan, C., (2002) Expert System for Design of Inherently Safer Chemical Processes, M.Eng.
Thesis, National University of Singapore.
Palaniappan, C., Srinivasan, R., Tan, R. (2004), Selection of inherently safer process routes: a case study,
Chemical Engineering and Processing 43 647-653.
Rahman, M., Heikkilä, A.-M., Hurme, M. (2004a, Application of Inherent Safety Index to Process
Concept Evaluation, Loss Prevention and Safety Promotion in the Process Industries, Prague.
Rahman, M., Heikkilä, A.-M., Hurme, M. (2004b), Comparison of Inherent Safety Indices In Process
Concept Evaluation, submitted to Journal of Loss Prevention in Process Industry
Rong, B.-G., Kolehmainen, E., Turunen, I., Hurme, M., Phenomena-based methodology for process
intensification, Proceedings of European Symposium on Computer Aided Process Engineering -14,
Elsevier, Amsterdam 2004.
Appendix 1. Tasks, information produced and safety tools availab le in process lifecycle phases
LC phase Tasks Information produced Suitable safety anal ysis tools
Idea phase - First check of feasibility on - first evaluation of
Evaluation based on the basic
economics, and SHE feasibility
properties of chemicals
- basic data on chemicals
Process R&D - Reaction chemistry - chemicals and their Laboratory screening and testing
- Examination of raw materials characteristics -for chemicals (toxicity,
and reaction chemistry - chemical reactions instability, explosives)
- Process concept creation and interactions -for reactions (explosiveness)
- Examination competing - thermodynamics -for impurities
processes, patent and license - physical properties Pilot plant tests
situation - process concept
- M arket analysis - first version of flowsheet Inherent safety indices partly in
- Examination of legal aspects - prefeasibility study simplified form.
- Laboratory & reaction
- Bench and pilot scale tests
- Prefeasibility study
(profitability , SHE)
Process - Process concept selection - flowsheet Inherent safety indices.
predesign from alternatives - material balance Dow F&E Index, M ond Index,
- Selection of unit operations - energy balance Hazop in simplified form.
- Flowsheet simulation - process concept
- Preliminary sizing of - operating conditions
equipment - layout sketch
- Analysis of logistics and - feasibility study
- Rough ISBL layout
- Estimations of emissions
- Feasibility study
Basic - Process design of equipment - PI-diagram (AFD) Hazop, Dow Indices, M ond Index,
engineering - Process design of pipes - process data on equipment, Hazan, Fault tree, RISKAT
- Basic automation and piping and instruments
instrumentation engineering -
- Layout design - preliminary layout
- Project planning - project plan
- detailed cost estimate
Detailed - Piping design - detailed engineering data Hazop, Dow Indices, M ond Index,
engineering - Instrumentation and for equipment, piping, Fault tree
automation design controls, instruments,
- M echanical design of the constructions
equipment - layout
- Structural and civil - operating, start-up and
engineering shut-down manuals
- Electric design
- Design of OSBL services.
Procurement - Vendor and fabri- - vendor data on equipment What-If, Checklist
Fabrication cat ion documents - as built data
Construction - Inspection reports
- Field change documents
Start-up - Start-up and test-run - data on process What-If, Checklist
- first operation experience
Operation - Operation reports - operation data Hazop, Dow Indices, M ond Index,
- operation experiences Fault tree, Operation fault analysis