This article was first published in New Zealand in the March/April 2016 issue of Safeguard magazine.

December 1984. The Union Carbide factory in Bhopal, India released a cloud of methyl isocyanate that spread across the region. The official immediate death toll was 2259.

July 1998. An explosion and fire ripped through the Piper Alpha oil platform in the North Sea, killing 167 workers.

April 2010. A well blowout in the Gulf of Mexico on the Deepwater Horizon drilling rig killed 11 men and caused massive environmental damage.

Considering the global scale and breadth of industrial processes such incidents are, thankfully, rare occurrences. But when they do happen, the impact is catastrophic. Because they are rare, it can be difficult to understand how they can happen and recognise warning signs.

Process safety focuses on the prevention of leaks, fires and explosions from chemical processes handling and storing hazardous materials. The new Major Hazard Facility Regulations coming into force this year set out the requirements in New Zealand law for managing such facilities.

Process safety is part of the broader, technical discipline of safety and risk engineering. This is a specialist discipline in its own right – like mechanical or electrical engineering – that considers major events with the potential for multiple fatalities, including in non-process industries such as aviation or nuclear power. (If you ever get frustrated by the bureaucracy in safety management, try writing a safety case for a nuclear reprocessing facility!)

As the name suggests, it centres on managing the process safely, rather than the people working with it – although the control interface between people and process is one of the key aspects. At its most basic level, the key steps for process safety are the same as for personal safety. We identify the risks; we assess them; we put controls in place to eliminate them if we can, or reduce them if we can’t; and we monitor how well the controls are doing their job. But because of the scale of consequence if we get it wrong, the extent and depth of the work in carrying out those steps is much greater. Specialist tools abound – fault trees, event trees, bow ties, HAZOP, QRA, LOPA, FMEA and many more. The same basic elements are present, but their implementation is different in the same way that a Formula 1 car has wheels, brakes and a steering wheel, but driving one is radically different to the family car. If you try to drive it without the right experience, you’ll crash pretty quickly.

Process safety focuses very strongly on the ‘eliminate’ and ‘isolate’ end of the risk mitigation hierarchy. A lot of effort goes into understanding how process control can be lost and many of the barriers are engineering-based. For example, an oil refinery would have detection for extremes of temperature, level, flow rate and pressure that stops the process when normal levels are exceeded, but before dangerous levels are reached.

There are some areas of crossover into personal safety where the lessons of process safety are particularly valuable.

LEADING INDICATORS

Lagging indicators – measuring events after they have happened – are almost useless for process safety. When a significant event only occurs every few years, it really highlights the fact that lag measures tell you very little about safety. Every one of the major accident sites mentioned at the start had year upon year of major accident-free operation before the unthinkable happened.

This is exactly the same principle for personal safety. We’ve all done something unsafely without any injury – running to cross the road when there is traffic or using a knife instead of a screwdriver in the kitchen. Not having an accident tells us nothing about how safe something is. Clearly identifying and understanding the factors that make the process safe and monitoring those gives us far better control of safe outcomes.

A safety interlock may operate correctly and stop an accident happening, but knowing how often that interlock is challenged is a good leading indicator as to how well the process is being controlled. In the same way, waiting until someone loses an arm in a machine is of no use, but if we know in advance that the guarding is sometimes removed, it helps us prevent rather than clean up.

WEAK SIGNALS/CHRONIC UNEASE

In much of process safety the process is largely invisible, hidden in pipes and vessels. It is not always obvious when something is going wrong and sometimes the clues may be very small. These are known as ‘weak signals’. This is particularly true where processes are complex and there may be interactions we don’t expect.

Acting on weak signals is important. In personal safety terms, a weak signal may be that we are starting to see schedule pressure on a construction site. In itself it will not cause an injury, but it may show that in a week or so, people will be starting to rush and cut corners – and that may cause an injury.

Regularly examining weak signals has been termed ‘chronic unease’: never being comfortable and always being on the lookout for something that may go wrong. Even (or especially) when things are going well, dig a little deeper to find any evidence of concern.

SAFETY IN DESIGN

Safety and risk engineers are typically degree-qualified engineers. The safe design approach is heavily embedded in what they do. In most non-process industries safety in design focuses on reviewing the design, identifying hazards and back-fitting controls. It usually misses the first step of considering inherent safety before the design has properly begun: should we be doing this at all? And if so, is this design the best way to do it?

The late Trevor Kletz (often called the father of process safety) once said of chemical processes, “What you don’t have can’t leak,” encouraging thinking about ways to remove or replace the hazardous chemical before designing containment. Designing something with limited power to travel fast is inherently safer than giving it brakes afterwards.

COMPLEXITY

Sometimes we try to over-simplify safety. In process safety, over-simplifying can blind us to complex interactions that may have negative consequences – how the different temperatures and pressures impact on unexpected mixtures of chemicals, for example.

The same is true of personal safety – how do production pressures, culture, personal issues, economic issues, experience, language and the local environment combine to change our safety behaviours?

The complexity will not go away if we ignore it. Increasing our understanding is the key; not telling ourselves it is simple when it’s not.

REASONABLY PRACTICABLE

The new Health and Safety at Work Act requires risks to be reduced so far as is reasonably practicable. The test for this is one of cost being ‘grossly disproportionate’ to the risk. It is generally accepted that the higher the consequences, the more stringent this test becomes. Process safety has developed some highly sophisticated tools and techniques to demonstrate this in a way that is clear and supported through objective evidence. This often has to be delivered for approval to the regulator in the form of a safety case – as will soon be required in New Zealand for upper tier major hazard facilities.

WILL WE EVER LEARN?

There are many lessons for personal safety from process safety, but it is an inescapable fact that we continue to have major accidents. It is far from perfect. Just as in personal safety, having an operational culture that recognises and values process safety is crucial. On Deepwater Horizon, BP were criticised for focusing on personal safety at the expense of process safety – it was the culture that was the problem, not the available tools and techniques.

Process safety is safety on steroids. It is a field that is more complex, more technical, more in-depth and more specialist than personal safety. In fact, this depth is such that it becomes inappropriate for many circumstances. It is too unwieldy and costly for reasonable application where major hazards are not present. You are not expected to run a hazard identification workshop with ten engineers before building a wall. But if you do operate in a major hazard industry, having the right understanding and expertise to manage your process safety is non-negotiable and an experienced safety and risk engineer will help navigate the various approaches to provide something appropriate for your facility.

The new regulatory regime will hopefully help to lift the level of capability within New Zealand, which in turn will help us to learn from those that have gone before and not have to endure another major catastrophe.

Unfortunately, there are few people who have significant experience in both personal and process safety to provide the link between them, not only here but internationally. But by becoming more aware of process safety, even where there is no direct requirement for it, improvements can be made and the bar can be raised to move towards safer workplaces.