aeSolutions Erich Zende helps his FIRST Robotics Team with their robot. Nice pants Erich! Pictures courtesy of FRC Flash 1319 As insightful as conventional high school career aptitude surveys with pen and paper can be — hands-on, real world experience is instrumental in shaping capable young minds. Add high stakes adrenaline and stiff competition to the equation, and FRC Flash 1319 Robotics Team emerges as a fusion between the three. This FIRST (For Inspiration and Recognition of Science and Technology) Robotics team hails from Greenville, SC and competes in state and national level field games under the adept guidance of mentor and aeSolutions SIS FEL Specialist, Erich Zende. We conducted an informal interview with Erich at the close of the team’s regular season to discern a better understanding of the year-round volunteer effort he lends so much of himself to . aeSolutions: What is your role on the FRC Flash 1319 team? Erich Zende: I am the Lead Mechanical Design Mentor and Drive Team Coach for the robotics team. I lead the students through the design, prototype, and build phases during a six-week build season, and I also advise students on the safe use of tools and other safety procedures. Pictures courtesy of FRC Flash 1319 aeSolutions: The advisory role concerning proper tool usage and safety procedures makes sense, given that safety is one of the fundamentals that embodies the spirit of aeSolutions. How much of your personal resources (time, money, energy) do you invest per season? Erich Zende: During the build season I meet with the students for roughly 30 hours a week, for six weeks, and during the weeks leading up to the competitions I meet with students somewhere between 20-30 hours. The majority of this time is spent practicing with a prototype robot along with packing spares and tools for the competition, as well as going over the presentations prepared by students for the judged technical awards at completion. Typically, FRC Flash 1319 competes at 2 or 3 select events. In total, I contribute an overall average of 250 hours give or take. In order to mentor to my fullest ability, I contribute 8-10 days of my time- off-with-pay, my hotel rooms expenses, occasional robot parts, and a trailer to transport the team’s robot. Pictures courtesy of FRC Flash 1319 aeSolutions: It goes without saying that you volunteer in multiple capacities. In regards to the season ending though, what does the “off-season” look like when the team isn’t gearing up for the building phase and qualifier competitions? Erich Zende: In the time period that we refer to as the “off-season,” I focus my time on recruiting and training new members. In regards to a combined effort, the team attends outreach events in addition to hosting several Lego League tournaments for the younger students interested in S.T.E.M. activities. Recently we hosted an event with one of our sponsors, the Synnex Corporation, to put on a STEAM (Science, Technology, Engineering, Arts and Math) Girls Night Out. This was a Makerspace event created to inspire, empower and engage girls in grades 3rd to 8th in Greenville County. The goal was to help foster young girls’ appreciation for STEAM and raise STEAM awareness among parents. The event boasted an overall attendance exceeding 350 students. Aside from requested team demonstrations at Roper Mountain Science Center, we also take part in the IMAGINE Upstate Annual Festival; which showcases pre-K through 12th grade education and STEAM career pathways centered on having fun and hands-on learning. Pictures courtesy of FRC Flash 1319 aeSolutions: Given what you’ve told me, the season isn’t necessarily limited to building and competing for a span of a few months but rather it’s a year-round effort of recruiting, team building and spreading awareness. It’s clear what you give to the program and the impact you have on the malleable futures of these students, but what do you get out of this exactly? What keeps you coming back year after year? Erich Zende: There are many reasons why I continue to mentor. Although challenging for a variety of reasons, the rewards generally make it all a worthwhile endeavor each and every year. Speaking of years, this will be my 16th year as a mentor and 20th year participating in FIRST Robotics. To be more specific: I mentor because others mentored me. I mentor to hopefully aid and impact future generations of students who will be contributing members of our society. I learn something new every year, and I enjoy the competitive experience. I mentor because the robotics team is a creative outlet outside of my day job. And truly, I mentor because I yearn for my daughter to have a long-standing and well-developed STEM program to be a part of when she is older. Pictures courtesy of FRC Flash 1319 aeSolutions: Well said. Special thanks to Erich Zende for the continued efforts and contributions to this FIRST Robotics team. You have not only gone above and beyond for the robotics team, but you have also created a praiseworthy legacy that speaks to the very core of this company. For more information on FIRST Robotics visit https://www.firstinspires.org/robotics/frc/what-is-first-robotics-competition To keep up with Erich Zende and the FRC Flash 1319, visit the team website: http://frcflash1319.wixsite.com/flash1319 Or follow them on social media: https://www.facebook.com/pg/FRCFlash1319 https://twitter.com/FRCFlash1319 https://www.instagram.com/frcflash1319/ https://www.youtube.com/channel/UCG40LSBnquEsIMQ2hyiyv8w #aesolutions

Following on from the first three aeSolutions blogs on the subject of combustible dust concerns, this blog provides another deep dive into the topic. We previously addressed the basic concerns around combustible dusts, many of the standards that address dust hazard guidance, and the properties and testing for combustible dusts; and potential ignition sources. Pt1. ​Do You Know the Basics? Pt2. Dust Properties and Dust Hazard Signs Pt3. Dust Ignition Sources This article will build on those topics to address potential safeguards for dust fires and explosions for both internal and external dust clouds or layers. A later blog in this series will pull it all together and review commonly used dust hazard assessment (DHA) methods. Dust Handling Safeguards As previously described in this series, dust flash fires and explosions can have extremely serious safety, environmental, financial and reputational consequences. As you would expect for any potentially serious process safety consequences, there is a range of possible safeguards including both administrative and engineering controls. Control of ignition sources is the first and most obvious family of safeguards and it includes both administrative and engineering techniques: Proper grounding and bonding of equipment using both the NEC and NFPA 77 (Recommended Practice on Static Electricity) is a fundamental requirement. To provide assurance that the grounding and bonding system remains in good order, a routine ground inspection / assurance program, e.g., grounding system and piping/ducting strap inspection program, should be implemented in accordance with NFPA 654. Temporary grounding arrangements for loading or unloading of dusts require special attention to make sure of the integrity of frequently operated clamps and the operational discipline to use them every single time. For some dusts with low minimum ignition energy, use of personnel grounding may be considered (e.g., static-dissipating shoes and special conductive flooring). Continuing with the engineering controls, proper electrical area classification using the guidance in NFPA 499 (RP for Classification of Combustible Dusts and of Hazardous Locations for Electrical Installations). Proper area classification is important to minimize potential for sparks and to keep equipment surface temperatures below the ignition temperatures for a given dust. One of the most critical aspects of establishing Class II areas for dusts is selection of the temperature class for equipment. It is very important to have firm knowledge of the dust’s minimum auto-ignition temperature (MAIT), layer ignition temperature (LIT), and maximum rate reaction initiation temperature (if applicable) to correctly establish the required temperature class. Minimizing the possibility for equipment to produce sparks due to mechanical malfunctions is another important aspect of ignition control. Mechanical spark sources include equipment parts rubbing together creating friction heat or sparks, bearing failures, lack of lubrication and similar issues. A strong mechanical integrity program in accordance with manufacturer recommendations is important. This includes routine tasks such as a routine lubrication program, power and/or vibration monitoring, and temperature monitoring in some cases. A written program is an important tool to initiate and maintain a strong mechanical integrity program. Keeping stray metal (often called “tramp metal”) out of processing equipment is important due to the potential for mechanical sparking and frictional heating; exclusion of tramp metal may require a combination of administrative and engineering measures. Whenever equipment is opened, there should be a visual inspection just prior to closing to ensure no metal items, such as tools, filings, nuts, etc., are left behind. In some cases, where incursion of metal from upstream sources is credible, filtering prior to during steps is advisable. Control of hot work is a very important administrative tool to minimize the potential for hot work to generate sparks or open flames when dust may be present. NFPA 51B Standard for Fire Prevention During Welding, Cutting, and Other Hot Work is a good resource for hot work program development. An inherently safer method for dust explosion potential is to provide equipment designed for the maximum explosion overpressure (Pmax). Pmax is typically 8-9 times the initial absolute process pressure, so this can be a good solution for cases where the normal process pressure is near atmospheric. Care needs to be taken in consideration of “pressure piling” at interconnected ducting and equipment, since those pressures can be substantial, and it may be impractical to design for the higher pressures that may be expected at interconnected equipment. NFPA 69 Standard on Explosion Prevention Systems includes design information on this topic. A concept called deflagration isolation is sometimes used to prevent propagation of an explosion and the pressure piling at connected equipment that may go with it. Deflagration isolation systems may include rotary valves, flame arrestors, fast acting automatic valves which close on a rapid pressure increase, and others. Reducing the oxygen concentration internal to dust-handling equipment to below the limiting oxygen concentration (LOC) for the dust is a great method to prevent ignition if it is feasible for your system. Many facilities use nitrogen for this purpose and manage the system as safety-critical. If selected, the oxygen concentration of the conveying gas should be specified at a safe margin below the LOC. Somewhat related to control of oxygen content, the concentration of dust may at times also be controlled to significantly below the minimum explosible concentration (MEC) for the dust. Concentration control may not always be practical from a commercial standpoint as it may limit production rates. In cases where the conveying gas is not below the LOC, a mitigating safeguard to quench explosions in progress is sometimes specified. Nitrogen suppression systems will open very quickly based on fast-acting change of pressure switches. A rapid inflow of nitrogen may quench an imminent explosion internal to equipment. Proper sizing, numbers, and locations of the nitrogen cannisters is of crucial importance. The suppression system also has to act faster than the time for the development of the explosion. Specialist personnel should be engaged to handle the detailed design of suppression systems. Deflagration vents are another potential mitigating system which act to reduce the explosion pressure by venting it, similar to a rupture disc. Deflagration vents may be installed on equipment and on buildings where the potential for dust explosions is present. Deflagration vents can be quite large, depending on the application and should be vented to a safe location. NFPA 68 Explosion Protection by Deflagration Venting includes design information on this topic. A buildup of dust layers internal to equipment is a concern due to the potential for high surface temperature or a maximum rate reaction to ignite the layer. The primary control for this concern is an effective manual or automatic cleaning regime in place for equipment subject to internal layer buildup, including routine inspections to verify adequate cleaning. Supervisory signoffs and audits of this activity are also a good practice. External leakage of dust is a concern that needs to be addressed, as it may result in either dust explosions (if leakage is above the minimum explosive concentration (MEC) or dust fires in the case of layer buildups. There is a two-pronged safeguarding approach to address leakage. First is a strong mechanical integrity program which addresses typical leakage points proactively. Second is a strong housekeeping program in which incipient leaks are rapidly addressed, which should be supplemented by a strong routine housecleaning culture which allows for prompt cleanup of leaked dust. Similar to the internal dust layer concern, Supervisory signoffs and audits of housekeeping are also a good practice. The routine review should include all flat surfaces in the facility, including those which may not be perfectly visible, e.g., tops of equipment and tops of structural members. Building fire suppression systems are a sensible precaution to mitigate dust explosion consequences but as they are a post-explosion mitigating system, they are not typically regarded as a strong protection in these cases. The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood, and no company wants to learn of dust explosion hazards the hard way. How do you know if you have sufficient safeguards present for combustible dust hazards at your facility? A Dust Hazard Analysis (DHA) and careful review of the engineering and administrative safeguards in place is the clear answer. So What? If you have not previously taken a deep dive into the safeguards in place for your particular dust(s) ignition sources at your site, now would be a good time to do so. If you do not have the right technical expertise in your company to assess dust hazards, ignition sources and safeguards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to recommend reputable testing labs and to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Stay tuned for more. A later blog in this series will address commonly used dust hazard assessment (DHA) methods.

by Judith Lesslie, CFSE, CSP This is the second in a series. You can find the first here. Following on from the first aeSolutions blog on the subject of the basics of combustible dust concerns, this blog provides a deeper dive into the properties of combustible dusts. It is necessary to first understand your specific dust testing and properties to assess the potential hazards of a given dust handling process. A past blog provided an overview of the generalities of combustible dust hazards, including some serious past incidents, and provided some of the relevant guidance documents for those who are interested in more detailed information. Once the article’s technical basis is understood, future blogs will cover signals that there may be previously unrecognized dust hazards at your site, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. Combustible Dust Properties Technical definitions of combustible dust vary only slightly across industries and agencies. OSHA, for example, defines it as "a solid material composed of distinct particles or pieces, regardless of size, shape, or chemical composition, which presents a fire or deflagration hazard when suspended in air or some other oxidizing medium over a range of concentrations". The NFPA defines it as “a finely divided combustible particulate solid that presents a flash-fire hazard or explosion hazard when suspended in air or the process-specific oxidizing medium over a range of concentrations” (NFPA 652, 2019). The CCPS defines it similarly to the NFPA (CCPS Guidelines for Combustible Dust Hazard Analysis, Wiley, 2017). So what are the parameters of interest when it comes to deciding whether or not a dust presents a combustibility or explosion hazard? There are a number of relevant parameters that can be determined through testing per various ASTM, EN and IEC standards, including: An initial explosivity screening test, which disperses dust samples in a chamber at various concentrations and exposes them to an ignition source, then determines the resulting pressure rise. If the standard pressure rise is by more than a factor of 2, then more detailed testing is indicated. Deflagration index testing (Kst, given in units of bar-m/sec) measures how quickly pressure rises in a closed container when ignited. Kst is used to classify the dust hazard at St. 1, 2 or 3. Kst, of 0-200 is St. 1 (lowest hazard), 201-300 is St. 2 and greater than 300 is St. 3 (highest hazard). However, “low” is deceiving in this context. For example, the Kst of sugar (the dust involved in the serious dust explosion incident mentioned in a previous blog) is about 138. There have been numerous other serious explosion incidents from low Kst dusts as well. OSHA considers a Kst of 1.5 bar-m/sec as the minimum threshold for an explosion. Maximum pressure testing (Pmax, given in units of bar) provides the peak explosion pressure developed by a dust explosion at its optimal concentration. Pmax is helpful in identifying potential worst-case equipment and compartment consequences due to a dust explosion; and is used in vent, explosion panel and explosion containment designs. Minimum explosible concentration testing (MEC, given in g/m3) provides the minimum concentration of a dust that will deflagrate. The MEC is helpful in defining potential damage as well; and is also very useful if a site plans to use concentration control as a safety measure. Minimum ignition energy testing (MIE, given in mJoules) provides the minimum electrical energy stored in a capacitor, which, when discharged, is sufficient to ignite the most ignitable mixture of dust. MIE is useful for evaluating what sources of ignition energy are credible to ignite a dust cloud. One item to be aware of for MIE is that it is typically determined at standard temperature and pressure conditions; and the MIE may be expected to be somewhat lower at higher actual process temperatures. Limiting oxygen concentration testing (LOC, given in vol% O2) provides the minimum concentration of oxygen in a mixture of dust, air and an inert gas that will support combustion. This information is useful when considering the design of explosion prevention systems involving the use of inert gases. Minimum auto-ignition temperature testing (MAIT, degrees C) provides the lowest surface temperature that will auto-ignite a given dust cloud. MAIT is useful for evaluating equipment and process temperatures to minimize the risk of auto-ignition. The remaining parameters are conducted on dust layers or bulk samples rather than dispersed samples: Volume (or bulk) resistivity testing (ohm-m) provides the electrical resistance of a solid material. It is useful when assessing the insulating and electrostatic properties of a material, and hence the potential for a material to generate and retain charge. Higher resistance dusts have the potential for charging during material handling (including loading activity) and releasing electrostatic charges. This is a concern if the energy of the electrostatic charge may exceed the minimum ignition energy for the dust under the operating conditions. Layer (or hot surface) ignition temperature testing (LIT, given in degrees C) provides the lowest surface temperature capable of igniting various thicknesses of a dust layer, such as buildup that could occur in dyers, classifiers, or packaging equipment. LIT is used together with MAIT to evaluate equipment and process temperatures to minimize the risk of auto-ignition in dusty areas and equipment. Time to maximum rate/exothermic reaction at a given temperature testing (usually provided as a set of temperatures and times of interest) is a less obvious concern. Some dusts are capable of self-heating in an exothermic reaction if allowed to persist in a layer above the maximum rate onset temperature for long enough. The maximum rate reaction can produce smoldering, fire and combustion products that can be carried along in a moving particle stream and become a source of ignition. If a dust has this property, it can also cause development of toxic or flammable gases, depending on the process and conveying gas. The information provided through maximum rate testing is highly relevant to cleaning of dust layer buildups, process temperatures, equipment temperatures and housekeeping regimes to minimize dusting around process equipment. The bottom line is that even dusts with weak explosivity and high ignition energy requirements can be dangerous under the right circumstances. The right circumstances include: · Presence of fuel, e.g., combustible dust · Presence of oxygen · An ignition source (including hot surfaces) · Dispersion of the combustible dust · Confinement of the combustible dust cloud The dispersion and confinement factors above are specifically required for dust explosions. Without the presence of confinement, a dust cloud flash fire is possible. There will be more on this topic in this continuing series. Stay tuned! The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood, and no company wants to learn of dust explosion hazards the hard way. How do you know if you have combustible dust hazards present? Screening and testing of a representative sample of the dust for the parameters noted above is the clear answer. This type of testing is available from many reputable labs and suppliers and can even be coordinated on your behalf by reputable process safety consultancies. So What? If you have not previously taken a deep dive into the properties of your particular dust(s) at your site, now would be a good time to do so. If you do not have the right technical expertise in your company to assess dust hazards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to recommend reputable testing labs and to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Stay tuned for more. Future blogs in this series will cover signals that there may be previously unrecognized dust hazards at your site, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. Part 3: Dust Ignition Sources

Is our industry addressing the problems facing it today? We idealize infinitesimally small event rates for highly catastrophic hazards, yet are we any safer? Have we solved the world’s problems? Layers of protection analysis (LOPA) drives hazardous event rates to 10-4 per year or less, yet industry is still experiencing several disastrous events per year. If one estimates 3,000 operating units worldwide and industry experiences approximately 3 major incidents per year, the true industry accident rate is a staggering 3 / 3,000 per year (i.e. 10-3). All the while our LOPA calculations are assuring us we have achieved an event rate of 10-6. Something is not adding up! Rather than fussing over an unobtainable numbers game; wouldn’t it be wiser to address protection layers which are operating below requirements? We are (hopefully) performing audits and assessments on our protection layers and generating findings. Why are we not focusing our efforts on the results of these findings? Instead we demand more bandages (protect layers) for amputated limbs (LOPA scenarios) instead of upgrading those bandages to tourniquets. Perhaps the dilemma is we cannot effectively prioritize our corrective actions based on findings. Likely we have too much information and the real problems are lost in the chaos. What if there was a way to decipher the information overload and visualize the impact of our short comings? Enter Bayes rule to provide a means to visualize findings through a protection layer health meter approach; to prioritize action items and staunch the bleeding. by Keith Brumbaugh Keywords: Bayes, Bayes rule, Bayes theory, LOPA, IPL, SIS, SIF, SIL Calculations, systematic failure, human factors, human reliability, operations, maintenance, IEC 61511, ANSI/ISA 61511, hardware reliability, proven in use, confidence interval, credible range, safety lifecycle, functional safety assessment, FSA stage 4, health meter. Unlock this download by completing the form:

by Mike Scott, P.E., CFSE, aeSolutions Founder This case study will discuss the application of the safety lifecycle as defined by ANSI/ISA 84.00.01‐2004 (IEC 61511 mod) to two single burner multiple fuel boilers. Each boiler is capable of firing natural gas, oil and/or waste gas, in order to supply the plant header with 1,365 psig steam at a maximum capacity of 310,000 lb/hr. The project team included the end client task force at the manufacturing facility, the engineering firm with design/procurement responsibility, the boiler OEM, the burner/gas train OEM, and the safety instrumented system consultant. This paper will cover: the development of a SIS front end loading package the project cost savings realized attributed to following the safety lifecycle the challenges encountered during the design process associated with the implementation of the safety lifecycle across a diverse project team Unlock this download by completing the following form: https://www.aesolutions.com/terms/burner-management-systems

by Rick Hanner Some companies implement intermediate tasks during the analysis and design stages of an IEC/ISA 61511 Lifecycle Project with names such as “IPL Select” or “LOPA Reconciliation”. The result of such studies is often a “refinement” of the control and/or safety system. Examples have ranged from identifying additional final elements to avoid the hazard, eliminating the use of shared instrumentation between protection layers, addressing response time issues, and assessing control system protection layers for full independence of a function against the initiating event and other protection layers. The benefit of such studies is that it’s easier and less expensive to make necessary changes to systems while the design is still on paper. It’s very expensive, and in some cases not even possible, to make design changes after systems have been installed. In the end, it all boils down to people. It is imperative that all personnel be competent in their roles within the Safety lifecycle. New people entering the industry need an opportunity to learn. Yet they need training, mentoring and reviews of their work in order to prevent systematic failures from creeping in and causing accidents. To read more examples of systematic failures throughout the lifecycle, and to learn how to reduce them, read the full paper “Methodologies in Reducing Systematic Failures of Wired IPLs”  by Rick Hanner of aeSolutions and Tab Vestal of Eastman. Process Safety & Risk Management Industrial Safety Instrumented Systems

by Judith Lesslie, CFSE, CSP Those who work in high hazard industries are familiar with the OSHA Process Safety Management (PSM) and EPA Risk Management Plan (RMP) requirements for routine process hazard analyses. Potentially less well known is the variety of additional guidance for specific chemical hazards, such as combustible dusts. Guidance available for assessing the risk of combustible dust incidents is available via OSHA guidance, a national emphasis program (NEP), technical manuals, and interpretation letters; and industry standards for the fundamentals of and prevention of dust explosions. This blog will provide a general overview of combustible dust hazards, including serious past incidents, and provide information on some of the relevant guidance for those who are interested in more information. Future blogs on the subject of combustible dusts will review relevant dust properties, signs that a dust hazard may be present in a process, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. The Challenges Companies handling highly hazardous chemicals (HHC) routinely conduct process hazard analyses (PHAs) and often have internal standards and methods for facilitation involving internal and/or external facilitation. It is less common to encounter PHAs that thoroughly cover dust hazards or company internal standards that address combustible dust hazards. Many companies’ PHAs do not address combustible dust hazards in an organized manner or in a manner that complies with NFPA guidance on dust hazard analyses (DHA) if the hazards are covered at all. Even worse, for processes not subject to the PSM and RMP standards, routine PHAs or DHAs may not be conducted at all. This is a potentially dangerous miss in a variety of manufacturing processes. Why? Because combustible dust explosions are highly credible when processes are not properly safeguarded, with the potential to result in catastrophic events, including loss of lives, serious disabling injuries, environmental damage, and major commercial costs from equipment and building damage and loss of production. Ignition sources range from various types of sparks generated by movement of dust, including via insulated, non-grounded or plastic storage containers; mechanical sparks such as from malfunctioning blowers or “tramp metal” present in the dust-handling process; electrical sparks from equipment malfunctions; and hot surfaces exceeding the auto-ignition temperature of the dust, as may occur with equipment malfunctions or maximum rate/exothermic reaction onset temperatures from product layer buildup. The US Chemical Safety Board (CSB) identified nearly 300 combustible dust incidents between 1980 and 2005, collectively involving 120 deaths, 718 injuries, and major damage to facilities. There are also more recent events. For example, there was a major sugar dust explosion and fire in 2008 at a Georgia sugar mill that resulted in 14 deaths and many serious injuries; and other recent serious incidents in industries as diverse as HHC and non-HHC chemical processes, food waste recycling, wastewater sludge handling, coal dust handling, metal-handling, paper mills, wood chipping and sawmills, and grain handling. Combustible dust explosions have generated substantial regulatory and industry standards activity in recent years resulting in a set of requirements and guidance documents that put users in a much better position to identify, understand and control their combustible dust hazards. Some of the major sources of information include: OSHA Hazard Communication Guidance for Combustible Dusts (OSHA 3371-08), 2009 OSHA Technical Manual – Section IV, Chapter 6, Combustible Dusts, Directive TED-01-00-015, effective date 2/10/2020 OSHA Combustible Dust National Emphasis Program (Reissued) (OSHA CPL 03-00-008), 2008 NFPA 652, Standard on the Fundamentals of Combustible Dust (2019). This document provides combustible dust technical basics, general requirements, hazard identification and other topics; and it directs users to industry/commodity-specific guidance documents, including: NFPA 61, Prevention of Fires and Dust Explosions in Agricultural and Food Processing Facilities, 2020 NFPA 484, Combustible Metals, 2022N FPA 654, Standard for the Prevention of Fire and Dust Explosions from the Manufacturing, Processing, and Handling of Combustible Particulate Solids, 2020 NFPA 664, Prevention of Fires and Explosions in Wood Processing and Woodworking Facilities, 2020 NFPA 68 Standard on Explosion Protection by Deflagration Venting, 2018 NFPA 69 Standard on Explosion Prevention Systems, 2019 NFPA 499, Recommended Practice for the Classification of Combustible Dusts and of Hazardous (Classified) Locations for Electrical Installations in Chemical Process Areas, 2021 FM Global Safety Data pamphlet FM 7-76, Prevention and mitigation of combustible dust explosion and Fire, interim revision 2020 The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood. Even if you have a good-quality PHA, it may not delve deeply enough into the combustible dust topic in accordance with NFPA 652. NFPA 652 states that existing processes and compartments (e.g., building compartments) shall have a completed Dust Hazard Assessment (DHA) by September 7, 2020 (parag. 7.1.1.2) and that the DHA shall be reviewed and updated at least every five years (parag. 7.1.4). Are you in compliance? Are you positive your site is managing its combustible dust risks in all phases of operation well enough to prevent a serious explosion? While this standard is not legally binding at this time, OSHA inspectors have been encouraged to use NFPA standards to identify dust safety issues; and the General Duty clause requires employers to provide a workplace “…free from recognized hazards…”. Lack of a DHA or a poor quality DHA places sites at risk of an OSHA violation under the General Duty Clause. So What? If you have not previously taken a deep dive into the properties and hazards of your particular dust(s) and completed a DHA at your site, now would be a good time to do so. If you do not have the right expertise in your staff to assess dust hazards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Future blogs on the subject of combustible dusts will review important dust testing needs and properties, signs that a dust hazard may be present in a process, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. Part 2: Dust Hazards – Dust Properties and Dust Hazard Signs

Have you ever had the problem of having a perfectly functional BPCS* interlock that you know is highly failure immune, yet when it comes time for the Hazard Analysis, you may only take one credit? Unfortunately, for facilities following the IEC 61511 safety lifecycle, any interlock not designed according to the standard is limited to one risk reduction credit. This can make meeting extremely low total mitigated event likelihood targets (such as 1x10-5 or 1x10-6) exceedingly difficult. ​ What can you do if you do not want to redesign your BPCS interlock to meet the IEC 61511 requirements? The only thing left is to seek out a deviation, though you better have good justification. This case study will examine the approach used for one client to justify two risk reduction credits on their robust BPCS interlock in two basic steps. The first step was to decide a reasonable probability of failure using a Failure Mode and Effects Analysis technique (FMEA). All relevant failure modes including the ubiquitous human component were examined. Next, plant operating history was reviewed and applied in a Bayesian analysis to determine the upper credibility (confidence) limit. The overall FMEA and Bayesian analysis process, including the "why," "how," and results will be provided. ​ As a bonus, the methods used in this case study can be directly translated into a case for Prior Use Justification, data collection, and user-customized and maintained failure rate data. Unlock this download by completing the following form:

by Michael D. Scott, Founder, P.E. & Ken O’Malley, Founder, P.E. ABSTRACT A systematic database approach can be used to design, develop and test a Safety Instrumented System (SIS) using methodologies that are in compliance with the safety lifecycle management requirements specified in ANSI/ISA S84.01. This paper will demonstrate that through a database approach, the design deliverables and system configuration quality are improved and the implementation effort is reduced. KEYWORDS ANSI/ISA S84.01, Safety Instrumented Systems, Safety Instrumented Functions, Safety Integrity Levels, Safety Lifecycle Unlock this download by completing the form: During the SIL Verification process, the type of equipment specified, voting architecture, diagnostics and testing parameters are verified by calculation, producing the Probability of Failure on Demand, and Spurious Trip Rate for each SIF. Additionally, we consider hardware fault tolerance (HFT) required. The SIL Verification calculation Reports are provided from all tools and calculations we perform. A Design Verification Report (DVR) details the calculation parameters, assumptions, limitations, and sources of data for SIL calculations performed. Recommendations for optimized SIF performance (taking into account both safety integrity and spurious trip evaluation), are also reported in this document. aeSolutions' SIS Engineers are trained and experienced in the fundamentals and the advanced parameters of SIL Verification Calculations. Our engineers, many of which have CFSE, CFSP, and ISA84 Expert certifications, work with our clients to evaluate the SIS options for optimized investment.

It is commonly touted that once a plant rationalizes their alarms, they have completed the alarm management lifecycle. Nothing could be further from the truth. So what can an organization do to keep the alarm lifecycle alive and evergreen? Alarm management is the collection of processes and practices for determining, documenting, designing, operating, monitoring, and maintaining alarm systems. It is characterized by design principles including hardware and software design, good engineering practices, and human factors. Tying the alarm management lifecycle into process safety management and other work processes that already exist will help ensure it remains evergreen and delivers the intended benefits. While the integration of these activities will look different for each company, time has shown that success comes most easily when the management of change process, testing and training activities have been integrated into what is already being accomplished. The alarm management lifecycle is essentially a circle; there is no beginning or ending. There are different places an organization may choose to enter it, but the overall lifecycle process never really ends. An organization may have developed a philosophy, rationalized alarms, and implemented them, but that does not mean they have ‘completed’ alarm management. As processes and equipment evolve and change (e.g., removing or introducing equipment, changing flow rates, changing chemicals, etc.), different steps of the lifecycle come back into importance. The goal of alarm management should be to keep the lifecycle updated and evergreen. Integrating the alarm management, functional safety, and cybersecurity lifecycles is a key to success and will help avoid costly rework. There are similarities in all three lifecycles (e.g., asses, implement, operate & maintain phases, management of change, testing and training requirements, etc.). The process hazards analysis (PHA) feeds the other lifecycles. When assessing items in cybersecurity, one is considering scenarios first identified in PHAs. The same is true in alarm management when an alarm is used as a protection layer. A change in one lifecycle may, and most likely will, impact all three lifecycles. Something as minor as altering a chattering alarm (e.g., because its setpoint was too close to a shutdown value) will impact the alarm, the master alarm database, the other lifecycles, and many different process safety information documents. If normalization of deviation is allowed (i.e., not tracking and reviewing the impact of what are believed to be minor changes), alarms will eventually become unrationalized, and things will revert back to their original, un-managed state. To learn more about the ISA 18.2 standard and how to keep the alarm management lifecycle evergreen, read the full paper “Breathing life into the alarm management lifecycle” .

by Melissa Langsdon Ensuring safety is of utmost importance to industries managing hazardous materials and processes. Two crucial regulatory frameworks, the Environmental Protection Agency’s (EPA) Risk Management Program (RMP) rule and the Occupational Safety and Health Administration’s (OSHA) Process Safety Management (PSM) standard, are central to this effort.  For businesses operating in relevant industries, understanding the difference between EPA’s RMP and OSHA’s PSM requirements is essential. In general, PSM was established to protect the workplace inside the facility while RMP implemented to protect the environment and the community outside the facility. To help ensure safe and healthful workplaces, OSHA issued the Process Safety Management of Highly Hazardous Chemicals standard (29 CFR 1910.119), which contains requirements for the management of hazards associated with processes using highly hazardous chemicals (HHCs). The RMP rule, established under the Clean Air Act Amendments of 1990, falls under the purview of the Environmental Protection Agency (EPA) to regulate facilities with threshold quantities of listed regulated substances. The RMP regulations require owners or operators of covered facilities to implement a risk management program and to submit an RMP to EPA. Each standard follows distinct guidelines and protocols to prevent and alleviate the risks linked with hazardous chemicals: Applicability: PSM applies to facilities in various industries where highly hazardous chemicals are handled, stored, processed, or manufactured, such as chemical manufacturing, oil refining, and pharmaceuticals, among others. The regulation applies to any facility where the threshold quantities of listed HHCs are present or has flammable materials, those with a flashpoint below 1000F, above 10,000 lbs onsite and no other exemption applies. RMP applies to facilities that handle specific listed regulated substances above certain threshold quantities. Facilities covered by RMP must prepare a risk management plan, conduct a hazard assessment for potential releases and, in some cases, implement an emergency response program and a prevention program to prevent and mitigate accidental releases of these substances. Program Requirements: Both PSM and RMP have specific requirements for preventing or minimizing the consequences of catastrophic releases.  The requirements for PSM and RMP Prevention Program 3 include elements such as process safety information, process hazard analysis, operating procedures, training, mechanical integrity, management of change, and emergency planning and response. With regard to differences between the regulations, PSM includes a trade secrets element, while RMP does not.  And, unlike PSM, RMP requires the submittal of a Risk Management Plan to EPA and a hazard assessment of the impact of potential releases.  Also, depending on the potential risk posed by the regulated substances onsite, RMP has different program levels (Program 1, 2 and 3) that determine the extent of emergency response and prevention activities required. A site’s RMP program level is determined by the potential for impacts to public receptors from a worst case release, site release history, facility North American Industry Classification System (NAICS) code  and whether the facility is also regulated under the PSM standard. The program levels specify requirements for release case analysis, five year accident history compilation, and type of prevention plan and emergency response program to be implemented, if any. Reporting Requirements: Facilities covered by PSM are required to internally compile and maintain comprehensive process safety information, including data on the chemicals, technology, equipment, and procedures used in the process.  PSM has no external reporting requirements to OSHA but internal requirements for documentation of compliance include process hazard analyses (PHAs) reports, written operating procedures, operator training records, mechanical integrity testing and inspection records, and incident investigation reports. While RMP internal documentation requirements for Program Level 3 prevention programs are almost identical to OSHA PSM requirements, RMP does have additional requirements based on program level determination. Program Levels 1, 2 and 3 must all submit a Risk Management Plan externally to EPA, conduct and document release analysis, prepare a five-year accident history and coordinate with local response agencies.  Program Levels 2 and 3 must also implement a management system, a prevention program and an emergency response program, if applicable. Both PSM and RMP mandates an evaluation every three years to ensure continued compliance. In conclusion, both programs share the overarching goal of safety; they have distinct elements, applicability criteria, and regulatory bodies. It is essential for organizations to navigate these requirements carefully to ensure compliance and, more importantly, to enhance safety for their workers and the surrounding community. PSM RMP Services

We can help you pick up your PHA/LOPA which maybe been put to the side and provide the services to set you up for the safety system design phase. Standard SIS deliverables include the review of specification, confirming that the SIL levels are what they should be, and that the proof testing procedures are correctly documented to support your regular testing intervals. Transcript: "aeSolutions has a full suite of offerings and the safety lifecycle, from the PHA LOPA aspect in the upstream design all the way through into the detailed engineering phase. Our group SIS engineering (Safety Instrumented Systems) sits kind of right in the middle between the two, you have the PHA LOPA upstream and you've got the detailed design downstream. We take what the PHA LOPA outputs. We massage it a little bit to get it into a more meaningful list of safety functions, for example. And then we can take that through the conceptual design phase where it goes into SIL calculations and SRS's and cause and effects and gets that into a into a package that can ultimately be handed downstream into the design phase. Everything we do here is developing standard SIS deliverables by making sure that all the specifications are correct. All the safety integrated levels are what they should be. All the proof testing procedures are correctly documented. So that our clients can have regular testing intervals with the necessary equipment that they need to be testing. One of the things that we've seen a lot of our clients do is they'll do the PHA LOPA and then they'll take that information and they'll essentially file it away and do very little else with that. And one of the challenges that we've seen is the SIS needs to be designed against that document and so we can take that document either from an internal study or from a client and help pick it up and do the rest of the upstream engineering on it. Where we identify, what are your safety functions look like, how many sensors o you have? And get that into a more defined safety function that can ultimately be? Hand it off to the design team. The other aspects that we run into is a lot of times I'll do the front end engineering all the way through. You know, for example an SRS data sheet, but then they don't do things with it and ultimately the intention behind that is not only to use as an operating manual for your safety function, but you also want to use that as the guiding document in the design phase so that you ensure that everything that you're doing in the design. This matches what you intended it to do on the on the front end." PHA LOPA Process Safety