Following on from the first three aeSolutions blogs on the subject of combustible dust concerns, this blog provides another deep dive into the topic. We previously addressed the basic concerns around combustible dusts, many of the standards that address dust hazard guidance, and the properties and testing for combustible dusts; and potential ignition sources. Pt1. ​Do You Know the Basics? Pt2. Dust Properties and Dust Hazard Signs Pt3. Dust Ignition Sources This article will build on those topics to address potential safeguards for dust fires and explosions for both internal and external dust clouds or layers. A later blog in this series will pull it all together and review commonly used dust hazard assessment (DHA) methods. Dust Handling Safeguards As previously described in this series, dust flash fires and explosions can have extremely serious safety, environmental, financial and reputational consequences. As you would expect for any potentially serious process safety consequences, there is a range of possible safeguards including both administrative and engineering controls. Control of ignition sources is the first and most obvious family of safeguards and it includes both administrative and engineering techniques: Proper grounding and bonding of equipment using both the NEC and NFPA 77 (Recommended Practice on Static Electricity) is a fundamental requirement. To provide assurance that the grounding and bonding system remains in good order, a routine ground inspection / assurance program, e.g., grounding system and piping/ducting strap inspection program, should be implemented in accordance with NFPA 654. Temporary grounding arrangements for loading or unloading of dusts require special attention to make sure of the integrity of frequently operated clamps and the operational discipline to use them every single time. For some dusts with low minimum ignition energy, use of personnel grounding may be considered (e.g., static-dissipating shoes and special conductive flooring). Continuing with the engineering controls, proper electrical area classification using the guidance in NFPA 499 (RP for Classification of Combustible Dusts and of Hazardous Locations for Electrical Installations). Proper area classification is important to minimize potential for sparks and to keep equipment surface temperatures below the ignition temperatures for a given dust. One of the most critical aspects of establishing Class II areas for dusts is selection of the temperature class for equipment. It is very important to have firm knowledge of the dust’s minimum auto-ignition temperature (MAIT), layer ignition temperature (LIT), and maximum rate reaction initiation temperature (if applicable) to correctly establish the required temperature class. Minimizing the possibility for equipment to produce sparks due to mechanical malfunctions is another important aspect of ignition control. Mechanical spark sources include equipment parts rubbing together creating friction heat or sparks, bearing failures, lack of lubrication and similar issues. A strong mechanical integrity program in accordance with manufacturer recommendations is important. This includes routine tasks such as a routine lubrication program, power and/or vibration monitoring, and temperature monitoring in some cases. A written program is an important tool to initiate and maintain a strong mechanical integrity program. Keeping stray metal (often called “tramp metal”) out of processing equipment is important due to the potential for mechanical sparking and frictional heating; exclusion of tramp metal may require a combination of administrative and engineering measures. Whenever equipment is opened, there should be a visual inspection just prior to closing to ensure no metal items, such as tools, filings, nuts, etc., are left behind. In some cases, where incursion of metal from upstream sources is credible, filtering prior to during steps is advisable. Control of hot work is a very important administrative tool to minimize the potential for hot work to generate sparks or open flames when dust may be present. NFPA 51B Standard for Fire Prevention During Welding, Cutting, and Other Hot Work is a good resource for hot work program development. An inherently safer method for dust explosion potential is to provide equipment designed for the maximum explosion overpressure (Pmax). Pmax is typically 8-9 times the initial absolute process pressure, so this can be a good solution for cases where the normal process pressure is near atmospheric. Care needs to be taken in consideration of “pressure piling” at interconnected ducting and equipment, since those pressures can be substantial, and it may be impractical to design for the higher pressures that may be expected at interconnected equipment. NFPA 69 Standard on Explosion Prevention Systems includes design information on this topic. A concept called deflagration isolation is sometimes used to prevent propagation of an explosion and the pressure piling at connected equipment that may go with it. Deflagration isolation systems may include rotary valves, flame arrestors, fast acting automatic valves which close on a rapid pressure increase, and others. Reducing the oxygen concentration internal to dust-handling equipment to below the limiting oxygen concentration (LOC) for the dust is a great method to prevent ignition if it is feasible for your system. Many facilities use nitrogen for this purpose and manage the system as safety-critical. If selected, the oxygen concentration of the conveying gas should be specified at a safe margin below the LOC. Somewhat related to control of oxygen content, the concentration of dust may at times also be controlled to significantly below the minimum explosible concentration (MEC) for the dust. Concentration control may not always be practical from a commercial standpoint as it may limit production rates. In cases where the conveying gas is not below the LOC, a mitigating safeguard to quench explosions in progress is sometimes specified. Nitrogen suppression systems will open very quickly based on fast-acting change of pressure switches. A rapid inflow of nitrogen may quench an imminent explosion internal to equipment. Proper sizing, numbers, and locations of the nitrogen cannisters is of crucial importance. The suppression system also has to act faster than the time for the development of the explosion. Specialist personnel should be engaged to handle the detailed design of suppression systems. Deflagration vents are another potential mitigating system which act to reduce the explosion pressure by venting it, similar to a rupture disc. Deflagration vents may be installed on equipment and on buildings where the potential for dust explosions is present. Deflagration vents can be quite large, depending on the application and should be vented to a safe location. NFPA 68 Explosion Protection by Deflagration Venting includes design information on this topic. A buildup of dust layers internal to equipment is a concern due to the potential for high surface temperature or a maximum rate reaction to ignite the layer. The primary control for this concern is an effective manual or automatic cleaning regime in place for equipment subject to internal layer buildup, including routine inspections to verify adequate cleaning. Supervisory signoffs and audits of this activity are also a good practice. External leakage of dust is a concern that needs to be addressed, as it may result in either dust explosions (if leakage is above the minimum explosive concentration (MEC) or dust fires in the case of layer buildups. There is a two-pronged safeguarding approach to address leakage. First is a strong mechanical integrity program which addresses typical leakage points proactively. Second is a strong housekeeping program in which incipient leaks are rapidly addressed, which should be supplemented by a strong routine housecleaning culture which allows for prompt cleanup of leaked dust. Similar to the internal dust layer concern, Supervisory signoffs and audits of housekeeping are also a good practice. The routine review should include all flat surfaces in the facility, including those which may not be perfectly visible, e.g., tops of equipment and tops of structural members. Building fire suppression systems are a sensible precaution to mitigate dust explosion consequences but as they are a post-explosion mitigating system, they are not typically regarded as a strong protection in these cases. The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood, and no company wants to learn of dust explosion hazards the hard way. How do you know if you have sufficient safeguards present for combustible dust hazards at your facility? A Dust Hazard Analysis (DHA) and careful review of the engineering and administrative safeguards in place is the clear answer. So What? If you have not previously taken a deep dive into the safeguards in place for your particular dust(s) ignition sources at your site, now would be a good time to do so. If you do not have the right technical expertise in your company to assess dust hazards, ignition sources and safeguards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to recommend reputable testing labs and to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Stay tuned for more. A later blog in this series will address commonly used dust hazard assessment (DHA) methods.

by Judith Lesslie, CFSE, CSP This is the second in a series. You can find the first here. Following on from the first aeSolutions blog on the subject of the basics of combustible dust concerns, this blog provides a deeper dive into the properties of combustible dusts. It is necessary to first understand your specific dust testing and properties to assess the potential hazards of a given dust handling process. A past blog provided an overview of the generalities of combustible dust hazards, including some serious past incidents, and provided some of the relevant guidance documents for those who are interested in more detailed information. Once the article’s technical basis is understood, future blogs will cover signals that there may be previously unrecognized dust hazards at your site, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. Combustible Dust Properties Technical definitions of combustible dust vary only slightly across industries and agencies. OSHA, for example, defines it as "a solid material composed of distinct particles or pieces, regardless of size, shape, or chemical composition, which presents a fire or deflagration hazard when suspended in air or some other oxidizing medium over a range of concentrations". The NFPA defines it as “a finely divided combustible particulate solid that presents a flash-fire hazard or explosion hazard when suspended in air or the process-specific oxidizing medium over a range of concentrations” (NFPA 652, 2019). The CCPS defines it similarly to the NFPA (CCPS Guidelines for Combustible Dust Hazard Analysis, Wiley, 2017). So what are the parameters of interest when it comes to deciding whether or not a dust presents a combustibility or explosion hazard? There are a number of relevant parameters that can be determined through testing per various ASTM, EN and IEC standards, including: An initial explosivity screening test, which disperses dust samples in a chamber at various concentrations and exposes them to an ignition source, then determines the resulting pressure rise. If the standard pressure rise is by more than a factor of 2, then more detailed testing is indicated. Deflagration index testing (Kst, given in units of bar-m/sec) measures how quickly pressure rises in a closed container when ignited. Kst is used to classify the dust hazard at St. 1, 2 or 3. Kst, of 0-200 is St. 1 (lowest hazard), 201-300 is St. 2 and greater than 300 is St. 3 (highest hazard). However, “low” is deceiving in this context. For example, the Kst of sugar (the dust involved in the serious dust explosion incident mentioned in a previous blog) is about 138. There have been numerous other serious explosion incidents from low Kst dusts as well. OSHA considers a Kst of 1.5 bar-m/sec as the minimum threshold for an explosion. Maximum pressure testing (Pmax, given in units of bar) provides the peak explosion pressure developed by a dust explosion at its optimal concentration. Pmax is helpful in identifying potential worst-case equipment and compartment consequences due to a dust explosion; and is used in vent, explosion panel and explosion containment designs. Minimum explosible concentration testing (MEC, given in g/m3) provides the minimum concentration of a dust that will deflagrate. The MEC is helpful in defining potential damage as well; and is also very useful if a site plans to use concentration control as a safety measure. Minimum ignition energy testing (MIE, given in mJoules) provides the minimum electrical energy stored in a capacitor, which, when discharged, is sufficient to ignite the most ignitable mixture of dust. MIE is useful for evaluating what sources of ignition energy are credible to ignite a dust cloud. One item to be aware of for MIE is that it is typically determined at standard temperature and pressure conditions; and the MIE may be expected to be somewhat lower at higher actual process temperatures. Limiting oxygen concentration testing (LOC, given in vol% O2) provides the minimum concentration of oxygen in a mixture of dust, air and an inert gas that will support combustion. This information is useful when considering the design of explosion prevention systems involving the use of inert gases. Minimum auto-ignition temperature testing (MAIT, degrees C) provides the lowest surface temperature that will auto-ignite a given dust cloud. MAIT is useful for evaluating equipment and process temperatures to minimize the risk of auto-ignition. The remaining parameters are conducted on dust layers or bulk samples rather than dispersed samples: Volume (or bulk) resistivity testing (ohm-m) provides the electrical resistance of a solid material. It is useful when assessing the insulating and electrostatic properties of a material, and hence the potential for a material to generate and retain charge. Higher resistance dusts have the potential for charging during material handling (including loading activity) and releasing electrostatic charges. This is a concern if the energy of the electrostatic charge may exceed the minimum ignition energy for the dust under the operating conditions. Layer (or hot surface) ignition temperature testing (LIT, given in degrees C) provides the lowest surface temperature capable of igniting various thicknesses of a dust layer, such as buildup that could occur in dyers, classifiers, or packaging equipment. LIT is used together with MAIT to evaluate equipment and process temperatures to minimize the risk of auto-ignition in dusty areas and equipment. Time to maximum rate/exothermic reaction at a given temperature testing (usually provided as a set of temperatures and times of interest) is a less obvious concern. Some dusts are capable of self-heating in an exothermic reaction if allowed to persist in a layer above the maximum rate onset temperature for long enough. The maximum rate reaction can produce smoldering, fire and combustion products that can be carried along in a moving particle stream and become a source of ignition. If a dust has this property, it can also cause development of toxic or flammable gases, depending on the process and conveying gas. The information provided through maximum rate testing is highly relevant to cleaning of dust layer buildups, process temperatures, equipment temperatures and housekeeping regimes to minimize dusting around process equipment. The bottom line is that even dusts with weak explosivity and high ignition energy requirements can be dangerous under the right circumstances. The right circumstances include: · Presence of fuel, e.g., combustible dust · Presence of oxygen · An ignition source (including hot surfaces) · Dispersion of the combustible dust · Confinement of the combustible dust cloud The dispersion and confinement factors above are specifically required for dust explosions. Without the presence of confinement, a dust cloud flash fire is possible. There will be more on this topic in this continuing series. Stay tuned! The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood, and no company wants to learn of dust explosion hazards the hard way. How do you know if you have combustible dust hazards present? Screening and testing of a representative sample of the dust for the parameters noted above is the clear answer. This type of testing is available from many reputable labs and suppliers and can even be coordinated on your behalf by reputable process safety consultancies. So What? If you have not previously taken a deep dive into the properties of your particular dust(s) at your site, now would be a good time to do so. If you do not have the right technical expertise in your company to assess dust hazards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to recommend reputable testing labs and to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Stay tuned for more. Future blogs in this series will cover signals that there may be previously unrecognized dust hazards at your site, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. Part 3: Dust Ignition Sources

by Rick Hanner Some companies implement intermediate tasks during the analysis and design stages of an IEC/ISA 61511 Lifecycle Project with names such as “IPL Select” or “LOPA Reconciliation”. The result of such studies is often a “refinement” of the control and/or safety system. Examples have ranged from identifying additional final elements to avoid the hazard, eliminating the use of shared instrumentation between protection layers, addressing response time issues, and assessing control system protection layers for full independence of a function against the initiating event and other protection layers. The benefit of such studies is that it’s easier and less expensive to make necessary changes to systems while the design is still on paper. It’s very expensive, and in some cases not even possible, to make design changes after systems have been installed. In the end, it all boils down to people. It is imperative that all personnel be competent in their roles within the Safety lifecycle. New people entering the industry need an opportunity to learn. Yet they need training, mentoring and reviews of their work in order to prevent systematic failures from creeping in and causing accidents. To read more examples of systematic failures throughout the lifecycle, and to learn how to reduce them, read the full paper “Methodologies in Reducing Systematic Failures of Wired IPLs”  by Rick Hanner of aeSolutions and Tab Vestal of Eastman. Process Safety & Risk Management Industrial Safety Instrumented Systems

by Judith Lesslie, CFSE, CSP Those who work in high hazard industries are familiar with the OSHA Process Safety Management (PSM) and EPA Risk Management Plan (RMP) requirements for routine process hazard analyses. Potentially less well known is the variety of additional guidance for specific chemical hazards, such as combustible dusts. Guidance available for assessing the risk of combustible dust incidents is available via OSHA guidance, a national emphasis program (NEP), technical manuals, and interpretation letters; and industry standards for the fundamentals of and prevention of dust explosions. This blog will provide a general overview of combustible dust hazards, including serious past incidents, and provide information on some of the relevant guidance for those who are interested in more information. Future blogs on the subject of combustible dusts will review relevant dust properties, signs that a dust hazard may be present in a process, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. The Challenges Companies handling highly hazardous chemicals (HHC) routinely conduct process hazard analyses (PHAs) and often have internal standards and methods for facilitation involving internal and/or external facilitation. It is less common to encounter PHAs that thoroughly cover dust hazards or company internal standards that address combustible dust hazards. Many companies’ PHAs do not address combustible dust hazards in an organized manner or in a manner that complies with NFPA guidance on dust hazard analyses (DHA) if the hazards are covered at all. Even worse, for processes not subject to the PSM and RMP standards, routine PHAs or DHAs may not be conducted at all. This is a potentially dangerous miss in a variety of manufacturing processes. Why? Because combustible dust explosions are highly credible when processes are not properly safeguarded, with the potential to result in catastrophic events, including loss of lives, serious disabling injuries, environmental damage, and major commercial costs from equipment and building damage and loss of production. Ignition sources range from various types of sparks generated by movement of dust, including via insulated, non-grounded or plastic storage containers; mechanical sparks such as from malfunctioning blowers or “tramp metal” present in the dust-handling process; electrical sparks from equipment malfunctions; and hot surfaces exceeding the auto-ignition temperature of the dust, as may occur with equipment malfunctions or maximum rate/exothermic reaction onset temperatures from product layer buildup. The US Chemical Safety Board (CSB) identified nearly 300 combustible dust incidents between 1980 and 2005, collectively involving 120 deaths, 718 injuries, and major damage to facilities. There are also more recent events. For example, there was a major sugar dust explosion and fire in 2008 at a Georgia sugar mill that resulted in 14 deaths and many serious injuries; and other recent serious incidents in industries as diverse as HHC and non-HHC chemical processes, food waste recycling, wastewater sludge handling, coal dust handling, metal-handling, paper mills, wood chipping and sawmills, and grain handling. Combustible dust explosions have generated substantial regulatory and industry standards activity in recent years resulting in a set of requirements and guidance documents that put users in a much better position to identify, understand and control their combustible dust hazards. Some of the major sources of information include: OSHA Hazard Communication Guidance for Combustible Dusts (OSHA 3371-08), 2009 OSHA Technical Manual – Section IV, Chapter 6, Combustible Dusts, Directive TED-01-00-015, effective date 2/10/2020 OSHA Combustible Dust National Emphasis Program (Reissued) (OSHA CPL 03-00-008), 2008 NFPA 652, Standard on the Fundamentals of Combustible Dust (2019). This document provides combustible dust technical basics, general requirements, hazard identification and other topics; and it directs users to industry/commodity-specific guidance documents, including: NFPA 61, Prevention of Fires and Dust Explosions in Agricultural and Food Processing Facilities, 2020 NFPA 484, Combustible Metals, 2022N FPA 654, Standard for the Prevention of Fire and Dust Explosions from the Manufacturing, Processing, and Handling of Combustible Particulate Solids, 2020 NFPA 664, Prevention of Fires and Explosions in Wood Processing and Woodworking Facilities, 2020 NFPA 68 Standard on Explosion Protection by Deflagration Venting, 2018 NFPA 69 Standard on Explosion Prevention Systems, 2019 NFPA 499, Recommended Practice for the Classification of Combustible Dusts and of Hazardous (Classified) Locations for Electrical Installations in Chemical Process Areas, 2021 FM Global Safety Data pamphlet FM 7-76, Prevention and mitigation of combustible dust explosion and Fire, interim revision 2020 The Stakes Do you handle potentially combustible dusts at your site? It is difficult to adequately control a hazard that is not well-understood. Even if you have a good-quality PHA, it may not delve deeply enough into the combustible dust topic in accordance with NFPA 652. NFPA 652 states that existing processes and compartments (e.g., building compartments) shall have a completed Dust Hazard Assessment (DHA) by September 7, 2020 (parag. 7.1.1.2) and that the DHA shall be reviewed and updated at least every five years (parag. 7.1.4). Are you in compliance? Are you positive your site is managing its combustible dust risks in all phases of operation well enough to prevent a serious explosion? While this standard is not legally binding at this time, OSHA inspectors have been encouraged to use NFPA standards to identify dust safety issues; and the General Duty clause requires employers to provide a workplace “…free from recognized hazards…”. Lack of a DHA or a poor quality DHA places sites at risk of an OSHA violation under the General Duty Clause. So What? If you have not previously taken a deep dive into the properties and hazards of your particular dust(s) and completed a DHA at your site, now would be a good time to do so. If you do not have the right expertise in your staff to assess dust hazards, consider selecting a process safety consultancy with deep experience and expertise to assist you. Their range of experience enables assessors to share the general and specific methods proven to minimize dust explosion hazards across industry. This independence from the site and company has the best probability of a careful assessment with fresh eyes on the relevant critical systems and leads to more efficient compliance with the necessary standards. Future blogs on the subject of combustible dusts will review important dust testing needs and properties, signs that a dust hazard may be present in a process, common ignition sources and safeguards, and potential dust hazard assessment (DHA) methods. Part 2: Dust Hazards – Dust Properties and Dust Hazard Signs

It is commonly touted that once a plant rationalizes their alarms, they have completed the alarm management lifecycle. Nothing could be further from the truth. So what can an organization do to keep the alarm lifecycle alive and evergreen? Alarm management is the collection of processes and practices for determining, documenting, designing, operating, monitoring, and maintaining alarm systems. It is characterized by design principles including hardware and software design, good engineering practices, and human factors. Tying the alarm management lifecycle into process safety management and other work processes that already exist will help ensure it remains evergreen and delivers the intended benefits. While the integration of these activities will look different for each company, time has shown that success comes most easily when the management of change process, testing and training activities have been integrated into what is already being accomplished. The alarm management lifecycle is essentially a circle; there is no beginning or ending. There are different places an organization may choose to enter it, but the overall lifecycle process never really ends. An organization may have developed a philosophy, rationalized alarms, and implemented them, but that does not mean they have ‘completed’ alarm management. As processes and equipment evolve and change (e.g., removing or introducing equipment, changing flow rates, changing chemicals, etc.), different steps of the lifecycle come back into importance. The goal of alarm management should be to keep the lifecycle updated and evergreen. Integrating the alarm management, functional safety, and cybersecurity lifecycles is a key to success and will help avoid costly rework. There are similarities in all three lifecycles (e.g., asses, implement, operate & maintain phases, management of change, testing and training requirements, etc.). The process hazards analysis (PHA) feeds the other lifecycles. When assessing items in cybersecurity, one is considering scenarios first identified in PHAs. The same is true in alarm management when an alarm is used as a protection layer. A change in one lifecycle may, and most likely will, impact all three lifecycles. Something as minor as altering a chattering alarm (e.g., because its setpoint was too close to a shutdown value) will impact the alarm, the master alarm database, the other lifecycles, and many different process safety information documents. If normalization of deviation is allowed (i.e., not tracking and reviewing the impact of what are believed to be minor changes), alarms will eventually become unrationalized, and things will revert back to their original, un-managed state. To learn more about the ISA 18.2 standard and how to keep the alarm management lifecycle evergreen, read the full paper “Breathing life into the alarm management lifecycle” .

by Melissa Langsdon Ensuring safety is of utmost importance to industries managing hazardous materials and processes. Two crucial regulatory frameworks, the Environmental Protection Agency’s (EPA) Risk Management Program (RMP) rule and the Occupational Safety and Health Administration’s (OSHA) Process Safety Management (PSM) standard, are central to this effort.  For businesses operating in relevant industries, understanding the difference between EPA’s RMP and OSHA’s PSM requirements is essential. In general, PSM was established to protect the workplace inside the facility while RMP implemented to protect the environment and the community outside the facility. To help ensure safe and healthful workplaces, OSHA issued the Process Safety Management of Highly Hazardous Chemicals standard (29 CFR 1910.119), which contains requirements for the management of hazards associated with processes using highly hazardous chemicals (HHCs). The RMP rule, established under the Clean Air Act Amendments of 1990, falls under the purview of the Environmental Protection Agency (EPA) to regulate facilities with threshold quantities of listed regulated substances. The RMP regulations require owners or operators of covered facilities to implement a risk management program and to submit an RMP to EPA. Each standard follows distinct guidelines and protocols to prevent and alleviate the risks linked with hazardous chemicals: Applicability: PSM applies to facilities in various industries where highly hazardous chemicals are handled, stored, processed, or manufactured, such as chemical manufacturing, oil refining, and pharmaceuticals, among others. The regulation applies to any facility where the threshold quantities of listed HHCs are present or has flammable materials, those with a flashpoint below 1000F, above 10,000 lbs onsite and no other exemption applies. RMP applies to facilities that handle specific listed regulated substances above certain threshold quantities. Facilities covered by RMP must prepare a risk management plan, conduct a hazard assessment for potential releases and, in some cases, implement an emergency response program and a prevention program to prevent and mitigate accidental releases of these substances. Program Requirements: Both PSM and RMP have specific requirements for preventing or minimizing the consequences of catastrophic releases.  The requirements for PSM and RMP Prevention Program 3 include elements such as process safety information, process hazard analysis, operating procedures, training, mechanical integrity, management of change, and emergency planning and response. With regard to differences between the regulations, PSM includes a trade secrets element, while RMP does not.  And, unlike PSM, RMP requires the submittal of a Risk Management Plan to EPA and a hazard assessment of the impact of potential releases.  Also, depending on the potential risk posed by the regulated substances onsite, RMP has different program levels (Program 1, 2 and 3) that determine the extent of emergency response and prevention activities required. A site’s RMP program level is determined by the potential for impacts to public receptors from a worst case release, site release history, facility North American Industry Classification System (NAICS) code  and whether the facility is also regulated under the PSM standard. The program levels specify requirements for release case analysis, five year accident history compilation, and type of prevention plan and emergency response program to be implemented, if any. Reporting Requirements: Facilities covered by PSM are required to internally compile and maintain comprehensive process safety information, including data on the chemicals, technology, equipment, and procedures used in the process.  PSM has no external reporting requirements to OSHA but internal requirements for documentation of compliance include process hazard analyses (PHAs) reports, written operating procedures, operator training records, mechanical integrity testing and inspection records, and incident investigation reports. While RMP internal documentation requirements for Program Level 3 prevention programs are almost identical to OSHA PSM requirements, RMP does have additional requirements based on program level determination. Program Levels 1, 2 and 3 must all submit a Risk Management Plan externally to EPA, conduct and document release analysis, prepare a five-year accident history and coordinate with local response agencies.  Program Levels 2 and 3 must also implement a management system, a prevention program and an emergency response program, if applicable. Both PSM and RMP mandates an evaluation every three years to ensure continued compliance. In conclusion, both programs share the overarching goal of safety; they have distinct elements, applicability criteria, and regulatory bodies. It is essential for organizations to navigate these requirements carefully to ensure compliance and, more importantly, to enhance safety for their workers and the surrounding community. PSM RMP Services

We can help you pick up your PHA/LOPA which maybe been put to the side and provide the services to set you up for the safety system design phase. Standard SIS deliverables include the review of specification, confirming that the SIL levels are what they should be, and that the proof testing procedures are correctly documented to support your regular testing intervals. Transcript: "aeSolutions has a full suite of offerings and the safety lifecycle, from the PHA LOPA aspect in the upstream design all the way through into the detailed engineering phase. Our group SIS engineering (Safety Instrumented Systems) sits kind of right in the middle between the two, you have the PHA LOPA upstream and you've got the detailed design downstream. We take what the PHA LOPA outputs. We massage it a little bit to get it into a more meaningful list of safety functions, for example. And then we can take that through the conceptual design phase where it goes into SIL calculations and SRS's and cause and effects and gets that into a into a package that can ultimately be handed downstream into the design phase. Everything we do here is developing standard SIS deliverables by making sure that all the specifications are correct. All the safety integrated levels are what they should be. All the proof testing procedures are correctly documented. So that our clients can have regular testing intervals with the necessary equipment that they need to be testing. One of the things that we've seen a lot of our clients do is they'll do the PHA LOPA and then they'll take that information and they'll essentially file it away and do very little else with that. And one of the challenges that we've seen is the SIS needs to be designed against that document and so we can take that document either from an internal study or from a client and help pick it up and do the rest of the upstream engineering on it. Where we identify, what are your safety functions look like, how many sensors o you have? And get that into a more defined safety function that can ultimately be? Hand it off to the design team. The other aspects that we run into is a lot of times I'll do the front end engineering all the way through. You know, for example an SRS data sheet, but then they don't do things with it and ultimately the intention behind that is not only to use as an operating manual for your safety function, but you also want to use that as the guiding document in the design phase so that you ensure that everything that you're doing in the design. This matches what you intended it to do on the on the front end." PHA LOPA Process Safety

By Rick Hanner (CFSE, ISA 84 Ex.) & Keith Brumbaugh (CFSE, PE) This blog post will examine the concept of taking proof test credit for an unplanned shutdown in order to delay a Safety Instrumented Function (SIF) proof testing deadline. If scheduled outages go according to plan, this is unnecessary; however, when an outage gets postponed, credit for the unplanned trip may be needed to confirm the SIF still achieves its target risk reduction. Safety Instrumented Functions (SIFs) are required to be proof tested at specific intervals (expressed in months or years) in order to justify the calculated probability of failure on demand. Proof tests are performed to detect dangerous covert failures, which can render the SIF inoperable when it is most needed during a hazardous event. These proof tests are given a specified amount of coverage expressed as a percent of the dangerous failures detected vs total failures (detected and undetected). A proof test is typically undertaken during scheduled plant outages (for example, a turnaround). Unfortunately, the timing of an outage often shifts due to external circumstances. If the calculated SIF proof test interval is equal to the outage timing, then delaying an outage could result in a SIF that is no longer meeting its calculated probability of failure on demand. If the delay is long enough, the SIF could potentially fall below its performance target. This could result in the plant operating with an unmitigated risk gap. The concept of taking credit for an unplanned shutdown boils down to the fact that during an unplanned shutdown, all devices will typically trip and move to their safe state. This would apply to almost any SIF’s final elements (typically a valve or a pump). Using valves for example, many SIF valves are fail closed. If the air is vented from the actuator, or if the power is removed, the valve should close. If a final element is able to transition from the operating state to the safe state, and the transition can be proven, this is proof of the final element’s ability to function on demand. This actuation can be assigned appropriate coverage credit, and the credit can be applied to satisfy part of the SIF proof testing requirements, allowing for a delay in the full proof test. What devices can we take credit for? When determining what devices to credit in a trip, we need to examine what sensors, logic solvers, and final elements were involved. The first question we want to answer is what caused the trip: the SIF sensor or something else? For the logic solver, we need to determine how the trip was commanded. For the final element, we need to figure out what moved (or stopped moving). Typically SIF sensors will not be demanded during an unplanned shutdown. These devices are monitoring for a process upset. Unless the source of the unplanned shutdown was due to a process excursion involving the actual SIF, then the SIF sensor will be reading normal during the trip. Consequently, there would be no proof of the successful function of the sensor. Fortunately, this is not typically an issue as sensors are rarely the driving factor in a SIL calculation. For final elements such as valves, the valve body can almost always receive credit as long as it moved. The actuator, solenoid, and positioner will need a closer look, as well as the mechanism performing the trip of the valve. The user needs to consider what form of actuator and solenoid (or other positioner) was involved in the trip. This particularly makes a difference when a smart SIL-certified positioner is used rather than a solenoid. If the SIS logic did not demand the trip, it is possible the solenoid never moved and thus would not receive credit. On the other hand, when a valve uses a SIL-certified positioner, these are often driven to 0% during a shutdown by either the SIS logic solver, or even requested by the BPCS logic solver. Solenoids and positioners operate differently, so moving a positioner is not the same as breaking the circuit of a solenoid. The same concepts apply for other types of final elements. For example, for equipment driven by a motor, we need to figure out if the motor was stopped by the SIF relay or a BPCS relay. How much credit can we take? The next important question we need to answer is how much coverage credit we can take. Crediting the equivalent of a full stroke proof test is not recommended for an unplanned shutdown. In SIL calculations for valves, varying amounts of credit are given depending on whether you are performing a full stroke test or a partial stroke test, with the amount of credit determined by the robustness of the test. For example, a full stroke proof test could provide 90% proof test coverage, particularly if a leak test is performed. A partial stroke test might give 60% credit for moving the valve a minimal amount closed and then back open within a few seconds. As it can be reasoned, the partial stroke would detect only a subset of the failures that would be detected by the full stroke proof test. Because the partial stroke test only strokes the valve a portion of the total travel possible (and doesn’t fully close it), the partial stroke test would tell nothing about the integrity of the valve seat and associated leakage. The amount of credit possible due to an unplanned trip will not be the same as a full stroke proof test credit. The practitioner would need to examine what portion of failures would be detected during an unplanned trip (much like the partial stroke test). For example, the practitioner might assume the valve moved from the unsafe state to the safe state during the shutdown, but this would need proven. They might look to see if there is valve position feedback, including possibly a physical valve inspection at the time of the trip. If the practitioner does not have any indication that the valve moved, then it’s not possible to say the valve actually did. It is possible some other equipment brought the process to the safe state independent of the valve. Without feedback of the actual valve, the practitioner will never know if the valve actually moved. For motor driven equipment, positive indication of motor stoppage should be examined. For other types of final elements, such as electrostatic precipitators, credit for an unplanned trip requires verification by other means. Other Considerations Finally, we should confirm our devices are still operating within their design parameters (e.g. have they exceeded their manufacturer recommended replacement interval). Useful life is typically provided by the device vendor and has various connotations, one of which is how long a device’s failure rates are considered valid. If useful life is exceeded, the device may no longer have the same failure rate assumed in the SIL calculation. Useful life is typically longer than the proof test interval, and it becomes more relevant to this discussion as the devices ages. If the useful life will be expended by the next planned test, and the credit for the unplanned shutdown will push the turnaround beyond the useful life, then the device should be replaced during the unplanned shutdown. In summary, credit can be taken for an unplanned shutdown, but there must be careful consideration of the circumstances and justification. A primary concern in this process is that over crediting the test can lead to non-conservative results and additional risk. The practitioner must understand the mechanics of the unplanned shutdown to ensure appropriate credit is taken.

by Tom McGreevy, PE, PMP, CFSE, CAP Congratulations! You’ve been assigned a project to replace your plant’s control system. Perhaps, rather than being in a congratulatory mood, you’re thinking, “What did I do to deserve this?”. Both feelings are understandable – a control system replacement project can be, at the same time, a rewarding, hugely beneficial business and career opportunity and an extremely stressful, sometimes thankless, and even less than fully successful experience. This is the initial installment in a series on control system migrations starting with the most common first step in any such project: Building a financial justification. The first thing most people consider when contemplating a major investment, whether it be in one’s work life or at home, is “How much is it going to cost?”. Of equal importance should be “How much will it save us in the long run?”. A well-developed financial justification, also commonly referred to as a “business case”, will evaluate both the cost and the benefits over the expected useful lifetime of the system. How Much Will It Cost? Developing a cost estimate should be an iterative process, starting with a relatively high-level cost estimate in the earliest stage of project consideration. The initial investment must be estimated, and the annual cost of maintaining the system must be included, to develop a total life-cycle cost. Let’s consider the initial investment, the “capital outlay,” and the annual costs, the “maintenance costs,” for the life of the new system: Total Life-cycle Cost = Capital Outlay + Annual Maintenance Costs Capital Outlay The initial capital investment can, in the earliest stage of the project, be estimated in a number of ways prior to having a fully detailed project scope: Parametric: Estimate based on key parameters inherent to the system. For a control system this could be “per I/O point” or “per tag." Configuration costs could perhaps be estimated on a “per line of code” basis or “number of system graphics” basis. Analogous: Estimating the proposed project based on a similar past project, with adjustments made for known scope, size, and time since the past project was completed. Actual Costs: Similar to an analogous estimate, but applicable if a very similar, very recent project has been completed. Other cost estimating techniques, most commonly the Bottoms Up Engineering Estimate, are typically not practical in the early stage of a project, as the full scope and associated design deliverables are typically not yet developed. However, this method is commonly used for final capital expenditure approval and is typically shown as a +/-10% number. Annual Maintenance Costs Depending on your organization’s accounting methods, some of the costs normally classified as “maintenance costs” can be initially capitalized and included in the capital outlay estimate. However, from the point where the asset becomes utilized, annual maintenance and upkeep costs are typically expensed by the business. These costs must be estimated over the assumed lifetime of the asset. Your organization may have reasonably good historical records of such costs, and you may be able to get assistance from systems integrators or vendors for costs such as: Annual license updates Minor to major system upgrades Spare parts Operator and Maintenance Technician training Preventive maintenance Another key annual cost to be considered is the annual cost of system downtime: or the number of hours per year that the system is not available to support production. Given that it will be a new system, this should be a very small percentage of hours on an annual basis. However, to consider 100% availability is simply not realistic, so consider the Availability carefully. In a very large facility such as a refinery, even a 99.99% availability can have significant cost implications. Early-stage cost estimates should not be touted as having high levels of accuracy – typically +/- 50% at first look. A word of caution: Upper management may latch on to the first number as a “Not to Exceed” (NTE) – judicious communication that there is both a “+” and a “-“in front of the number is recommended. Your business may operate in such a way that the number should be advertised as an NTE, in which case, err on the conservative side. If your project is executed in a stage/gate manner, which is highly recommended, you’ll have ample opportunity to sharpen and optimize the cost estimate as the scope is refined. How Much Will We Save? Now that you have a cost estimate, you need to evaluate the other part of the $ equation: How much will the new system save us? The difficulty of developing this number can range from relatively easy to very difficult. Perhaps your existing system has suffered a failure that directly resulted in very real costs to your organization, and you know this number only too well. You are fortunate to have this cost available, as it is likely well-known to management, and they are chomping at the bit to avoid a repeat performance. If this is the case, strike while the iron is hot! Often, however, your system has had less significant failures or “near misses” that, through perhaps heroic efforts, your team was able to ride through to keep production up. In such cases, estimating the cost of a “what-if” scenario is necessary. Working with your operations & business departments can usually result in reasonable estimates of both direct and opportunity costs that can be developed into an overall cost avoidance number. Failures in a “Sold Out” production mode are often the difference between successful and unsuccessful financial justification. Annual maintenance and upkeep costs are hopefully available, and it is very common that, for older systems, these costs are known and have been increasing. Other annual upkeep costs are not so easy to estimate. You may have older employees who have operated and maintained the system for years and are close to retirement. It can be very challenging to pass this know-how and experience, much of which may be “institutional knowledge”, to new employees. Many factors, including legacy, proprietary protocols, poorly documented control system logic, and even “black box” components that are poorly understood or simply no longer available to purchase, have associated upkeep or loss costs. The team should make attempts to develop estimates of annualized costs for these other factors to capture the overall “How Much Can We Save” part of the equation. Similar to annualized upkeep costs for the new system, the “How Much Can We Save” number is typically spread over the assumed lifetime of the new asset, using an annualized assumed risk of realizing one or more assumed failures. Armed now with both “How Much Will It Cost?” and “How Much Can We Save?”, these numbers can be analyzed in a number of ways to arrive at a net financial justification. Common methods include: Return On Investment (ROI): How many years will it take to break even on the initial capital outlay? The smaller the number, the more attractive the investment. Operating Expense: What is the net impact on annual expenses to maintain the system? Net Present Value (NPV): An objective calculation of the net positive (or negative) value, today, of the project, looking at its entire lifespan. The higher the number, the more attractive the investment. Internal Rate of Return (IRR): An alternate view of the relative attractiveness of the investment, also looking at the entire lifespan. The higher, the better. Your organization may use one or more of these techniques. Many companies have minimum acceptable investment criteria for project approval. Some events and their associated costs can be very challenging, sensitive, and proprietary to estimate. Consider the cost to the business of a fatality that can be attributed to a system failure. Some organizations will avoid estimating such a cost altogether, and simply use a risk matrix methodology to justify a project. This is typically done by looking at “Where are we now?” on the risk matrix, compared to “Where does the new system get us?”. Typically, a new control system, or perhaps a new Safety Instrumented System, can result in an estimated risk reduction of two orders of magnitude. A risk matrix system can also be used for environmental or business reputation evaluations as an alternative method for justifying a new control system. Project Scope In order to develop your first business case, you need to have at least a preliminary project scope from which to form a cost basis. It is highly recommended that you formally document your Basis of Estimate in parallel with your financial justification and be prepared to defend it as it goes through the approval process. Building a financial justification for a control system migration or upgrade project is the first step in developing a solid, executable plan. This plan, if appropriately risk-based, will increase the likelihood of success, resulting in a positive project experience. Additionally, it can contribute to the creation of a valuable new asset that helps realize your organization’s business goals in a safe and reliable manner.

Engineers Week was established in 1951 as a way to promote a diverse and well-educated future engineering workforce by increasing understanding of and interest in engineering and technology careers. Each year, aeSolutions celebrates Engineers Week by hosting fun activities for our employees, and by sharing resources and stories that highlight how engineers – and engineering companies – make a difference in our world. This year we asked our employees a series of questions related to engineering and engineering companies as a career choice. We’ll be share some of their answers over the course of Engineers Week, which runs from February 18-23. These questions focus on why our employees chose engineering as a career, and the impact they believe that has had on their communities. Why did you choose engineering as a career path? Solving problems.  I am not a fan of puzzles. Someone else has determined the final outcome before you have started.  Solving a problem is gathering information and creating a solution that can be presented to a team or client for further refinement.  – Andy G. I was a single-parent and needed a career that would enable me to support my two daughters and myself. I had worked in retail, restaurant, and banking industries and I was bored working at a bank. I attended a course at a community college called, Women In Transition. This program used various tests and tools to research what career would be a good fit. I learned I had similar interests with engineers and military officers. Since military was not an option for me. It was a matter of which discipline to pursue.  I learned how to obtain scholarships, and quit my banking job to purse an engineering degree.  Once I took General Chemistry, I knew Chemical Engineering was the path for me. – Kelly J. My high school guidance counselor suggested engineering because I was taking three math electives at the time. At the time, I really did not know what engineers do. – Ken O. I did well in math and science in school and had two relatives in engineering who encouraged me to consider chemical engineering as a career.  One was a chemical engineer who was head of nuclear safety at Oak Ridge Laboratory and the other developed nuclear weapons integrity tests at Sandia Laboratory in New Mexico.  They always had interesting experiences to relate about their jobs, so I decided before I ever entered high school to follow them into engineering as a career. – Melissa L. I've always loved tackling the unique challenges that engineering can throw at you. – Joel R. How would you describe the impact that your choice to go into engineering as a career has had on your community? I have an amazing ability to fix stuff that most neighbors pay others to fix or throw it away.   I was extremely valuable to all three sons as a consultant for their science fairs.  My Den and Boy Scouts knew more about electricity, electronics and electromagnetism than most middle school science teachers.   I can tutor students in Calculus, Chemistry, Physics, etc.  – Tom M. Over a 35+ year career, I would like to think that many of the projects that I have worked on have provided a safer work environment for many and provided clients with the means to conserve capital. – Andy G. My children learned you can do anything if you never give up. I worked on campus as a tutor and professor assistant, including volunteering for campus activities.  We were engaged in the local community through the colleges I attended. I taught my girls civic engagement and obligations are part of who we are.  I became an Engineering Ambassador visiting high schools to encourage students to study engineering at Texas Tech University.  It would be fun to learn, what great things the students have accomplished that I encouraged to pursue engineering. – Kelly J. My engineering training helped me build problem scoping and solving skills. In my community such as at church and in different organizations that I belong to, I have a reputation for being a quick problem solver. – Ken O. I hope I've had a hand in keeping Chemical plants a little safer over the years, ensuring they are meeting all required regulations. I also hope I've encouraged other young woman to join math/science fields through career shows at the local high schools. – Carolyn B. I have tried to promote engineering in a small way by discussing my experiences with friends' children who were considering majoring in engineering and in participating in career days/science fairs at local schools.  Kids do not often have a lot of exposure to engineering as a career choice or understand exactly what engineers do. – Melissa L. I believe that through my efforts the many plants I have worked in have become safer places to work and safer for the communities around them. – Kelvin S. I have worked in several different industries and contributed to their manufacturing processes to ensure they stay running, such as power and mining, both of which are used in goods for services people use. – Mark S.

Engineers Week was established in 1951 as a way to promote a diverse and well-educated future engineering workforce by increasing understanding of and interest in engineering and technology careers. Each year, aeSolutions celebrates Engineers Week by hosting fun activities for our employees and by sharing resources and stories that highlight how engineers – and engineering companies – make a difference in our world. This year we asked our employees a series of questions related to engineering and engineering companies as a career choice. We’ll be sharing some of their answers over the course of Engineers Week, which runs from February 18-23. Today’s question focuses on advice our team members would give. What advice would you give to someone considering a career in the engineering fields? You'll never or rarely be unemployed. You probably won't get rich, but you can live a comfortable life and have fun work.  Also, if you cannot otherwise hunt or aren't trained in paramilitary operations, being a good engineer will ensure you are a valuable asset to any number of tribes or gangs when the inevitable Zombie Apocalypse happens.  I mean, even Negan would have really loved a guy who could make electricity from parts found in a junk yard. – Tom M. If a person is looking at a career in engineering or design, learn the basics, get a grasp on newer technology and be willing to learn from those with the experience. – Andy G. You can do it, just be tenacious with your learning.  This includes a strong component in communication skills, verbal and written.  Most engineers hate writing because they love the sciences and math.  If you can't sell your solution ideas or document how you got to the idea, then no one benefits. – Kelly J. As an engineer, early in my career, I believed that with the right technical solution all problems could be overcome, that the "wisdom" of a solution would win the day. Since then, I have learned that people must be met where they are. Invest the time to understand what is motivating them, what is important to them. Deliberately seek this information from them. Express a willingness to understand and to compromise. This takes time and patience but it's the only way that I have found to achieve sustainable change. – Ken O. You don't have to be the smartest one in the room. You just have to want it the most and never give up on your goals. Once you become an engineer, the jobs are extremely varied and you can find your passion. – Carolyn B. If you choose engineering as your career, your education will give you many job opportunities whether you end up working as an engineer or not.  A solid background in math and science can be used as a springboard for many types of positions i.e. teaching, medical technology, business etc. – Melissa L. If you are considering an engineering degree, be the best you can be to help others for now and in the future. What you design can have lasting impacts on many people. – Kelvin S. Look at all the possible fields in which you can apply an engineering degree. I was convinced I HAD to work in gas and petroleum with my degree, and I am glad I was able to avoid that. – Ethan W. Be prepared to be challenged and dedicated to your work. – Mark S. I'd advise them to study hard and be ready for difficult, yet interesting, challenges. – Joel R.

aeSolutions Panel Fabrication Shop Celebrates Safety Award Recognition Greenville, South Carolina, USA – May 20, 2016 – For the second year in a row, the South Carolina Chamber of Commerce has recognized aeSolutions with its Commendation of Excellence award. The award, presented by the Chamber’s Safety, Health and Security Committee, recognizes South Carolina Chamber members with a successful workplace safety record during 2015. The Chamber’s annual Safety Awards recognize companies and their employees who have had a commendable Lost Workday Case Rate during the calendar year. Recognized companies are committed to the health and safety of their employees. Both of aeSolutions’ South Carolina locations received awards. aeSolutions – Corporate occupies a 24,000 sq. ft. office space in Greenville, South Carolina. Their Merovan location’s 14,000 sq. ft. complete panel fabrication facility manufactures and ships large control panel systems to clients across the United States. “Safety is one of aeSolutions’ core values; it is at the root of our company’s culture,” stated Mike Davenport, aeSolutions’ Vice President of Operations. “From the services we provide to clients operating in some of the most dangerous environments in the world, to the care we take with our internal work policies and practices, safety is what drives us. We are motivated by ensuring every one of our customers and employees gets home safely every day; it’s who we are.” In 2015, both of these locations reported zero lost-time accidents, as did the company’s Alaska and Houston offices. This is the fourth consecutive year that aeSolutions has posted zero lost-time accidents company-wide. “A safe workplace allows employees to grow and succeed, and we are proud to announce this year’s Safety Award winners who have taken that to heart,” states Ted Pitts, President and CEO, SC Chamber of Commerce. “We are pleased to honor those companies who have made safety a top priority over the last year and to recognize them among peers at our annual Safety Awards event.” About aeSolutions In business since 1998, aeSolutions is a complete supplier of performance-based process safety engineering and automation solutions. To fulfill their mission of continuously improving the safety performance of the process industry, they utilize proven processes to help ensure consistent project execution and help customers optimize production, quality, and safety. aeSolutions is committed to providing engineering services that enable our clients to sustainably own, operate, and maintain their process facilities. ###