FEBRUARY 2021 UNDERSTAND KEY CHALLENGES IN …...process safety courses and other courses in safety engineering such as quantitative risk assessment and system safety. At Texas A&M,

Predict and Prevent Well-Control Events

Rethink Safety and Control

Systems Design

UNDERSTAND KEY CHALLE NG ES IN

PROCESS SAFETY

EDUCATION

FEBRUARY 2021

AD INDEX

KNF • knf.com/en/us/exproof 3

Mary Kay O’Connor Process Safety Center • psc.tamu.edu 10

Instrumentation Symposium 2021 • instrumensymp.wpengine.com 21

Understand the Challenges in Process Safety Education 4An effective program must address a number of issues

Predict and Prevent Well-Control Events 11A leading indicators dashboard can provide key insights

Take 5 Steps To Run Accident Investigations Right 17Focus on five factors to improve efficiency and insights

Succeed at Setting Up a Virtual Event 22Take advantage of lessons learned in planning and running a technical symposium

Leverage Optimization in Process Safety Decision-Making 29An overpressure scenario shows how to apply this framework

Rethink Safety and Control Systems Design 32Use of mathematical models or process simulators can offer significant benefits

February 2021 / MKO Process Safety Journal-2-

Editor in ChiefMark Rosenzweig

[email protected]

Executive EditorStewart Behiestewart_behie@

exchange.tamu.edu

Associate EditorNoor Quddus

[email protected]

Art DirectorJennifer [email protected]

Production ManagerDaniel Lafleur

[email protected]

PublisherBrian Marz

[email protected]

MKO Process Safety Journal is

published jointly by the Mary Kay

O’Connor Process Safety Center,

Texas A&M University, Jack E. Brown

Chemical Engineering Building, 3122,

100 Spence St., College Station,

TX 77843, and Putman Media,

1501 E. Woodfield Road, Suite

400N, Schaumburg, IL 60173.

Copyright 2020, Mary Kay O’Connor

Process Safety Center, Texas A&M

University and Putman Media. All

rights reserved. The contents of this

publication may not be reproduced in

whole or in part without the consent

of the copyright owners.

CONTENTS

http://knf.com/en/us/exproof

http://psc.tamu.edu

http://instrumensymp.wpengine.com

mailto:[email protected]




Trust KNF for proven liquid and gas pump performance in safety-critical applications.

• Suited for NEC/CEC Class 1, Division 1, Groups C & D; IEC EX, ATEX,

and other protection levels available

• Choose from a broad range of pump head and diaphragm materials

Learn more today at knf.com/en/us/exproof

EXPLOSIONS.GOOD IN MOVIES.NOT AT YOUR FACILITY.

http://knf.com/en/us/exproof

Process safety (PS) academic education has evolved slowly over the past four decades.

University chemical engineering departments began to establish and deliver process safety courses in the 1980s. However, the majority of chemical engineering curricula still do not offer a standalone course, and fewer make it a requirement.

This article describes the Mary Kay O’Connor Process Safety Center (MKOPSC) programs that provide process safety education and research at the university level and for young professionals. It also discusses the complementary efforts of the AIChE/SAChE/CCPS and the actions by the ABET accredit-ing agency regarding process safety education.

It examines challenges to expand-ing and improving education as

well as strategies to develop and implement process safety education. It gives recommendations for initia-tives for the next 10 years to enhance progress. Hopefully these experi-ences can guide other universities, industry and government to improve academic education and research.

KEY EVENTS IN PROCESS

SAFETY AND EDUCATION

The Bhopal disaster in 1984 was an awakening to the chemical industry. An important response to this event was the creation of the Center for Chemical Process Safety (CCPS) by the American Institute of Chemical Engineers (AIChE) the following year. In addition, AIChE formed the Safety and Chemical Engineer-ing Education (SAChE) committee in 1991. This group collected and created educational materials that

were distributed to most chemical engineering departments in the United States.

In 1990 Dan Crowl and Joe Louvar produced the first edition of Chemical Process Safety Funda-mentals with Applications. Now in its 4th edition, it still is the only ded-icated process safety textbook and is used in almost all process safety courses. The textbook’s publication was an important step in bringing process safety into the classroom.

In 1992 the U.S. Occupational Safety and Health Administration’s (OSHA’s) Process Safety Man-agement (PSM) regulations were implemented. With this require-ment, a large portion of industry, by law, began widespread adoption of PSM. At that time almost no one had formal training in process safety, and knowledge and skills

Understand the Challenges in Process Safety Education

An effective program must address a number of issues

By T. Michael O’Connor, Mary Kay O’Connor Process Safety Center, Texas A&M Engineering Experiment Station


were developed on the job. Many individuals continued to work in process safety both learning and developing the art and science of PSM. Many from industry used CCPS’s continuing education courses to obtain the necessary skills. This author attended CCPS courses and conferences to gain basic familiarity with process safety.

Much of the present expertise resides in the minds of these experienced individuals who are nearing or have already retired. Although a lot of this knowledge has been captured in the CCPS Guidelines books, journal arti-cles, Lees’ Loss Prevention in the Process Industries and else-where, the amount of information available to teach future practi-tioners can be overwhelming. A systematic educational program is needed to effectively pass this knowledge to students and new practitioners of process safety in a way that promotes a fundamental understanding of its application.

ABET is a nonprofit organi-zation that accredits university programs, including engineering, in the United States. Member societies establish the criteria used

by ABET in their evaluations. Effective in 2012 the ABET accreditation requirements for chemical engineering added the phrase “including the hazards associated with these processes” in requirement “c” shown below. ABET included no further guid-ance on how this requirement was to be accomplished.

c) Engineering application of these sciences to the design, analysis, and control of processes, includ-ing the hazards associated with these processes.

Chemical process safety can be incorporated into the chemical engi-neering curriculum three ways:

1. a course or courses devoted to process safety

2. integration of chemical process safety into existing courses

3. a combination of the two approaches

BARRIERS TO THE

INCLUSION OF PROCESS

SAFETY IN CHEMICAL

ENGINEERING CURRICULA

For the decades following Bhopal, academia has been slow to adopt standalone process safety courses. Even now, few departments offer

a three-hour course in process safety. Even fewer require a process safety course as part of the core curriculum. As a result, additional generations of students have graduated since Bhopal with limited understanding of process safety. This includes another generation of students who have become professors with little exposure to process safety and thus are less inclined to incorporate process safety in their curricula or research. This chicken-and-egg cycle must be broken to implement process safety effectively in the engineer-ing curriculum.

Finding room within the curric-ulum to incorporate process safety material regardless of the approach is one of the primary challenges associated with the language in the ABET requirements.

MARY KAY O’CONNOR

PROCESS SAFETY CENTER

This Center was formed in 1995 and memorializes Mary Kay O’Connor, who died in a chemical plant explo-sion 1989. The Center performs research in a number of areas related to process safety. Faculty also teach


process safety courses and other courses in safety engineering such as quantitative risk assessment and system safety. At Texas A&M, pro-cess safety is a required three-hour course in undergraduate chemical engineering. A graduate level-ver-sion of the course also is offered. It is the most comprehensive academic Center for process safety in the United States.

MKOPSC-associated faculty advise MS and PhD students focused on some aspect of process safety. Most often a student’s degree is in chemical engineering, but it may be in mechanical, industrial or electrical engineering or in a field such as organizational psychology.

SAFETY ENGINEERING

MKOPSC and the Texas A&M chemical engineering department administer a multidisciplinary safety engineering program that consists of MS safety engineering and cer-tificates in safety engineering. The MS degree is open to anyone with an engineering degree. Beginning in the fall of 2021, there will be an option to select an undergraduate safety engineering track in the multidisci-plinary engineering department.

Masters in Safety Engineering. This degree is open to all engineering disciplines. It covers a range of safety engineering topics. On-cam-pus students participate in a thesis program. All courses have long been held online. Distance students can take a nonthesis curriculum.

BS in Multidisciplinary Engineering

— Safety Engineering Emphasis. A BS degree program now is being final-ized and should be available soon. Three tracks will be available: pro-cess safety, system safety or health safety and environment. The ratio-nale for a BS program is that safety inherently is a multidisciplinary profession requiring a breadth of knowledge that cannot be addressed fully in a graduate program.

Safety Engineering Certificates.

MKOPSC offers three safety engi-neering certificates: undergraduate, graduate and professional prac-tice. The undergraduate certificate requires five courses, which can include a capstone design course; the graduate certificate requires four courses; and the professional certif-icate can be three academic courses or a combination of courses and continuing education.

Research. The Center’s research

program covers a range of topics related to process safety. These gen-erally fall into the following areas: process safety implementation; reactive chemicals; flammability and explosions; human factors; conse-quence modeling; risk assessment; reliability; controls; learning from incidents; and design concepts such as inherent safety, resilience and sustainability. Collaborations take place with mechanical, industrial, petroleum, materials, public health and organizational psychology.

Symposia. The Center also hosts two symposia each year. In Octo-ber is the MKOPSC International Symposium and in February the Instrumentation and Automation

Symposium. These symposia help to improve the interaction of industry and academia. They provide an opportunity for students to present papers and attend sessions. The International Symposium includes a research track to promote academic research. Other safety-related symposia typically do not empha-size academic research. Selected papers are published in the Journal of Loss Prevention in the Process Industries, which encourages aca-demic participation.


Continuing Education. MKOPSC has for many years offered in-person courses in the Houston area. All the safety engineering courses are avail-able online and are the same courses being taken for academic credit. As mentioned, a professional certificate is earned by taking three courses.

STRATEGIES IN PROCESS

SAFETY EDUCATION

The center is working on methods to incorporate more process safety education into its curricula.

Standalone Process Safety Course.

A standalone process safety course provides considerable assurance that students have been exposed to the fundamentals of process safety along with an understanding of how the various aspects of process safety work together. The level of inte-gration of the concepts of hazards, consequence and risk assessment in a standalone course likely exceeds what is possible when teaching var-ious elements in different courses. Even a one-credit-hour course may achieve a level of integration that is less likely without a standalone course. A one-hour course also may be more acceptable as an addition to a crowded curriculum.

Almost all dedicated courses use the Crowl and Louvar textbook. This book has undergone 30 years of refinement and expansion with feedback from faculty and students, resulting in a comprehensive treat-ment of process safety.

Process Safety as an Elective Course. ABET certification requires that all students demonstrate proficiency in understanding process hazards. Therefore, offering safety-related courses that all students are not required to complete as part of the degree program may not demonstrate the requirements for ABET accred-itation. Even without mandating the process safety course, experience in the 1990s at Texas A&M showed that an elective process safety course attracted more than 50% of the chemical engineering students.

This was the case befire its being made a required course. Recogniz-ing that not all engineers will be equally involved in process safety, it is a positive step to have this option available to interested stu-dents, although requiring a process safety course is best for meeting the ABET requirements.

Industry Collaboration in Pro-

cess Safety Education. There are a

number of opportunities for indus-try to encourage and participate in university process safety edu-cation. The interaction among the company, student and faculty usu-ally benefits all parties. The many process safety specialists retir-ing from industry can use their expertise to transfer knowledge to younger generations. Industry personnel and retirees can teach and mentor students in a number of ways:

• Process safety specialists can give lectures during classes, as part of lecture series, during boot camps and for student organizations.

• Industry personnel can mentor students during class projects or research activities.

• Companies can make known their preference for hiring stu-dents with process safety course work or other process safety experiences.

• Hosting of AIChE faculty workshops is helpful in intro-ducing faculty to process safety. Faculty associated with the MKOPSC who have attended the AIChE faculty workshops reported them to be beneficial.


• Companies can provide valu-able internship opportunities to students, which also allows employers to evaluate students for full-time employment.

• Finally, participation of industry in and support of the academic process safety centers is essential for their continuing success.

MKOPSC is in the process of developing a Process Safety Train-ing program in collaboration with San Jacinto College (SJC) targeting incumbent workers (operators and supervisors) working in the facilities in southeast Texas which includes Texas Chemical Council (TCC) member companies. The program is being developed around MKOPSC’s existing process safety education program and will take advantage from SJC superior hands-on training facilities and laboratories supported by subject matter expertise from TCC. An initial survey showed tre-mendous interest to such a program from chemical and refinery compa-nies in Texas.

STRATEGIES FOR PROMOTING

PROCESS SAFETY RESEARCH

Funding for process safety research is limited. The primary federal

funding source in engineering is the National Science Foundation (NSF). Its emphasis is on cutting-edge tech-nology that seldom explicitly involves process safety components. Lacking a major source of consistent funding, few professors focus on process safety research, although there is progress in integrating safety concepts in other research topics.

The lack of focus on process safety research funding has resulted in a shortage of academic interest and expertise in this field. Thus few pro-fessors develop expertise in this area, limiting the likelihood of its being incorporated in the curriculum, and the cycle of insufficient academic training in process safety continues.

Despite the overall lack of pro-cess safety funding sources, the MKOPSC has been performing process safety research for more than 20 years. The Center has relied on a variety of funding mechanisms to achieve this. The base funding is from gift endowments and industry consortium membership fees. Less than 1% of funding has come from the NSF.

MKOPSC has been successful in obtaining some funding from less conventional sources in industry

and government. Typically these are focused projects meant to solve a par-ticular problem. Graduate students therefore have an academic research topic and assist with these more applied projects throughout their graduate experience. While useful for students and project sponsors, funding is inconsistent, and the pro-cess safety academic areas addressed are limited.

One method for increasing research funding on process safety would be for funders to require con-sideration of the primary research topic’s process safety impacts. For instance, the RAPID program could specify that inherent safety is to be considered when developing new intensified processes. It has long been recognized that process intensifi-cation can enhance inherent safety. However, it also can result in a riskier process. The best time to consider and implement inherent safety is during the research and development phase.

CONCLUSIONS AND

RECOMMENDATIONS

The widespread effective practice of process safety depends on all involved parties, chemical engineers and many others, having a minimum level of


competence. Relying solely on a group of process safety specialists never will achieve the desired results. All individuals need a basic knowl-edge of process safety and their role in achieving safe process design, operation and maintenance.

The following should be pursued to improve process safety education in U.S. universities:

• Perhaps the greatest need is to effectively involve faculty in process safety education and research, recognizing that very few were exposed to process safety in their academic careers.

• Additional effort and progress are needed to incorporate pro-cess safety knowledge in the academic education of chemical engineers and others. Con-tinuation of present programs is needed, as well as further enhancements and widespread adoption of these programs.

• Continuing review of the educational needs of chemical engineers and the curriculum should be pursued, such as offering a core course in process safety as a requirement. Indus-try representatives need to be included in these deliberations.

Even a dedicated one-hour process safety course would be beneficial in tying together con-cepts learned in other traditional courses. A coordinated effort within chemical engineering departments is needed to incor-porate process safety concepts in the curriculum properly.

• An elective course in process safety is a desirable option when it is concluded that process safety is not required as a core course.

• Existing methods must be used to incorporate process safety in courses and other experiences. Laboratory and unit operations activities are opportunities to apply process safety concepts. The use of AIChE/CCPS and IChemE materials is especially appropriate. Certification pro-grams for undergraduates have proved beneficial.

• Professors should have increased exposure to process safety concepts through faculty work-shops, continuing education and research opportunities.

• Industry experts (both active and retired employees) can instruct undergraduate and graduate students, lead process

safety initiatives, advise chemi-cal engineering departments and assist in process safety research.

• Industry can assist universities by encouraging employees and retir-ees to participate in university activities such as teaching, sym-posia, workshops, boot camps and research.

• Research funding organizations should consider the inclusion of process safety concepts when writing requests for proposals.

• Conference organizers should strive to incorporate academic research presentations. There is a tendency to exclude academic papers because they do not meet the immediate needs of the industry participants. Topics and tracks for academic research should be promoted.

There is no single answer to improving process safety education. A number of activities need to be expanded, improved and adopted on a wider basis. Consistent efforts to move forward with all the recom-mendations have a synergistic effect and a positive outcome.

T. MICHAEL O’CONNOR can be

reached at [email protected].


CONTINUING EDUCATION The Mary Kay O’Connor Process Safety Center offers continuing education courses year-round both online and in Houston. The continuing education classes are taught by experienced engineers with years of industrial, chemical, research, and process safety knowledge. The Center strives to deliver the courses and topics that are important and vital to the ever-changing environment and industrial audiences. These courses can be taken for continuing education credit and can be applied toward the Safety Practice Certificate.

PROCESS SAFETY PRACTICE CERTIFICATE FOR INDUSTRY

The Process Safety Practice Certificate is a program that allows engineers in industry to gain greater knowledge in process safety. The certificate requires 125 Professional Development Hours (PDHs) for completion within a three-year timeframe.

COST OF CERTIFICATEThe approximate cost to complete the certificate is $5,400-$6,470.- 1 day course: $495 (7 PDHs)- 2 day course: $990 (14 PDHs)- 3 day course: $1,485 (21 PDHs)- Semester long SENG Courses: $1,800 (42 PDHs)

ONLINE COURSES

Visit psc.tamu.edu for more Information

Find us on

For questions email us at: [email protected] here: tx.ag/MKOpspcert

Existing online courses are available now

- SENG 655 Process Safety Engineering

- SENG 660 Quantitative Risk Assessment

- SENG 674 System Safety Engineering

- SENG 670 Industrial Safety Engineering

- SENG 677 Fire Protection Engineering

New courses are being included in the program

mailto:mkopsc%40tamu.edu?subject=

http://tx.ag/mkopspcert

http://psc.tamu.edu

The oil and gas industry historically has relied on lagging indicators

for measuring and monitoring safety performance. These indi-cators generally are a count of the number of spill events, volume of spills, number of well kicks, per-sonal safety statistics, etc. Even though these metrics provide useful information on an organization’s safety culture, they do not offer any predictive insights as they reflect conditions that existed in the past, prior to an event.

Before any major incident, multi-ple precursors or cues often provide early signs of an imminent danger. Leading indicators (LIs) are met-rics for measuring and monitoring these events. Over the past few decades, focus has been paced on identifying, measuring and aggre-gating these LIs to understand the risk of plant operation.

However, little work has been done to predict well-control incidents using LIs. Carefully

developed and tracked LIs can provide valuable information for identifying the potential for signifi-cant control events, enabling timely proactive measures.

Currently, a collaborative proj-ect is underway to engage the upstream oil and gas industry to develop LI-based dashboard tools for predicting well-control incidents. The project, set to be completed shortly, has a goal to develop a set of LI-driven pre-dictive tools with customizable dashboard displays, for multiple levels of decision-makers, to con-stantly monitor and understand well operations risk from a process safety standpoint.

This tool would provide users (from frontline to management) with role-specific information, from status of engineering barriers (e.g., hydrostatic head, blow-out-preventer status and health) to organizational process safety elements (e.g., procedure, compli-ance, design and risk management).

This article discusses the challenges faced and the progress made in developing this “Leading Indica-tors Dashboard.”

BACKGROUND

Using LIs to predict and prevent high-consequence events is not new. The Baker panel report on the Texas City refinery explosion (2005) emphasized implementing an active monitoring program by using LIs in the major hazard industries. In 2006, UK HSE published guid-ance on developing leading and lagging metrics and introduced the concept of “dual-assurance” for risk management. RP 754 published by the American Petroleum Institute (API) in 2010, introduced a four-tier approach for developing leading and lagging indicators, with Tier 4 being most leading and Tier 1 being most lagging.

Because API RP 754 was devel-oped primarily for downstream operations, the International Asso-ciation of Oil & Gas Producers

Predict and Prevent Well-Control EventsA leading indicators dashboard can provide key insights

By Jim Pettigrew, Gier Karlsen, Nafiz Tamim, Geert van Loopik

and Syeda Zohra Halim, Mary Kay O’Connor Process

Safety Center, Texas A&M University


(IOGP) published a guidance document (IOGP 456) in 2011 for upstream application. Later in 2016, IOGP published another guidance document (IOGP 556) highlighting the left-hand side, or prevention side, of Bowtie diagrams and included discus-sions on LIs. The Institution of Chemical Engineers (IChemE) and Center for Chemical Process Safety (CCPS) also have published multiple guidance documents for developing leading metrics for major hazard industries, including oil and gas, chemical and mining.

Until this point, LI programs have been used mostly in down-stream operations, and very little work has focused on upstream operations, especially in oil and gas exploration and drilling activities. Drilling or other well operations, for example, completion and inter-vention, differ from other industrial

processes or operations. Well-con-trol incidents are considered high-consequence, low-frequency events, and a simple upset can escalate to a complex uncontrolled event within a short time.

For this reason, it is important for well operations to be actively mon-itored with carefully developed LIs to identify any threats or weaknesses in the well-control system. Tradi-tionally, drillers mostly have relied on a group of process observables and kick indicators, along with their experience, to gather valuable infor-mation on the well operations and the status of the barriers put in place to prevent them.

Often, this information is vague or delayed and fails to provide accurate representation of barrier conditions. Because of the sheer volume of data, its variation with the drilling operation over time and the complexity of the process,

it can become a particular chal-lenge to aggregate all information to assess the barrier conditions and predict the risk.

In one article, Karlsen G. (2020) identified a list of well-con-trol events that could have been prevented by focusing on the well-control barrier health indi-cators and making timely and informed decisions. He recog-nized that the high-consequence incidents happened because the Bow-Tie’s fault-tree side (or pre-ventions side) was not in order.

The bow-tie provides a visual connection between the preventive and the mitigative barriers that are in place for an incident scenario and in some cases shows the various conditions affecting each barrier. In many cases, organizations may not take appropriate advantage of exist-ing technologies and opportunities because of cost, time pressures and skill sets, thus yielding to accepting normalization of deviance and inade-quate leadership engagement.

Karlsen emphasized the impor-tance of understanding well-control

DISASTER EVENTS

Figure 1. Events prior to blowout at both the Deepwater Horizon and the Montara disasters propagated in a similar manner.


risks before and during implemen-tation of well operations activities but underscored that this can be challenging due to information overload, particularly during com-plex well activities. Often risks are assessed only for a limited course of actions and not viewed as a cumulative function. In reality, risk can accumulate to a point beyond acceptability limits, leading to major incidents before the true risk is realized.

For example, as shown in Figure 1, the Deepwater Horizon blow-out (2010) and Montara blowout (2009) both exhibited similar series of events that eventually led to catastrophic blowouts. With every course of action and questionable decisions, risks kept growing in each case. Risks of individual actions might have been deemed as reasonable, but the cumulative risks arising from the individual devia-tions may reach a level high enough to ultimately cause a catastrophe.

LI programs can help identify early warning signs of events by locating weaknesses in the well-control barrier system. If designed properly, this early warn-ing could be a powerful tool for evaluating complete and cumula-tive risks of well-control events that may not be perceived by assessing individual actions. The challenge is in determining the appropriate sets of LIs from an enormous pool of information and in aggregating

them to understand the conditions of the barriers that protect opera-tion against unwanted events.

LEADING INDICATORS

RESEARCH

To address the gap in the field of process safety in well operations, a research project was undertaken at the Texas A&M University by the Mary Kay O’Connor Process Safety Center (MKOPSC) and Ocean Energy Safety Institute (OESI). The project aimed primarily at develop-ing an LIs framework for oil and gas well operations. Tamim et al. (2017, 2019) summarized and divided the project’s initial research findings into two phases.

In the first phase, a general frame-work was developed for identifying sets of LIs to predict kicks and blow-outs. A systematic methodology for identifying LIs was proposed, and the work identified categorized sets of LIs for drilling, completion and well intervention activities.

In the second phase, a quanti-tative framework was developed for predicting well-control barrier failure probabilities from LI data. This predictive model can be useful for evaluating individual barrier health in a well-control system for informed decision-making. All this information can be displayed in a dashboard setting for constant tracking and monitoring of process safety performance of an individual well or a group of wells.

The concept also may be applied to any industry — downstream, upstream and outside the energy industry — that deals with stored energy. A parallel research project at the MKOPSC is looking at how information from past incidents can be used to understand which LIs should be prioritized, thereby retaining lessons learned for use in preventing future incidents.

INDUSTRY PROJECT

An OESI-led project currently is underway to engage industry in developing a dashboard where LIs in well control could be tracked and displayed to provide early warning signs through a “traffic light system” of degradation or failures of well-control barriers. The work process started through construction of Bow-Tie diagrams specific to well operations and identifying relevant well-control barrier elements.

In the following phase, appro-priate LIs will be identified for each set of barriers. These sets would include both technical and


nontechnical factors for a complete evaluation of control system failure risks. Simpler predictive models will be developed by integrating sets of LIs to represent the overall barrier performance. Derived risk profile of individual wells can be represented by a well-monitoring dashboard (Figure 2).

Parallel efforts at develop-ing a LIs dashboard or similar concept are ongoing within the private industry. A large well services provider and a process safety firm are developing similar commercial concepts to what the industry group set out to develop. There is specific support from a major drilling contractor and an operator to develop dashboard concepts to capture changes in risks and weakness in bowties. The industry group is evaluating a mechanism to bring an LIs dashboard into the market. What is essential is that all operators have access to and can use LIs as a means of identifying precursors to well-control incidents.

INTEGRATION OF PROCESS

SAFETY COMPONENTS

For complete evaluation of loss of well-control risk during well operations, process safety elements need to be integrated into the LIs program. This will help to identify gaps within the safety management system and provide opportunity to address them before an event. To

evaluate process safety performance of an operation/rig, LIs can be grouped into the following perfor-mance categories:

1. Well operations discipline — drilling, tripping, circulating, subsurface, running casing, cementing and reentry

2. Design — well planning, casing program, cementing, boundary conditions, rig selection, equipment, job and procedures

3. Compliance — standards, best practices, procedures, personnel, barriers policy and tracking and management of change (MOC) process

4. Competency — design, train-ing, on-job experience, process safety knowledge and crew resource management (CRM)

5. Risk management — pre-spud hazard and risk analysis, MOC and risk assessment during operations

6. Reliability — maintenance and function tests

7. Contractor management

8. Management systems (SEMS) 9. Near-miss/incident investigation 10. Audit and verification This information can be sum-

marized and presented in a process safety performance dashboard for better evaluation and greater visi-bility. It can help the leaders of an organization making risk-based decisions and driving targeted ini-tiatives to reduce probabilities of loss of well-control events.

A CLOSER LOOK AT

THE BOWTIE TOOL

The bowtie method is widely adopted and has been applied in the oil and gas industry down-stream, midstream and upstream.

PROPOSED LEADING INDICATORS DASHBOARD FRAMEWORK

Figure 2. Individual wells and their risks will be included in the dashboard.


The bowtie update level may vary, however, and many in indus-try do not yet capitalize on the bowtie’s full potential. Often a bowtie’s application stops after the picture has been created. It remains a static picture instead of being actively operationalized by connecting the barriers to actual systems and data points in the operations, which would provide an updated picture of barrier

health as the individual barri-ers change.

A comprehensive bowtie for well-control operation should cover the scenarios leading to the Macondo, the Montara and the more recent Pryor Trust incidents. All three incidents had many common denominators and leading indicators that should have flagged upcoming problems. The indicators included a combination of live data

and corporate and management actions. Efforts are being made to further deconstruct these three catastrophic incidents to define and identify barriers, their status and the data available on the status of those barriers.

CGE Risk Management Solu-tions BV, authors of BowTieXP, has been collaborating in this project. By participating, CGE is helping to accomplish a standard of bowties for the well operations that can be ref-erenced by the industry as a whole. As mentioned, in this project, the first part is to understand what the scenarios are that a well’s operation potentially is exposed to, and the second part is to understand the barriers that protect the operation against these scenarios.

These two steps are crucial and already are followed by many operators worldwide. What we have not yet seen is a standard of peer-approved bowties available for reference to the industry. The project’s target is to create the bowties, review them and make them available to the industry. A

CRITICAL TASK AND CRITICAL TASK DECOMPOSITION

Figure 3. Barriers and performance indicators, combined with live data points, will generate the information in the Leading Indicators Dashboard.

Barrier

Safety Critical

Element

Safety Critical Task

SC Procedure

Safety Critical

Element

Safety Critical Task

SC Procedure

Optional hierarchy


set of peer-reviewed Bowties can significantly help operations that do not yet apply the method. It also can help those who do to compare their own bowties to the industry standard and potentially learn and modify them.

The second part of this project involves working to deconstruct and understand each barrier and its elements. We also will make a translation from barrier elements to real parts of equipment and activi-ties in the operation. These barrier elements potentially are the leading and lagging indicators.

This is the step where most companies have difficulty man-aging a centralized and consistent approach. With this project we hope to deconstruct all relevant barriers to their specific barrier ele-ments (critical systems vs. critical activities) and to describe generic performance indicators so that when connected to the parts and systems with live data points in the well operations, they generate the information to drive the Leading Indicators Dashboard (Figure 3).

CONCLUSION

While significant strides have been made in making upstream operations safer, we continue to endure catastrophic incidents. As we investigate these incidents, we find indicators that, if monitored and used to understand the system, could have helped to prevent the

catastrophe. LIs provide a mecha-nism to determine when a system is trending toward an unsafe oper-ating condition and drive targeted corrective actions to minimize risks in well operations.

This project, to create a Leading Indicators Dashboard, presents the opportunity to enhance lead-ership’s decision-making process throughout an organization. The “processed” information presented in a dashboard setting provides a summary of early warning signs of well-control events.

The project already has identi-fied significant work in this area both from academic and industrial sectors, which will help to build the foundation for moving toward creating a robust and useful Leading Indicators Dashboard. The collabo-ration of the OESI, with its charter to “help increase safer and envi-ronmentally responsible operations offshore,” and the MKOPSC with the oil and gas industry is bringing together the diverse talent across many stakeholders, ultimately deliv-ering this tool to help to stay on the left-hand side of the bowtie diagram.

The Leading Indicators Dashboard

Project is a joint collaboration between

academia and industry and is spon-

sored by the Ocean Energy Safety

Institute. This article was drafted by Jim

Pettigrew and Zohra Halim with signif-

icant contribution from Geir Karlsen,

Nafiz Tamim and Geert van Loopik,

among others, from the industry. The

material in this article was also present-

ed at SPE’s ATCE2020

JIM PETTIGREW is the new Director

for the Offshore Energy Safety Board of

the Gulf Research Program (GRP). Prior

to joining the GRP, Jim was the Principal

Investigator and Director of Operations for

the Ocean Energy Safety Institute (OESI).

He received his Master of Science in

Physical Oceanography and Meteorology

from the Naval Postgraduate School and

received his Bachelor of Science in Ocean

Engineering from Texas A&M University.

James Pettigrew can be reached at james-

[email protected].

ZOHRA HALIM is serving as an As-

sistant Research Engineer at the Mary

Kay O’Connor Process Safety Center

and Lecturer of Chemical Engineering

at Texas A&M University. She current-

ly is leading the Leading Indicators

Dashboard Project. Zohra completed

her PhD at Texas A&M University with

a focus on research in process safety.

She received the SPE Regional Health,

Safety, and Environment Award for the

Gulf Coast in 2020.


Take 5 Steps To Run Accident

Investigations Right

Accident investigation is a regulatory require-ment under OSHA

1910.119(m). Such an investigation requires careful analysis of evidence to arrive at probable cause(s) of the event and develop appropriate safe-guards to prevent its recurrence. Ideally, investigators would have ample time to analyze all evidence. In reality, plant personnel (and management) almost always feel tacit pressure to resume operations as soon as practicable. Although this pressure is understandable from a business economics view, hastily performed accident investi-gations could fail to catch the real culprit, the probable cause(s) of the accident. Critical evidence inadver-tently could get destroyed, leading the investigators to rely on invalid

assumptions. The same accident could recur again and again.

To get a plant up and running as soon as practicable while per-forming an effective investigation depends upon analyzing the acci-dent and developing safeguards carefully and efficiently. Safety professionals, plant engineers, operators, maintenance profes-sionals and management play a vital collective role in developing a framework for efficient acci-dent investigations.

At the strategic level, engineer-ing and administrative controls as well as safety culture jointly con-tribute to an efficient and reliable accident investigation. The key to ensuring efficient accident investi-gation is preparedness, i.e., having systems in place to deal with

accidents. To improve your pre-paredness and, thus, the efficiency of your accident investigations, pay particular attention to five factors:

• Fault-tolerant systems;• Data management to aid

investigations/troubleshooting;• An in-plant accident investiga-

tion team (AIT);• Key spare components on

standby; and• Safety culture in a middle and

top management.

FAULT-TOLERANT SYSTEMS

Briefly put, a fault-tolerant design focuses on preventing an accident or minimizing its impact.

At the design stage, process hazard analysis is helpful in identi-fying hazards and then minimizing their impact and occurrence. One

Focus on five factors to improve

efficiency and insights

By GC Shah, Wood Group Mustang


important tool to address these hazards is fault-tolerant design. Simply put, it uses systems to blunt the adverse impact of an accident. Some examples of fault-tolerant systems include double-wall pipes or sumps with annular space monitoring, dikes, redundant instrumentation (e.g., dual-level transmitters on storage tanks), equipment separation, building locations in safe zones, and plant siting away from sensitive areas such as aquifers, rivers, lakes, parks, populated areas or wetlands.

Fault-tolerant systems help you improve efficiency of an accident investigation by decreasing the impact of an accident; this, in turn, reduces the tacit pressure to wrap up the investigation as quickly as possible.

In a broad sense, accident investigation is a vital step for determining measures to take and systems to install to minimize an event’s recurrence and impact in the future. In addition to fault-tol-erant designs, multiple layers of protection help thwart accidents. Such layers of protection typically include alarm systems, control systems, relief valves, interlocks, safety instrumented systems, oper-ator training and testing, alarm

rationalization, and emergency response systems.

DATA MANAGEMENT

The reliability of an accident investigation depends upon the team having access to critical data. Such data could be destroyed during an accident. So, preserving these data is key.

What are critical data? This depends on the process and equip-ment. For example, on a distillation column, critical data may include pressures, differential pressures, temperatures, rate of rise of pres-sures, levels in the bottom and in the reflux drum, reflux flow, relief valve set points and maintenance records, and feed composition. For equipment such as compressors, turbines, transformers and flares, vendors can provide insights about safety critical data.

It’s also important to preserve records of operations, operator logs, instrument calibrations and maintenance history. Develop appropriate and easy-to-use data-base systems or data historians for these records.

After identifying the safety critical data, put in place systems to ensure the data set will not be destroyed during an accident.

Consider the following steps:• Protecting data transmission

from the field to the control room and data management (data historians) from potential hazards such as fires, heavy rains, flooding, dropped objects and electromagnetic or radio frequency interference.

• Arranging safety critical data in a format that’s easy to use for accident investigations and troubleshooting.

• Time-stamping the data.• Taking measures to ensure data

security from cyber attacks.• Using modular systems that

facilitate system expansion.• Performing system upgrades (to

avoid obsolescence of the data management systems).

In addition, consider admin-istrative safeguards to reduce the probability of accidental destruction of evidence. Carefully developed accident investigation procedures should address the issue of isolating the accident scene and preserving evidence. Operator and contractor training is a must to pre-vent inadvertent data destruction.

THE ACCIDENT

INVESTIGATION TEAM

The time to form an AIT is not


after an accident but before one occurs. Obviously, accident inves-tigation is a multi-disciplinary task. The team should include plant subject matter experts and consist of people from operations, engi-neering, maintenance and safety/environmental management. Team members should be technically competent as well as emotionally mature individuals.

The team should develop an acci-dent investigation procedure for the plant site. In addition, a comprehen-sive health, safety and environment (HSE) manual for the site is a valuable tool in streamlining acci-dent investigation efforts. The HSE manual would include procedures, for example, lock-out/tag-out, confined space, safety permits, respiratory protection, personal pro-tective equipment (PPE), accident investigation, incident reporting and hazard communication.

Consider taking the follow-ing steps:

• Training all affected personnel in responding to accidents. The focus of this training is person-nel safety, isolating the accident scene, preserving data and making notes in the operations/maintenance logbooks that would help the AIT.

• Collecting without delay information about the accident scene. The AIT should prepare a site-specific checklist of items that workers involved in an accident can use to document relevant crucial details of the event. The checklist could include, for example, date and time of the incident, unit involved, weather (temperature, humidity, wind velocity and direction), mode of operations and production rate of the unit as well as type of release (vapor, liquid or both), estimated release quantity and whether it’s reportable. Once safe to do so, take onsite samples and photograph evidence. You may consider high-tech as well as low-tech accessories such as digital cameras authorized for use in hazardous locations, sample bottles, handheld area monitors (e.g., for lower explo-sive limit or toxic gases), PPE and tablet computers.

• After ensuring safety of per-sonnel, interviewing people who were close to or witnessed the accident. The accident investigator should put the interviewee at ease. Stress that the purpose of the interview is

to learn from the accident to try to prevent a future recurrence, not to fix blame. However, people may be frightened or traumatized and may not be willing to share vital informa-tion during an interview.

• Using software to enhance the efficiency of the accident investigation. Many accident-in-vestigation software programs are available commercially. Make such software an integral part of the plant data management system, not an isolated system. Ensure data transfer from the data management system to the software and vice versa is as seamless as practicable.

• B ringing in outside consultants. Some accidents may require their expertise. The AIT should keep contact informa-tion for outside consultants as well as vendors and con-tractors readily available. The AIT should have unhindered access to funds necessary to summon outside help.

• Establishing a sensible balance. The AIT team members should be pragmatic in considering safety as well as the desire to get the plant back into opera-tion in a reasonable time.


SPARE COMPONENTS

Lack of critical parts that have long delivery times can delay equipment repairs and, thus, impede getting the plant back into operation safely following an accident. Having such critical parts on hand is very helpful in concluding accident investigations. Developing a crit-ical spare parts list requires input from many parties including engi-neering, production, safety and maintenance. Where funding for expensive spare parts such as gear trains, distillation trays, turbines and compressors can’t be justified, explore partnerships with the equipment vendors.

Spare parts onsite require proper storage to ensure they will be ready for use when needed. For example, igniters for flare systems, if left open in air, may get corroded. Some spares such as pumps and compressors may need periodic testing.

SAFETY CULTURE

Best-in-class companies have well-developed safety cultures at all levels of management. Top-level management plays a crucial role in establishing the safety culture, organizational philosophy

and company conduct (see: “Pro-cess Safety Begins in the Board Room”). Policies should be supple-mented with deeds, i.e., behavior should create trust in the top management. Workers should feel empowered to report accidents to the best of their knowledge and interpretation, without fear of reprisal. In the wake of an accident, high-level corporate executives should provide moral as well as financial support. Their actions will strongly affect company image. Well-developed safety culture and open dealings with stakeholders (such as workers and neighbors) will help project a positive image within and outside the company.

Mid- or plant-level manage-ment develops and implements policies and procedures. So, these people directly and immediately influence the behavior of plant personnel — and should emphasize (and practice) safety along with production goals. Mid-level man-agement must understand that staff judge their commitment to safety by actions, not safety slogans. So, plant managers should show support for safety improvement projects and provide the necessary funding for them.

Because the supervisory level of management is closest to the workers, its day-to-day actions greatly influence staff behavior. At this level, a number of factors (including poor record-keeping, lack of availability of equipment or tools, and untrained personnel) contribute to delays in accident investigations. In some organiza-tions, supervisors get the sense that they must get the plant back into operation as soon as possible and that safety can take a back seat. A well-developed safety culture will help counter this.

Safety professionals should play a lead role in infusing safety culture at all levels of management.

THE BOTTOM LINE

Doing accident investigations right requires grappling with engineering, administrative and cultural issues. It’s certainly worth the effort. After all, effi-cient accident investigations will help ensure long-term safety, productivity and positive public image of a company.

GC SHAH is a Houston-based consultant

specializing in process safety. E-mail him

at [email protected].


https://www.chemicalprocessing.com/articles/2013/process-safety-begins-in-the-board-room/




Energetic Materials, Calorimetry, Contaminants, PredictionFlammability, Combustion, Ignition, LNGExplosion Phenomena and Modeling, Vapor Clouds, DDT, Blast EffectsEnvironmental Influences on SafetyStructure Resistance, Fire, BlastsAny of the Topics Listed in other sections as ResearchNext Generation Concepts, Big Data, AI, Digitalization, Virtual Reality

Research and Next Generation

Design Concepts, Resilience, Inherent Safety, Sustainability, GreenChemistry,Risk Assessment, Uncertainty, Tolerance, ALARP, Functional Safety, Control Systems, ASM, SIS/SIL/LOPA, AlarmsConsequence Analysis, Flammability, Combustion, Explosions, ToxicMitigation Systems, Pressure Relief, Curtains, FoamCyber-Security, Cyber-RiskNaTech, Hurricane, Flood, Tsunami, Earthquake

Design, Analysis, Modeling and Assessment

Process Safety in Well OperationsSpill Prevention and MitigationsBarriers in Well ControlDeveloping Leading Indicators in Well ControlHuman Factors in Well Operations, Situation Awareness, FatigueCorrosion, Material Failures, and Mitigation via New MaterialsAutomated Unmanned Vehicles use for Inspections and MaintenanceAging Facilities and Decommissioning

Upstream Operations

Process Safety Competency Safety Culture, Leadership, Assessment, TrainingHuman Performance, Procedures, FatigueEducation, University, Continuing Ed, Operator, Virtual TrainingPeople and Equipment

Human Factors – People in Action

Managing Process SafetyOperational Excellence, Best Practices, Worker InvolvementAsset Integrity, Maintenance, Reliability, Aging Facilities, Failure Data, MaterialsEconomics, Cost-Benefit, Value at Risk, Business CaseLearning from Incidents, Investigations, Case Histories, Incident Data, Near Misses

Managing Operations and Maintenance

Call for PapersAll Process Industries and Transportation Modes Energy, Chemicals, Pharmaceuticals, Semiconductors

MKOSYMPOSIUM.TAMU.EDU

Do you have a topic that is not listed and would like to see included in the 2020 Symposium? We welcome your suggestions and will send to our committee for review.Papers published in the proceedings will be reviewed and a selected number will be published inthe Journal for Loss Prevention. Authors, please include one to two keywords from the 5 majortopic areas and one or two keywords from that topic in your abstract.

Submit your abstract here: tx.ag/2021mkosubmissions






Upstream Operations














Upstream Operations









http://mkosymposium.tamu.edu

http://tx.ag/2021mkosubmissions

Given the impact of the coronavirus pan-demic on mobility and

face-to-face contact, many organi-zations are planning conferences and symposia in a virtual form. Those that have hosted virtual events have found them to be more complicated than expected, which makes planning and sound decision-making vital. Many organizations do not have the spe-cialized staff to focus on a virtual event. Advice from those who have conducted virtual events can help others plan and execute their own successful events.

The Mary Kay O’Connor Pro-cess Safety Center (MKOPSC) faced the virtual event challenge with its 2020 Annual Interna-tional Symposium held at the end of October 2020. Planning

for what was expected to be a live event started in earnest in February 2020, just before the COVID-19 shutdowns began to grip the world. MKOPSC then had to make many decisions on pivoting to a virtual event with-out much guidance. With many people’s efforts, the Symposium was held on time and was suc-cessful and highly acclaimed by the attendees.

This article provides a sum-mary of some of the key decisions MKOPSC faced, why they were made, and whether they worked. Strategies that contributed to the Symposium’s success also are included. Although every virtual event is different, the tips here may help others in improving the plan-ning and execution of their own virtual events.

MKOPSC PROCESS SAFETY

SYMPOSIUM BACKGROUND

The MKOPSC Process Safety Symposium is a technically oriented event focused on the safety of industrial processes. Most attendees are industry and academic practitioners. The Symposium has been held annu-ally in person since 1998 at the MKOPSC home on the campus of Texas A&M University in College Station, Texas.

The Symposium consists of presentations of studies, many of which are described in full in articles bundled in the Symposium proceedings. In recent years, it was a three-day event with four concurrent tracks; the 2019 Sym-posium had 92 presentations plus daily keynotes, along with sponsors and exhibitors.

Succeed at Setting Up a

Virtual EventTake advantage of lessons learned in planning

and running a technical symposium

By Henry Goyette, Mary Kay O’Connor Process Safety Center, Texas A&M University


The Symposia are executed largely with graduate research assistants and undergraduate stu-dent workers led by a relatively small group of MKOPSC staff and volunteers.

DECISION-MAKING STRATEGY

The following sections describe

the organizing committee’s deci-sions, including overall structure, event promotion, event delivery and additional aspects. A key part of the decision-making, planning and execution was to designate and work with a technology-proficient and committed organizing com-mittee. Because decision-making

was dynamic, living docu-ments were created to keep the Symposium planning evolving and adapting.

From the beginning, decisions were made considering budget and time constraints, available resources both human and tech-nological and lessons learned

Decision Choices & Impacts MKOPSC Choice Result

Do we have a Symposium in 2020?

• Have the event — disseminates important learnings to society; shows viability of organization

• Postpone the event — eliminates risk of poorly attended, clumsily executed, money-losing event

Have the event Event was technically successful, although attendance was less than expected.

Should we make Symposium smaller?

• Same size as usual — provides same quantity of process safety learnings

• Smaller than usual — easier to administer given all the unknowns of a virtual event

Smaller event (72 presentations in-stead of 92)

Size was fixed by number of present-ers signing up to present. In hindsight, smaller size was about right given resources to administer event.

Do we run as a single track or multiple concurrent tracks?

• Single track — much easier to have 1 trained team deliver the online portion of the event

• Multiple tracks — can provide more content in shorter time; provides attendees choices so they do not lose interest

Held 3 concurrent tracks

The 3 tracks provided choices without having too many conflicts. Running 3 teams at once was a burden, but all teams were successful.

Do we change the 30-minute duration of presentations used in past years?

• Keep the presentations at 30 minutes — allowing 20 to 25 minutes for presentation and 5 to 10 minutes of Q&A worked well in the past

• Increase or decrease the duration — Longer time has more content but often harder to watch virtually; shorter time snappier but less content provided

Kept the presentation duration at 30 minutes

Attendees found that 20 minutes provided enough time for significant learnings to be shared, and presenters found that 10 minutes was sufficient time to answer questions in the Q&A.

Do we pack the tracks with content beyond the typical 4 to 6 hours per day?

• Have less content in each track per day — allows attendees time to absorb material, less stress on online hosts

• Pack more content in each track per day — can complete event in fewer days but can overwhelm attendees and staff

Packed 6 hours per track per day (12 30-minute presentations), plus 1 marquee event each day

The packed schedule was long but doable for the online teams. Many attendees joined only for presentations of interest, so the packed schedule did not overwhelm them.

Do we build in long breaks between sessions or short breaks?

• Use long breaks — gives execution team time to re-cover, allows time for Q&A overruns and underruns

• Use short breaks — keeps audience from wander-ing off, keeps delivery team doing well, can finish event more quickly

Short 15-minute breaks between sessions1; 1-hour lunch break each day.

Found 15 minutes between sessions acceptable although 20 minutes might allow more time to recover and check in the next presenters; 1 hour for lunch was good.

Do we include marquee events such as panels and keynotes?

• Include marquee events — greatly increases draw for Symposium, adds in-depth content

• Do not include marquee events — eliminates workload in finding keynoters and panelists and organizing events

Included 1 marquee event per day (key-note, live panel)

Keynote and panel were critical for marketing the Symposium even though they took time to arrange.

DECISIONS THAT ESTABLISH VIRTUAL EVENT’S OVERALL STRUCTURE

Table 1. These are decisions that we knew we had to make first as they would be difficult to change later.

1 - A session consisted of three presentations in a row without breaks.


from existing virtual conferences. Some of the colleagues who shared their experiences were with NVIDIA, American Chemistry Society (ACS) and DustSafety-Science. MKOPSC is grateful for their insights.

DECISIONS THAT ESTABLISH

OVERALL STRUCTURE

It was important to make many decisions early when they shaped

the event and would be difficult to change in later stages. These decisions were whether to:

• hold the Symposium in 2020• change the size of the event

(the same size or smaller)• change the format (single

track or multiple concur-rent tracks)

• modify the presenta-tion duration

• adjust the delivery schedule

(modify to deliver content in a more compact way than the four to six hours per track a day typically present in confer-ence events)

• build in short breaks or long breaks (considering the already well-known phenomenon of “zoom burn out”)

• include marquee events (key-notes and panels)

Table 1 lists these decisions


How do we adjust pricing for a virtual event?

• Keep pricing like a live event — will increase profit as costs for a virtual event are a lot lower than a live event

• Reduce prices moderately — in line with prices of other virtual events

• Reduce prices dramatically — might draw many more attendees than normally, although decreases chances of meeting profit targets

Reduced prices dramatically from previous live Symposia (about 75% less)

The number of attendees did not increase dramatically as hoped, so profit targets were not met. In hindsight, a moderate price reduction (~50%) may have been more appropriate.

Do we include networking events such as chat rooms and virtual happy hours?

• Include networking events — attendees appreciate the spontaneity and connectiveness of networking with colleagues

• Do not include networking events — managing the events takes away from staff resources; some virtual events report low success with their networking ses-sions

Did not include networking events to focus on success of technical sessions

Feedback was clear that networking opportunities were missed. At a min-imum, moderated chat rooms where attendees can meet can be included with relatively little effort.

Do we include a poster session?

• Include a poster session — allows more content to be shown, especially for graduate students and others with less material than a full presentation

• Do not include a poster session — saves space in schedule for technical events

Did not include a poster session to fit the presentations in 2 days

Poster sessions were missed by attendees and should be included in some form.

How do we provide sponsor opportunities?

• Offer same sponsor package as live event — potentially same revenue, will get fewer sponsors because they do not get same exposure as live event

• Offer reduced sponsor package — get some revenue but recognize limited interest of sponsors for a virtual event

• No sponsors — eliminates resources needed to recruit sponsors

Recruited sponsors as MKOPSC had staff available. Reduced prices significantly.

Had 2 sponsors compared to 3 at the 2019 live Symposium. Offered announcements before each session and on written materials.

How do we provide exhibitor opportunities?

• Offer same exhibitor package as live event — potential-ly same revenue, will get fewer exhibitors as they do not get same exposure as live event

• Offer reduced exhibitor package — get some revenue but recognize limited interest of exhibitors for a virtual event

• No exhibitors — eliminates resources needed to recruit exhibitors

Recruited exhibitors as MKOPSC had staff available. Reduced prices significantly.

Had 5 exhibitors compared to 26 at the 2019 live Symposium. Offered announcements before each session and on written materials. Some exhibi-tors had webinars on their sites during lunch break.

DECISIONS TO MAKE BEFORE PROMOTING A VIRTUAL EVENT

Table 2. MKOPSC organizers had to make decisions such as whether to have sponsors, poster sessions and networking opportunities before promoting the event.


along with the choices MKOPSC made and the resulting outcomes.

As a result of these decisions, MKOPSC proceeded with a somewhat smaller, more com-pact event than the live version

format of previous years, moving from a three-day, four-track, 92-presentation Symposium to a two-day, three-track, 72-pre-sentation Symposium. It was felt the smaller, compact shape would

be more manageable for delivery with the limited number of staff and volunteers available for the event and the uncertainties asso-ciated with going virtual for the first time.


Which platform (if any) should we use to deliver the content?

• Use a third-party platform — More interesting expe-rience for attendees, helps staff to organize content, adds access control

• Use native conference software with no third-party platform —avoids cost and training requirements for another system, not as easy to add ancillary events, limited access control

Used native conferencing software licensed at Texas A&M (Zoom) — no third-party platform

Using Zoom without a third-party platform worked well, especially with the Sympo-sium’s simplified format.

Do we use Zoom Webinar or Zoom Meeting?

• Use Zoom Webinar — host can block attendees from engaging with video or audio, so no disruptions from attendee accounts

• Use Zoom Meeting — easier to use than Zoom Webinar as communication between attendees, presenters, moderators and hosts are verbal rather than through chat

Used Zoom Webinar

Worked well in reducing disruptions from at-tendee accounts but required a lot of time to train moderators and hosts on the hand-offs between live and recorded sections.

Should the presentations be live or prerecorded?

• Use live presentations — less work on presenters to prepare, can have the latest information, can be more interesting to view

• Use prerecorded presentations — guaranteed to have content available (no risk of presenter not show-ing up or connection issues), control over length of presentation

Used prerecorded presentations

Worked very well for delivering content on time, quality of recorded content was very good, was a lot of work to get the present-ers to turn in their recordings on time.

How should Q&A be managed?

• Live in-person — more interesting and natural for attendees to ask questions verbally, hard to manage if there are hundreds of attendees

• Live by chat — easy to administer, less fresh for at-tendees than watching presenter answer questions, chat answers tend to be less well formed compared to verbal *

• No Q&A — easiest to administer, less interesting for attendees

Questions sent by attendees using Zoom Webinar Q&A feature, answered on-screen by live presenter

Use of live presenter on-screen greatly increased freshness of event, took some effort to make sure presenters were present on time but all presenters were on time.

Should the keynote be live or prerecorded?

• Use live keynote — less work on keynoter to prepare, can have the latest information, can be more interest-ing to view

• Use prerecorded keynote — no chance of keynoter having technical problems during broadcast, keynote can be enhanced with recorded elements

Used prerecorded keynote (45 minutes long)

Keynote was very polished and well-re-ceived. Freshness was enhanced by having live Q&A after the video.

Should the panel be live or prerecorded?

• Use live panel — a live panel is more interesting to view • Use prerecorded panel — allows opportunity to

address problems with delivery

Provided live panel

Panel was well-received with active partici-pation during Q&A.

Do we need live session moderators?

• Use live moderators — makes event more fresh and more interesting, can provide up-to-date information as events unfold

• Do not use moderators — avoids the need to train a dedicated group of individuals, visually less interesting to attendees

Used live moderators

The time needed to train the moderator team was well worth it to make the Sym-posium more interesting and livelier for the attendees.

Table 3. continues on p. 23


DECISIONS NEEDED BEFORE

PROMOTING THE EVENT

With the event’s overall shape complete, several decisions needed to be made so MKOPSC could promote the event fully and start

registrations. These decisions were whether to:

• adjust prices for the event compared to previous live Symposia

• include networking events

such as chat rooms and virtual happy hours

• have a poster session• provide sponsor opportunities• provide exhibitor opportunitiesTable 2 lists these decisions


Should we use many or few people on the delivery teams?

• Use many people — reduces the stress on any one individual, increase involvement with the Symposium, can be more interesting for attendees to see new people

• Use few people — less effort in training, skill level increases as experienced gained

Used many moderators (15 plus 2 spare) and few hosts (4 plus 2 spare) over 2-day event

No serious glitches occurred during event. Kept the host group small because they needed the most technical training — stressful but manageable.

Should presentation start times be fixed or float-ing?

• Use fixed start times — Allows attendees who target specific presentations to join at the right time

• Use floating start times — More natural feel to session; do not need to cut off long Q&A or fill dead space of short Q&A

Started every presentation at a fixed time

Attendees appreciated ability to join in at correct time. Moderators able to fill in time if Q&A short and cut off Q&A if going long.

Should MKOPSC be specific on how the pre-recorded presentations are created?

• Be specific — more likely to receive consistent, high quality videos to show attendees

• Be general — removes burden on presenters to follow rigid rules, especially for presenters who are used to doing videos

Left methods to presenters. Pro-vided some tips, a 20-minute limit and need to trans-mit the final video in mp4 format

Video quality generally was good. Helpful to include a minimum time limit (short videos create too much Q&A time), methods that result in smaller file sizes (roughly half of the videos were about 20 to 80 MB while others were about 200 to 500 MB), requirement for speaker thumbnail to freshen up the videos.

Do we use passwords to control access to the Symposium to deter “zoom bombing” and unpaid attendees?

• Use passwords to control access — increase reve-nue from people who would otherwise “sneak in” to event without registering

• Do not use passwords to control access — avoids staff time needed to deal with attendees who have trouble logging in

No password — publication of the official program and links to virtual rooms were not shared until 48 to 72 hours before the event.

Simplified day-of-event for staff and attend-ees. Attendance counts did not indicate many unpaid attendees. Even if a few did, MKOPSC goal of sharing process safety learnings was met. This also limited open dis-tribution of links or leaks of such links through the Internet. MKOPSC used the platform administered by Texas A&M University for overall event security and threats of “zoom bombing”; given their strong expertise with using Zoom for classes, these issues have been addressed by the platform.

Do we record the sessions for viewing later?

• Record sessions — makes event more attractive by offering access to content if they missed it or were in another session

• Do not record sessions — Avoids work after event to edit and organize recordings for which there may be few requests

Only keynote and panel were record-ed. Prerecorded presentations made available for 3 months.

Have not heard of requests for recordings of sessions. Most of the sessions were the prerecorded presentations which were provided post-event.

How should we train presenters2 for their live Q&A portion?

• Provide hands-on training — increases likelihood that live portion will go smoothly, increases confidence of presenters

• Provide just written instructions — A lot less time to do than train up to 72 presenters.

Only written instructions were provided to pre-senters

All presenters showed up on time and performed their Q&A well with just written instructions.

2- Training of moderators and hosts is essential. Training involved hands-on use of the system along with detailed written instructions and Symposium-specific training videos.

DECISIONS ASSOCIATED WITH DELIVERING A VIRTUAL EVENT

Table 3. Content delivery decisions were needed and included which platform to use, whether to prerecord, if and how many moderators to use and whether to use passwords.


along with the choices MKOPSC made and the resulting outcomes. While these decisions were being made, a technical committee selected the presentations that would be shown in the virtual

event based on abstracts pre-senters submitted. MKOPSC now could market the event by providing registration with prices, preliminary program, attractive keynote and panel

and opportunities for sponsors and exhibitors.

DECISIONS ASSOCIATED WITH

DELIVERING THE SYMPOSIUM

Many decisions needed to be made

Topic Suggestions

Storage of Presentation Videos

• Assign each video a unique number that can be used to find the correct video quickly, rather than a long name. • Use a shared drive to store the “official” version of the video so any member of the team can access a video

on the day of the event.

Scheduling of High-Energy Activities

Like live events, it was noted that attendees were more active and engaged in the morning rather than the afternoon each day of the Symposium. Schedule high-energy activities such as panels and networking in the morning.

Length of Panel Sessions

The Symposium included a panel of 4 experts discussing the planning and response to pandemics on plant operations. The panel was scheduled for 75 minutes but was extended at the end of the allotted time to 90 minutes — the discussion was lively enough it could have gone on longer. It often is difficult to know how long to schedule a panel that depends on panelist skill and audience interaction. For a similar panel size, consider scheduling for 90 minutes with a break to follow that can be used to extend time if needed.

Time Zones• Make sure to have the time zones clearly marked on all schedules of events. • Schedule the moderators and presenters who are in Europe in the afternoon and those who are in Asia

in the morning to better fit their times.

Network Resiliency

The backbone of the Symposium was concurrent Zoom Webinars that individuals hosted. If a host lost access to the Internet, a whole track could go down, so network resiliency was vital. • Have everyone involved with the event add hardware to increase network uptime, such as individual hotspots,

uninterruptible power supplies, better network cables and computer upgrades. • Make sure everyone has downloaded the latest version of the primary program (e.g., Zoom) just before the event. • Assign an alternate host for each primary host — someone who is on at all times ready to take over if the primary

host suddenly drops off, like an airplane co-pilot. • Create a noncomputer back channel where hosts and IT can discuss technical issues even if the network is lost

(MKOPSC used Google Hangouts on personal phones, which worked very well). • Have volunteers watch each session continuously in attendee mode to inform hosts and moderators of issues

using the back channel. • Consider working in a common area so issues can be more easily communicated (MKOPSC did not do this due

to COVID-19 concerns). • Have training sessions to test what happens when the Internet goes down, e.g., have a host pull the plug on her

system and see how well the alternate host responds.

Training VideosIn addition to providing written instructions to moderators and presenters, create videos of actual users interacting with the systems and use them for the event to illustrate the roles of the moderators and presenters. Describe the steps being taken while performing the key activities.

Seed Questions for Presenters

Have moderators work with presenters and panelists beforehand to create seed questions to use in case attend-ees are not asking enough questions.

Scripts

• Provide moderators with scripts they can use to introduce each session. Use of script ensures that key information is provided every time, such as names of exhibitors and sponsors, use of Q&A function for questions and overall format of the session.

• Place the scripts on a shared drive so moderators can download the latest version just before the event to capture last-minute changes such as new exhibitors.

Welcome Screens

Develop screens to show during breaks that include names of sponsors and exhibitors, time for next session, and who to contact for help.

OTHER SUGGESTIONS FOR DESIGNING A VIRTUAL EVENT

Table 4: These additional tips may be helpful when planning a virtual event.


about the methods used to deliver the content to the attendees virtually. These decisions include whether to:

• use a third-party platform to view the content

• use Zoom Webinar or Zoom Meeting

• deliver the presentations live or prerecorded

• conduct the Q&A between presenters and attendees live in-person, live through chat or not at all

• use a live or prerecorded keynote• present the panel live

or prerecorded• have live session moderators• use many or few people for the

teams delivering the event• use fixed or floating presenta-

tion start times• be specific or general in the

methods used to create the pre-recorded presentations

• use passwords to control access to the Symposium

• record the sessions for viewing on the MKOPSC website

• train the presenters on using the system

Table 3 lists these decisions along with the choices MKOPSC

made and the resulting outcomes. With these decisions made, MKOPSC set about preparing training materials for hosts, mod-erators and presenters. The core technical team (hosts and moder-ators) conducted practice sessions to become comfortable with Zoom Webinar and the transi-tion activities. Several sessions focused on responses to glitches that might occur. The bulk of the training time occurred several weeks before the Symposium, with the week leading up to the Symposium used to address last-minute issues.

Table 4 lists other tips and sug-gestions one can consider when designing a virtual event.

CONCLUSION

After making the many decisions described above, MKOPSC exe-cuted the plan and had a very successful event. All the sessions were held without a breakdown in technology or communication, even with moderators and pre-senters in Europe, Asia, Australia and Middle East. Attendees entered the Symposium easily

and moved between the sessions. All presenters showed up on time to provide live Q&A. The key-note and panel were lively and well-received.

Thanks to the hard work of the proficient and committed graduate assistants and staff who actively planned, worked, practiced and supported the Symposium for months. As always there still is room for improvement, and the team will make sure to learn from experience and share our learning with others. MKOPSC hopes the information provided here will assist others in having their virtual events go as well as the 2020 Mary Kay O’Connor Process Safety Symposium.

HENRY GOYETTE is a research fellow

at the Mary Kay O’Connor Process

Safety Center at Texas A&M Engineer-

ing Experiment Station where he men-

tors students with regard to research

topics, presentation skills and career

paths. He was Chair of the Technical

Committee for the MKO International

Symposium held virtually in October

2020. Henry Goyette can be reached




Leverage Optimization in Process Safety Decision-Making

An overpressure scenario shows how to apply this framework

By Ahmed Harhara, Mary Kay O’Connor Process Safety Center, Texas A&M University

Since the publication of Trevor Kletz’s 1978 article “What you don’t have, can’t

leak,” incorporating process safety principles has become increasingly important in design decision-mak-ing. However, while designing a safer system is indeed a goal of process safety, engineers must weigh differ-ent design options and consider their trade-offs. These trade-offs typically include an increase in system safety, reliability or some other metric for a given cost. Incorporating process safety features into a design can be costly, and often a decision has to be made whether the safety benefits jus-tify the increased cost.

Currently, the use of optimization in safety-related decision-making rarely is performed. Instead, heu-ristics are the preferred tool. For example, in multistage compres-sors, a common rule of thumb is to design the compressors to have

approximately the same compression ratio in each stage. Another exam-ple is assigning a standard weather condition in dispersion modeling or perhaps assuming a standard opera-tor response time.

While no one doubts the impor-tance of heuristics in achieving a feasible solution quickly, relying too heavily on them can lead to inefficiencies, overdesign and a lack of willingness to test out new pro-cess solutions. Moreover, even with tools such as heuristics, process safety incidents still occur, which may be due in part to the econom-ics of implementing safer designs.

In fact, Chemical Safety Board investigations reveal that cost cut-ting often is one of the root causes for process safety incidents. These cuts usually affect process safety-re-lated programs such as equipment inspection, testing and maintenance. Therefore, any framework that

improves both the economics and safety of a process is welcomed.

The use of optimization can be the resource that allows process safety decisions to be economically feasible. This article makes the case for how the process safety community can benefit from incorporating these methods in their decision-making. It provides the general structure of optimization problems followed by one example application involving process safety and economics of heat exchanger networks.

GENERAL OPTIMIZATION

PROBLEMS

While optimization problems can vary significantly, in essence the structure of an optimization model can be summarized as follows:

Objective Function. At the heart of an optimization model is its objective function. This is the mod-el’s goal as represented by a single


value and is either minimized or maximized. This value exists within some theoretical feasible region, and all other aspects of the formu-lation support solving this objective. Although frequently displayed as cost, the objective function can be based on many other factors.

Decision Variables. The objective function can be solved by adjust-ing the decision variables or, more accurately, by adjusting all of the decision variables to find the best combination. Decision variables are what the decision-maker controls. Another interpretation is that these are the “knobs” to the model that we can change. These variables can be bounded, but they cannot exist

as single values. If they exist as single values and we are not able to change them, then they are consid-ered parameters.

Bounds. The decision variables often are bounded to match system realities. For example, if compo-nent A’s mass is a decision variable, then we know that it is impossible to have a negative mass. Thus, without knowing any more about the system for this problem, we can at least restrict the solution space to zero or positive values. For more complex problems, bounding vari-ables helps to speed up a problem and achieve a feasible solution.

Constraints. Whereas bounds apply only to decision variables,

constraints apply to functions of the decision variable. In a logis-tics problem, a possible constraint might be ensuring that product demand is met from one of the possible warehouses. An example in chemical engineering might be including a conservation of mass equation. This constraint limits solutions only to ones that satisfy the conservation of mass equation. Ultimately, constraints help ensure a model follows a set of rules and does not output a solution that could not be implemented.

From the above definitions, Figure 1 highlights optimization problems that one might find in different industries. As can be seen from the

Logistics Aviation ManufacturingResearch

& Development Construction

U.S. Market Size ($billion)

1,600 850 2.234 511 1,365

% of GDP 8.0 4.3 11.1 2.6 6.8

Objective FunctionMaximize cargo

spaceMinimize fuel

expensesMinimize

material costs

Minimize thicknesses of

composite insulation

Maximize retail space

Decision VariablesShipping box

sizes, Box arrangement

Plane type, Seating

arrangement

Multiple supplier prices and their

available quantities

Lengths for different types of insulating material

Shelf locations and walkways

BoundsShipping box sizes cannot exceed 1m3

Plane type limited to

available fleet

Material ordered limited to supplier quantity in stock

Materials have fixed insulating properties

Existing floor plan

ConstraintsTotal weight

must not exceed DOT regulations

Total seats must equal

seats booked

Material ordered must be greater than or equal to

production demands

Composite insulation cannot exceed $240/m2

Walkway must comply with fire

safety regulations

SAMPLE OPTIMIZATION PROBLEMS IN INDUSTRY

Figure 1: While all these industries have different objective functions, they can use a common optimization model.


figure, optimization problems can be formulated almost anywhere. The objective function can vary from one that is purely profit-driven to one that assists in developing new mate-rials. It stands to reason then that process safety may benefit from this type of approach.

APPLICATION OF OPTIMIZATION

TO PROCESS SAFETY — HEAT

EXCHANGER TUBE RUPTURE

This example is an optimization framework applied to a traditional process safety problem, i.e., over-pressure scenarios. The problem covers a heat exchanger tube rupture — an overpressure event whereby high-pressure tube side fluid enters the low-pressure shell side. Because the rate of pressurization can occur in milliseconds, dynamic simula-tions often are performed to size a pressure safety valve (PSV) correctly using techniques listed in standards such as API 521.

For our heat exchanger network optimization problem, we extend the dynamic simulation to evaluate the potential for overpressure at all of the exchangers in a network. We evaluate the potential of a tube rupture in all hot and cold streams at all PSV sizes and calculate their respective costs.

This allows us to then generate a Pareto curve representing the safety of a design versus its cost as shown in Figure 2. For the purpose of this example, a safety rating of 67 or above is considered a safe net-work. Plants with heat exchanger networks can benefit from this type of information because it allows a visual examination of whether a system is over- or underdesigned. Also, for a plant that has a different risk tolerance (e.g., perhaps one that is located in a different coun-try), this graph can answer when it might be worth the cost to increase system safety.

CONCLUSION

The main benefit of incorporating the optimization method during the design stage is the ability to design safer systems at a reduced cost versus performing this type of analysis later in the process. By revisiting traditional process safety problems with an optimi-zation mindset, plants that have considered designs too expensive may find that more economical alternatives exist.

AHMED HARHARA is a PhD chem-

ical engineering student at the Mary

Kay O’Connor Process Safety Center

at Texas A&M University. His research

focuses on incorporating optimization

techniques to tackle process safety

challenges. Past projects he has worked

on include work on artificial neural

networks, CFD modeling, fluid flow

modeling work for the Brayton Fire Field

Training Center. Ahmed Harhara can be

reached at [email protected].

PARETO CURVE

Figure 2: This Pareto curve shows different heat exchanger network designs and their respective costs in relation to safety ratings.


Ensuring safe operation is critical in chemical indus-tries, considering the

potential risks to life, the environ-ment and equipment. This research focuses on two problems cited as contributing factors in a significant number of incidents, namely alarm system design and process control design. I propose a transformative approach for addressing safety concerns in monitoring and pro-cess control.

Traditional safety engineering concepts mostly rely on cause-and-effect-based qualitative approaches for integrating safety consider-ations. However, these methods may not capture the effects of nonlinear system dynamics and multivariable interactions in chemi-cal engineering processes.

Two quantitative approaches that capture these effects using mathematical models or process simulators are described. The first approach focuses on alarm man-agement and the second focuses on process control.

OPTIMAL ALARM

IDENTIFICATION —

MIXED-INTEGER LINEAR

PROGRAMMING

Abnormal event management (AEM) of process plants has gained significant attention. It has been estimated that $20 billion is lost due to abnormal situations each year. Efficient monitoring of pro-cess variables and timely corrective measures form the crux of AEM.

A prevalent monitoring technique currently in practice involves the

use of alarms to alert the operator in case of an abnormal event. This is achieved by configuring a subset of measured variables to trigger alarms when these variables are not within predefined operating limits. The alarms prompt operators to take corrective actions to restore normal operations. This technique requires operators to have a good under-standing of the process as well as the control and monitoring system to respond properly to abnormal events and thereby ensure safe operation.

Alarm identification is the process of choosing the subset of measure-ments that are configured to the alarm system, which is the focus of this research. When the process variables are not chosen carefully for the alarm system, many alarms may be activated simultaneously during

Rethink Safety and Control Systems DesignUse of mathematical models or process simulators can offer significant benefits

By Joshiba Ariamuthu Venkidasalapathy, Mary Kay O’Connor Process Safety Center, Texas A&M University


abnormal scenarios, making it dif-ficult for the operator to think and respond. This situation is referred to as “alarm flooding.”

On the other hand, too few variables configured to the alarm system might result in the oper-ator’s not detecting the fault, which may lead to undesired consequences. To ensure safe and efficient operation, it is important to select the set of variables from the measured process variables that help operators to identify the occurrence of a fault quickly but that do not overwhelm them with alarm overload.

Many of the current methods for alarm identification involve a quali-tative approach. Faults are identified using safety review techniques such as what-if analysis, hazard identification (HAZID), process hazard analy-sis (PHA), hazard and operability (HAZOP) and other hazard identifi-cation and risk assessment tools.

Fault propagation is studied by using qualitative model-based tech-niques such as the directed graph and the signed directed graph. The configuration is chosen such that a specific objective is met, for example, minimum number configuration and detectability of faults. Most of the existing methods ignore the quan-titative information available from process models and simulators.

To use the quantitative infor-mation in process models and simulators, an optimization for-mulation of alarm identification is developed for the first time. In particular, a mixed-integer linear programing (MILP) formulation is proposed to identify the set of measurements that maximizes the response time available for the oper-ator for the listed faults, keeping the number of active alarms at a pre-scribed minimum.

Subsequently, a linear multi-ob-jective optimization formulation is proposed to reduce the number of optimal solutions obtained for the MILP formulation taking into account additional criteria, such as the order of priority of poten-tial faults. The multi-objective formulation also has provisions to incorporate additional optimality criteria based on the faults’ severity to make alarm identification more reliable and meaningful.

The proposed formulation was applied to the case studies the systems engineering academic community commonly uses: Ten-nessee Eastman process and the vinyl acetate monomer process. Results show that the time pro-vided to operators for responding to abnormal scenarios while configuring minimal number of measurements is comparable to

that obtained by configuring all measurements.

For example, in the Tennessee Eastman process, the optimization algorithm reduced the number of measurements configured to alarm system from 41 to seven measure-ments (17%) without compromising the time provided to operators to respond, thereby illustrating the approach’s effectiveness.

PROCESS CONTROL DESIGN

USING DYNAMIC SAFE SETS (DSS)

Studies on incidents in process industries reveal that poor design and inadequate control systems contribute to more than 20% of offshore incidents and 30% of ther-mal runaway incidents analyzed. The principal causes of incidents involving runaway reactions are due to inadequate temperature control, inadequate agitation, poor maintenance, little or no study of reaction chemistry and human fac-tors. In addition to these are model uncertainties, control input and state variable constraints as well as presence of disturbances that pose challenges in the design of safer process control systems.

Process safety can be considered within the systems engineering framework by representing it as a set of constraints that have to be met, failing which may lead to


undesirable consequences. These safety-critical constraints are con-ditions that ensure safe operation of the plant without compromising process integrity.

Examples of such constraints include limits on liquid level in vessels and bounds on pressure and temperature of columns. Constraints such as limits on avail-able control input also should be included as they determine the sys-tem’s resilience. A comprehensive set of safety-critical constraints, when carefully chosen, can capture the safe region of operation for the process and hence can be used in design and control problems.

Despite efforts to accommodate safety constraints in a dynamic sense through model-predictive control frameworks and other approaches, further research is needed to address the follow-ing challenges:

1. Systematic way to define the constraints that repre-sent the safe region should be developed.

2. The safe region should be able to predict whether the system has the potential to violate state and input constraints under anticipated disturbance inputs.

3. Stability should be guaranteed for large disturbance scenarios.

Motivated by the above consid-erations, a systematic approach to characterize and define the safe region is proposed in our recently published work. Such a safe region is defined by a set of con-straints on state variables that not only guarantees safety constraint satisfaction at current conditions but also in the future by account-ing for all state trajectories under the anticipated bounded distur-bance inputs.

The work proposed the concept of a dynamic safe set (DSS) with respect to the process states to characterize and evaluate a closed-loop system’s safeness. The DSS is a collection of all states that guaran-tee the satisfaction of safety-critical constraints at any point, even when the system is under adverse safe-ty-threatening disturbances. The theoretical concepts of maximal admissible sets and reference gover-nor are used to define and evaluate the DSS.

The DSS concept is depicted schematically in Figure 1. The shaded region containing point P1 represents the DSS for a two-state system with states x1 and x2. The DSS boundary is defined by the dynamic safety constraints that are linear functions of the state variables.

The system’s dynamic response starting from point P1 shows that the state trajectory (x1) does not violate the constraint on x1 when the initial state lies within the DSS. Similarly, the state trajec-tory of x2 also should satisfy the constraints at all times. When starting from point P2 that lies outside the DSS, although x1 sat-isfies the constraint at time t = 0, the constraint is violated at a later time as predicted.

The dynamic safety con-straints that define the DSS are calculated using the theory of maximal output admissible sets. The dynamic safety margin

DYNAMIC SAFE SETS (DSS) CONCEPT

Figure 1. This schematic depicts DSS for a two-state system.


(DSM) is used to characterize the size and shape of DSS. The DSM is the maximum radius of the ball around the steady-state point in state space that lies completely within the DSS. This will provide a platform to compare system-atically the safeness of different designs. The approach currently is tested on a safety-critical exother-mic CSTR process. Preliminary results validate its potential in selecting operating conditions, equipment design and control system design.

PATH FORWARD

The research aims to trans-form how safety is viewed and

addressed in the design of process control and monitoring. The opti-mization formulation for alarm identification discussed above is the first step in designing sophis-ticated alarm systems. Currently, a hidden Markov model-based diagnoser for troubleshooting the cause of alarms is being studied. Preliminary results show potential in quickly identifying the cause of alarm signals with over 90% accu-racy in test cases.

In our recent publication, the DSS concept was defined for the simple case of a linear discrete time system that involves the linearization of the nonlinear chemical process around the

steady state. Because nonlineari-ties are present in most chemical processes, the concept of DSS will be extended to nonlinear processes in the future, where a nonlinear model of the process will be used to calculate a more accurate DSS.

JOSHIBA ARIAMUTHU VENKIDAS-

ALAPATHY is a PhD candidate at the

Mary Kay O’Connor Process Safety

Center at Texas A&M University. Prior to

pursuing her PhD in chemical engineer-

ing, she worked as a manager for two

years in the technical services division

of Jamnagar Refinery, Reliance Indus-

tries Limited, India. Joshiba Ariamuthu

Venkidasalapathy can be reached


www.chemicalprocessing.com/podcast/process-safety-with-trish-and-traci

Trish Kerin, director of IChemE Safety Centre, and Chemical Processing’s Traci Purdum discuss

process-safety issues offering insight into mitigation options and next steps.

From questioning if inherently safer design is really safer to lessons learned from significant

incidents, these podcasts have one goal:

To ensure workers return home safely after every shift.

PROCESS SAFETY

With Trish & Traci


http://www.chemicalprocessing.com/podcast/process-safety-with-trish-and-traci

Documents

FEBRUARY 2021 UNDERSTAND KEY CHALLENGES IN …...process safety courses and other courses in safety engineering such as quantitative risk assessment and system safety. At Texas A&M,