Tuesday, November 16, 2010

Can Smart Grids ever by safe and reliable? Or will they resemble the stock markets?

Today I attended a half day event at the Technical University of Denmark called “PowerEvent”. It featured several European speakers working on issues related to the future electricity production and distribution grid, which by many is called the “Smart Grid”. Google the term, and you will find it is widely used, although it seamingly remains to be established what is ment with smart.

The first presenter was professor Jacob Østergaard from DTU Elektro, who described a simulator used at DTU PowerLab to simulate the continuous pricing structure needed to integrate renewable energy producers into the electricitet distribution grid. This simulator will also be part of the EU demonstration project on the Danish island of Bornholm. The second presenter was professor Stephen McArthur from University of Strathclyde in Scotland, who talked about the use of agents performing different tasks in electricitet production and distribution. There were different types of agents using known technology, e.g. constraint programming, to solve real problems in the high voltage distribution network. The third presenter was professor Zita Vale, from Polytechnic Institute of Porto, who talked about multiagent approach to electricity market siulation considering virtual power players (MASCEM).

It appears to me that a common underlying assumption about the smart grid, is that the players - also called agents - work for the good of the system. We know from the stock market, that traders not always work for the good of the market. When the fine balance between reasonalbe and unreasonable behavior in the stock market is disturbed we get stock market crashes, from which recovery often is long and slow. The agents of the smart grid can be viewed as the traders in the stock market. However, with one major difference. In the smart grid one company may control several agents, i.e. several electricity producers - even located in different countries. This would allow the company to manipulate the market in the short term, by removing production from the grid, in order to raise prices, so their remaining production units become more profitable. From the stock market we know, that such behavior can make the whole market unstable, and from time to time indeed do. With smart grids using the ideas of independent agents – although several may be controlled by a single market player, i.e. company – a system is created that has surprising similarities to the stock market. Hence the likelyhood of power market crashes similar to stock market crashes will properly not be that rare. We know, that recovery from stock market crashes are slow, but what do we know about power market crashes? Or for that matter power market safety? i.e. stability? or reliability?

Ultimately the end user – consumer - is interested in just one things: a safe supply of electricity. For most users this would mean a highly availabilty quality supply. For electricity availability can be measured by supplied voltage (i.e. if supply fails voltages drops to zero), and quality can be measured by supplied frequency.

Can a system based on game theory with independent agents with possibly conflicting objectives be designed to provide a safe supply of a ressource extremely important for modern society? Or can games be safe?

Friday, October 22, 2010

A new definition of RISK

Yesterday I received the September/October issue of Intech by snail mail. It contains an article about safety and security, which I think every control engineer should read. The title is "Balancing security and safety with risk", and you can find it online at the ISA website. Of course the article is partly triggered by the Stuxnet virus, which got quite a bit of attention this past summer, but the article also considers the more fundamental problem of the need for control engineers and IT professionals to cooperate at the plant level.

The article contain the following definition of risk:

risk = threat x vulnerability x target attractiveness x consequence

To this date when teaching chemical engineering students and others risk assessment of chemical processes I usually define risk as:

risk = probability of event x consequence

So the question of course is: Is probability of event equal to threat x vulnerability x target attactiveness? I am not sure.
Target attractiveness clearly depends on the attracker and the purpose of this person or organisation. In case of the Stuxnet virus the creaters clearly found Siemens control systems attractive, but not control systems from Yogogawa, Honeywell or others. It clearly relates to external threats, such as terrorist attacks or cyber attacks, and not operational dangers of explosions, fires or toxic releases.

Vulnerability depends on the protective layers of the facility. However, the protective layers which prevents an explosion, a fire or a toxic release from occuring, are not the same as those which prevents a terrorist attack or a cyber attack. Although the process safety related protective layers may reduce the target attractiveness and also the consequences of a terrorist or cyber attack. While safety interlocks, emergency relief valves, emergency shutoff valves, emergency shutdown systems etc. prevent and/or mitigate explosions, fires or toxic releases, you need fire walls, antivirus software etc. to prevent cyber attacks and you need physical site barriers, such as fences etc. to prevent terrorist attacks.

So even though both the control engineer and the IT professional may talk about protective layers the nature of these layers are quite different. The IT professionals protective layers aim to prevent an attacker from reaching a target. The control engineers protective layers prevents the process from operating outside the safe envelope. The IT professionals protective layers protect against an unknown attacker. The control engineers protective layers protect against a known process becoming unsafe.

Finally threat depends also on whether you look at the situation from the view of the IT-professional or the control engineer. To the control engineer the threat or danger of the process becoming unsafe are things like: run away reaction, loss of cooling, etc. To the IT professional the threat is anyone attempting to get unauthorized access to the system - or physically to the site. Again while the words are very similar the focus is quite different. Control engineers and IT professionals should keep this in mind while they need to cooperate about securing the process control system - and hence the plant site from undesired events.

Wednesday, October 20, 2010

Executive orders - the new way towards safer workplaces?

Some times working in the process safety area can be really frustrating. Accidents seems to continue to happen - also the ones, which we should have learned from - and regulations seem rather slow to change. Today, however an e-mail from the CSB, hinted at a new an quicker way towards safer workplaces: the executive order.

Following its investigation of the fatal accident at Kleen Energy in Middletown, CT, the CSB called the practice of cleaning natural gas piping in power plant by blowing natural gas through them an inherently unsafe practice. The CSB issued urgent recommendations to OSHA, NFPA and ASME to prohibit and/or change the practice of natual gas blows. As with many other good recommendations from the CSB, we are still waiting to hear from OSHA and NFPA on this recommendation to create safer workplaces.

Governor M. Jodi Rell of the State of Connecticut, where the fatal accident occured appearantly did not want to wait any longer. So the governor has issued an executive order banning the use of natural gas blows during power plant construction in the State of Connecticut. For this the governor should be highly applauded! He took action to prevent any further loss of life in his state from an inherently unsafe practive.

Of-course the CSB would like other state governors to take actions similar to that of the State of Connecticut. I however, find it very disturbing that such executive action is necessary and it certaintly don't make it any easier to find out what you can and cannot do when constructing or operating process plants.

There seem to be little connection between the event at Kleen Energy earlier this year, and the spill of toxic red sludge from an aluminia plant in Hungary earlier this month. That is only on the surface. Both are examples of inherently unsafe practives. The procedure of the Hungarian plant to keep on producing a waste product and just storing it on site is an inherently unsafe operational practice. Likewise the idea of blowing natural gas through buildings during plant construction is an inherently unsafe construction practice.

It is many years since Trevor Kletz published his book outlining the ideas of inherently safer plants. At the same the idea of sustainability in construction as well as production appears everywhere. Companies as well as many internatonal and national association produce statement on sustainability. Universities at the same time create courses on the topic. But can we see the results? Are we creating and operating plant in more sustainble fashion? Or are we as an industry just waiting for the next round of regulations from our governments?

Just like it makes sence for industry to look at internal energy consumption, it also makes sence for companies to look at inherently safer production. So why is it not happening?

Thursday, September 09, 2010

What has freedom of choice in computer operating system to do with process safety?

Today I attended a one day conference in Copenhagen on the open source office productivity suite OpenOffice.org, which is actually owned by Oracle after their acquisition of Sun Microsystem last year. The conference was organized by the Danish Open Source Suppliers Organisation at the Museum of the Carlsberg Brewery in Copenhagen. This museum is normally not open to the public, so your only change to visit is by attending an event there.

The conference started by well published story about how Münich converts 15.000 PC to OpenOffice.org. Not much new here except for their Java based formular extension Wollmux to OpenOffice.org. The step by step approach used by the people in Munich have been described in a whitepaper published by Sun Microsystems a few years ago. Later in the day Oracle gave a presentation partly based on this paper.

Novell's Flemming Stensgaard gave a presentation titled "OpenOffice - and what is then the next steps?" in which he argued, that reading EULA's could pay off well by avoiding CAL payments by switching to open source solutions. His basic theme was, that when you have a domination market share, then you can only grow by finding new revenue sources.

The OpenOffice.org community has just celebrated their 10th anniversary in Budapest during their annual conference attended by about 65 persons. The community have noticed a major difference from the very open approach used by Sun Microsystems to the more closed approach used by Oracle. This was also evident from the days two presentations from Oracle. There appear to be a very tight lid on any news prior to Oracle World in a couple of weeks.

Well, the above is just introductory remarks to my main point: user choice! The final presentation of the day was by IBM Danmark, the main sponsor of the event. They explained how their employees could choose between a Windows PC, a Linux PC or a Mac. They even had the option to bring their own PC to work. And yes, there is a significant number of IBM employees, who do their computer work using an IPad. Freedom of choice drives innovation! - at least at IBM.

Could we make the same happen in process safety? When I worked in the process industry the company I worked for allowed any type of process control system - as long as it was made by Honeywell. We had system engineers which made wonderful things happen with the old PMX I system (no GUI, just a character based CRT).

In process safety we attempt to make every do thing exactly the same way. We perform a job analysis to ensure the job is done according to the written procedure every step of the way. We have done this for years. Has it improved our overall safety performance? I don't think so. But it has properly kept one or two intelligent technicians from suggesting procedure improvements. In other words we have blown away new ideas before they could lit our thinking. Does this make sence?

What do you think? If you have time take a look at connections - social software for a company.

Thursday, July 29, 2010

Is CSB on the right track?

On July 21st the CSB annonced the publication of report on 2009 Explosion at Veolia ES Technicla Solutions, L.L.C. Hazardous Waste Facility. Your can find details under Instigations on the web-page Veolia Environmental Services Flammable Vapor Explosion and Fire including a pdf-file of the report, which the CSB calls a case study.

The facts of the incident on the surface appears rather simple: A flammeable substance was accidentally released to the environment and the vapours found a nearby ignition source resulting in several explosions and a fire plus injuries to a number of workers and damage to nearby residences and businesses. On the surface this sound very much like what happened on March 23rd 2005 at the BP Texas City Refinery. Only difference appear to be that at West Carrollton in Ohio no one was killed, and damage was significantly less than at Texas City.

So what did CSB find? They found that the vent devices (I assume they mean on the feed and product tanks) were not designed to contain or control hazardous and/or toxic vapor. They also found that the ignition source was most likely some gas-fired boilers in an electrically not classified building less than 10 meters south of the process area. Finally the found, that no record of a process hazard analysis (PHA) of building siting was found.

And what does CSB recommend? They recommend that non-essential personal don't have offices in buildings close to process areas, and that a closed relief system be installed at the facility, and a PHA of the facility is conducted. I have absolutely no problem with these recommendations, although I would have put the PHA first, the relief system second, and the occupancy third. Why? I used to work a the operations room at Imperials Oils Sarnia Polyethylene Plant. This one-story building was not much more than 10 meters from the process area and about 30 meters (on the other side) from a benzene extraction unit. I newer felt unsafe in that building. The doors were 20 cm thick steel doors, and the surroundings were landscaped to help a pressure wave pass over this concrete building containing both control room, unit laboratory, offices for engineers and others associated with the unit including secretarial staff. The building was designed for the occupants to survive the worst possible event, e.g explosion of the benzene extraction unit. So buildings can be designed to be safe for the occupants! This is nice if your relief design for some reason fails, as it did at the BP Refiney in Texas City in 2005, or is insufficient, as it was at the Veolia site.

However the CSB does not stop with these 3 recommendations. They also recommend revisions to NFPA 30, revised control room siting guidelines, development of occupancy standards specific to hazardous waste treatment facilities, and development of standardized guidance for hazardous waste processing facilities. The last two recommendation are aimed at Environmental Technology Council, which here in the middle of 2010 have not reacted on two recommendations following a 2006 fire at another hazardous waste facility. All in all this explosion and fire resulted in 7 recommendations from the CSB to 4 different organisations. I wonder what the change is of this leading to safer processes?

Were is the teeth in this? What is going to make all the other operators of hazardous waste processing facilities stop up, do their facility PHA and act on it? Because I do assume, that there are other waste processing facilities without a site PHA. I am also concerned, because in my own country, Denmark, I see tank farms as closely spaced at the ones at Veolia, but with neighboring tanks having different owners.

As an added bonus I learned from reading this case study, that the National Fire Protection Association is an international non-profit organisation. This was confirmed by going to the NFPA web-site and selecting the "About NFPA" bottom. Recently another American organisation went international. ISA formerly known as "Instrument Society of America" after much discussion became "International Society of Automation". I wonder if the NFPA will become the IFPA, and develop standards following ISO instead of ANSI?

Monday, July 12, 2010

Why can safety systems be switched off?

On May 5th, 2010 Jim Montague's editorial column at ControlGlobal.com ended with a call for safety rules and laws with teeth, and calling the present US enforcement a joke.

On the way to that call Jim stated that "safety measures and guards are still shut off, disabled and circumvented all the time" to meet demands "from all us consumers", and that is "why refineries, chemical plants and coal mines keep blowing up".

This statement made me think: Why is it that we engieers and managers continue to ask people to use machines, which can be run without guards in place? To create a safe workplace we should properly stop doing that right now! I hear argument against this: The machines has the safety features required by law, and it would be costly to retrofit them, so they cannot run without the safe guards. Yes, it will cost money to modify the old machines, and these cost are all carried by the company using the machine. Unfortunately, that is not the case with the cost associated with injuries because the safe guard was not in place while the machine was running. The cost of such injuries are shared among the company, the worker and society.

Why is safe to run a process facility without a safety valve while it is being checked in the workshop? There has for more than 10 years been available dual head safety valve, which allows online switching between two parallel safety valves, so one can be taken to the workshop for testing and calibration of set point etc. Now the safety valve is just one example. One could ask the same question about any safety system, such as an interlock or an emergency shut down system. Such system are added to the process to provide protection against specific undesired events. Then why do we allow them to be designed to be switched off while the events they are to protect against can still occur?

I think it about time we take process operations integrity one step further, and ask engineers to design process facilities with integrated safety, that cannot be disabled while the events they are protecting against can occur. Such an approach would properly require a few extra planned shut downs. However, the price of those would be small compared to the unplanned shut downs of events such as the explosion and fire on the Deepwater Horizon, which occured on the day Jim wrote his editorial column. The cost of that accident is already above 3 billion £, and the value of BP shares has been halfed.

Monday, July 05, 2010

What process safety goals makes sense?

In the past week there has been a dynamic exchange of views on what the goal of process safety and occupational safety should be in two different groups on LinkedIn: EHS Professionals and People, Safety and Culture.

I all started by Rob Stewart stating "Zero injuries goal - leading edge safety or root cause of catastrophe?", and asking whether this goal is a realistic goal. Since I believe the purpose of process safety is to prevent accidents and the purpose of occupational safety is to prevent injuries, I see zero accidents and injuries as the only goal, which makes sense from a business perspective.

Why is this the case? Any accident with anything more than negligible consequences lead to an investigation. An investigation take time and cost money. That time is taken away from other task, such as optimizing plant performance or training co-workers. The cost take away from company profits, and hence is definitely not in the interest of shareholders. The same holds for injuries, although depending on the type of injuries the cost of investigation could be less.

If you set a non-zero goal for either injuries or process safety accidents, then you could be unlucky enough to achieve the goal you set. Usually achieving a goal is celebrated. However, how proud would you by celebrating the achievement of a goal of 0.2 fatalites/year and/or 5 reportable injuries per year? I don't believe any manager would feel good about celebrating a fatality. Setting a non-zero goal and achieving it really just mean, that you made a lucky prediction.

Now, if you are currently experiencing X reportable injuries per year and Y fatalities per year, would be realistic to achieve zero the following year? I don't thing so. Getting into the heads of the CEO and every other employee that the aim is zero injuries and zero accidents, is a major safety culture change in most companies. So why the aim should be zero you should be realistic about how to achieve this over time.

This is very similar to how countries budget for wars. No politician is going to stand up, and say the goal for the next year is Z dead soldiers. The goal naturally is to win the war, and have everyone return home safely. Nonetheless the people in the budget office have to set aside money for cost associated with soldiers dying at war.

I have always admired the attitude towards safety at Dupont. When I worked in the petrochemical industry in Sarnia's Chemical Valley in the mid eighties, the most talked about effort in most of the companies was quality. This was partly started by Ford's "Quality is No.1" campaign. So most plant managers in the valley those years talked first about quality, and then about other issues facing their company. At Dupont is was different. The local Dupont manager - as usual - first talked about safety, and then about other issues.

So if you want to set business related aims for process safety accidents and occupational safety injuries, then you need to keep your eye on the ball, no matter what changes is happening in the world around you. Let's do it!

Tuesday, June 15, 2010

Do I want my drugs to be delievered using nanoparticles?

As you may be aware of there is increased focus on the safety of nanoparticles. Googling 'nanoparticles, safety' will get you get more than ½ million hits. Add the term 'FDA' and this is reduced to just under under 200.000 hits. This and the fact, that my son, who is a Ph.d.-student at DTU-Nano this past weekend told me, that appearantly nanoparticles ones the enter the body don't get out again, is why today I have been attending a one-day seminar on “Polymers in Drug Delivery” arranged at IDA by the Danish Society for Polymer Technology.

The seminar opened with a state-of-the-art presentation by Jean-Francois Lutz of the Fraunhofer Institute for Applied Polymer Research in Germany. He first outlined the avenues of drug delivery: oral, intravenous, transdermal, regulated pumps, aerosols or suppositories. He started by stating, that the first polymer used for drug delivery was discovered in 1929 and during the following 80 years this has resulted in more than 20.000 publications by only 5-6 products on the market. I am talking about PEG or polyethyleneglycol, which is uncharged, water soluble and also soluble in many organic solvents. There are 4 types of ways of using polymers in drug delivery: Prodrugs – polymer drug conjugates of which paclitaxel is a samle product, micelles – no products yet, but a japanese researcher have 10 in clinical trials, capsules – microobjects eg encapsuable ipoprofen crystals, and hybrid nano particles – examples are gold nanoparticles surrounded by citrate. A new area is viral gene carriers – again with no products.

Next Kenneth Howard from iNANO at Århus University toke the stage. He described delivery of gene silencing therapeutics including results of tests on animals using chitosan and siRNA, which self assemble into nanoparticles for treatment of radiation induced flammation (RIF) and rheumatism. There is no know treatment for RIF, and rheumatism often affect women in their early 40's with – as far as I know – just pain relief as a possibility.

Then Michael Stolzenburg was supposed to talk about PLA-PEO vesicles for drug delivery. Shortly after starting his presentation he felt sick and left the room. Quite some time elapsed before the meeting chairman left to see how Michael was doing. However, the audience was not informed about his condition. I guess the message from this seminar management was “the show must go on”, since a colleaque of Michael completed the presentation, at the end of which the chairman remarked 'it is very nice to have a back-up'. I was very happy to chat with Michael during the afternoon coffee break, but a bit asammed, that I did not take action.

During the day I also learned about smart hydrogels for drug delivery, and medical chewing gum (you properly know the once smokers use to stop smoking?). Finally I learned about spray dried siRNA loaded PLGA nanoparticles and supercritical carbondioxde for making silocone based medical devices. Really a very good learning experience about something I did not know much about, and which could possibly affect us all.

Now to the question of the day: Would I take drugs using nanoparticles? Before I give the answer you have to understand, that nanoparticles ones they enter your body does not seem to leave it again. So one shold not overlook the fact, that nanoparticles could accomulate in my body, and that we really have no knowledge of the long term effects. Yes, I properly would take such drugs. If I had RIF and was offered one of the describe drugs I would consider the risk of the drug lower than the risk of untreated RIF. I have taken such decisions before in my life. Some years ago I toke arenesp to stimulate my bone marrow. Unfortunately I was a slow responder, so before my system responded I was taking rather larges doses of arenesp. Unknown at the time was, that large dosis of arenesp increases your risk of blood clouths. Eventually, I got a blooth clouth in my left leg and also in both lungs. I was lucky, and survived. Using modern medicine will always be a tradeoff between the benefits of the drug and its known or unknown side effects. At the time I started taking arenesp the side effect, which hit me was not known.

Process safety is much like deciding whether to take a new drug or not. A differnet chemical route may avoid a very toxic intermediate, but could involve more severe process conditions. Trade offs cannot be avoided.

Tuesday, June 08, 2010

Loss Prevention 2010 Continues in high Gear!

The second day of the triannual process safety conference in Bruges started with two plenary presentation. The first titled "Challenges and needs for process safety in the new mellennium" was given by Sam Mannan from Mary Kay O'Connor Process Safety Center at Texas A&M University in USA. He introduced the terms NIMBY - Not In My BackYard and BANANA - Build Absolutely Nothing Anywhere Near Anyone, and immediately rejected both ideas. In stead he argued for continued learning and improved communications. In passing he incorrectly stated, that several layers of protection failed at Bhopal in 1984, which is only true if incorrect management decisions can be considered a failure of a protection layer. He also argued for increased research in process safety and development of technology for deep water drilling. I am not sure that is the correct medicine. If one reviews the major negative events in the process industry over the last quarter century, Then a surprising large number them are caused by some failure of management. This was the case in Bhopal in 1984, when management without proper review removed and/or in other ways disabled 3 systems, which could have mitigated the catastrofic release of MIC. No failure of technology was involved in that watershed event!

The second plenary was by Vincent Tam from Centre for Fire and Explosion Studies at Kingston University in London. His presentation "The Buncefield Accident: Why is the Explosion so Severe?" attempted to give a scientific explanation for the severe explosion damage observed on buildings and cars around the Buncefield Oil Depot after the explosion and fire in December 2005. Both this mornings speakers pointed out, that Buncefield was not a one of a kind event, but had happened before, and also since. This points to the disturbing fact, that learning from accidents are not really taking place unless goverments institute additional regulations.

After the plenaries I chaired another session about human factors and safety management systems. Today with a clear focus on the former. The first presentation by Ronny Lardner from the Keil Centre in Edinburgh described how they had reduced errors in electrical isolation work on one of BP's platforms in the North Sea by looking closely at performance shapping factors, such as no independent review, unnecessary interruption of critical tasks, and workload. They destinguished between intensional and unintensional errors.By removed interruptions during execution of critical task the number of unintensional errrors on the platform was reduced by almost 2/3.
The second presentation titled "Procedural Controls for Major Incident Hazards" and given by Paul Delanoy, who is a chemist and chemical engineer with The Dow Chemical Company at King's Lynn in the UK. This work focused on task decomposition - an idea central to the work on MFM by Morten Lind at DTU-Elektro.
I think these two papers are some of the best I have heard at this years Loss Prevention symposium, and I hope these results will be published to benefit a larger audience.

The mornings third presentation was by Xavier Cricl from Fire Protection Consultants in Antwerpen. It was titled "Unified Emergency Management in the Port of Antwerp", and described a web-based system for communication between different actors at different levels during an emergency. I believe, that such systems take too much for granted. What means of communication do the stakeholders have in an actual emergency, which could include a complete power outtage in the city of Antwerpen? I also did not feel comfortable about their attention to ensuring the availability of communications lines in case of an emergency by daily testing, as is done by CVECO in Sarnia, Canada. I also wonder about where their emergency centers were, and if they had a mobile emergency operations center, as in Sarnia.

Af lunch I gave a short presentation titled "25+ years after Bhopal - Have we learned the lessons? Properly NOT!", The point of the presentation was that governments continue ot create new regulations for the industry, because the industry does proactively do that on its own either through organisations such as Responsible Care or CEFIC or ACC, There was standing room only in the auditorium for this presentation.

Later in the afternoon the Chemical Safety Boards was awarded the EPSC Process Safety Award for their excellent series of free videos produced sinde the BP Texas City explosion. After this the EPSC showed the 7½ minutes management video developed in collaboration with the WP Loss Prevention based on a suggestion from Peter Schmelzer from Bayer 4 years ago.

Many conference attendees finished the day by enjoying a mediaval dinner at a former church in the center of Bruges. The show was impressive and the food was extremely tasteful.

The symposium finish with a half day of presentations tomorrow.

Monday, June 07, 2010

Loss Prevention 2010 off to a Good Start!

This morning the Loss Prevention 2010 international symposium in Bruges, Belgium opened with a keynote address by J.M. Jaubert from Total titled “Safety Expectations versus Field Achievements: Bridging the Gab”. The background was that Total in 2009 after several good years experienced 4 fatality events. The company board in august of 2009 started a detailed review of process safety, which resulted in many recommendation: 15% of recommendations related to process technology, 40% related to human factors, and 45% related to organizational issues. Total for several years have had a safety culture program. I guess they forgot to audit the quality of the program.

After the presentation the Danish safety expert J.R. Taylor asked if part of the problem was management via a large amount of e-mails. To this question Jaubert responded, that part of the problem was lack of regular visits by management to the plant due to pressures with responding to e-mails and creating presentations. I recall having a manager of the Esso Chemical Canada site at Sarnia, Canada, who spent two mornings a week talking to people in the control rooms and the maintenance shows just to keep in touch. Eddy de Rademaker, the chairman of the symposium organizing committee, beat that by stating that in his first job many years ago he had a manager, who each morning toured his plant before he went to his office. Along the same line a Danish refinery a few years ago found, that contractor performance increased in both safety and quality of work, when they assigned employees to keep contact with them on a daily basis.
A representative from the Health and Safety Executive in the UK raised the issued of the impact of available skills as the result of downsizing and outsourcing activities. I did not hear a direct answer to that question.

The triannual 2½ day Loss Prevention symposium is arranged by the EFCE Working Party on Loss Prevention and Safety Promotion. Previous symposia were in Edinburgh (2007) and Praha (2004), and the next one will be in Firenze (2013). The members of the Working Party, who have been appointed by their national engineering organizations, constitute the technical program committee for the symposium. The current chairman of the Working Party is George Suter from Switzerland, and after this symposium Eddy de Rademaker from Belgium will take over as chairman.

After the morning coffee break I chaired a session on Human Factors and Safety Management Systems at which 4 contributions was presented. The first work “Experiences in Assessment of Safety Management System” was presented by Fabrizio Gambetti from ENI in Italy. Fabrizio graduated from Polytechnic of Milano with an aeronautical engineering degree, and is thus another example, that the initial degree may have nothing to do with your current employtment. He is currently safety manager supporting development of the safety management system for Eni owned and operated refineries. In his presentation he touched upon the different views of operators and management on process safety, issues relating to HSE and contractors, and the need for KPI's. Unfortunately questions from members of the audience kept me from asking if his company would be willing to share values of KPI's for the company as a whole or from individual refineries, as part of their communication with neighbours according to Responsible Care.

The second work was “Process Safety Metrics, Diagnosis and Control – Aspects of a Holistic Approach” presented by Bert Knegtering and co-authered by Professor Emeritus Hans J. Pasman currently working at Texas A&M University. Bert in his presentation touched upon the complexity of organizations, occupational safety – as in Shell's Hearts & Minds program – and process safety, and how different layers of protection may shift with time. I need to re-read his paper – and possibly his thesis – in order to understand the implications of this work.

The third presenter was Steve Tanzi, a chemical engineer with PricewaterhouseCoopers, who has worked with Mike Broadribb from B.P. America on a presentation titled “One Company's Experience with Process Safety Metrics”, which of course is linked to the recommendations of the Baker Committee after the Texas City explosion on March 23rd, 2005. The audiences questions the number of indicators proposed – more then 50, and I asked about who had responsibility for acting on an indicator. Steve explained, that in connection with each measure a person responsible for the quality of the measure was apointed, and another person responsible for acting on the indicator, plus to other with other responsibilities relating to the measure. I still tend to agree with Peter Schmelzer of Bayer, that the number of indicators should be drastically reduced – properly to less than 5 – for SME's to cope with them.

The final and fourth presentation was “Governance of Process Safety within a Global Energy Company” given by Mark McBride, a chemical engineer with Centrica. His presentation focused on three areas: leardership, accountability and stakeholder engagement. He questioned whether safety issues at powerplant that fall under the Seveso II directive was any different, than at those that did not. When questioned after the presentation Mark explained than Centrica HSE Committee consist of both directors and board members. I pointed out, that there are companies, who have committee of the board consisting of non-company employees overlooking safety issues at the corporate level.

A very good start on an excellent conference programme on loss prevention and safety promotion.

Saturday, May 01, 2010

Consequences of Deepwater Horizon Explosion...for BP?

I all started almost innocently with news on April 21st about an explosion on an oil platform of the coast of Louisiana in the Gulf of Mexico, see for example the breking news on the gCaptain site.
Later followed news, that 11 persons were missing, and already on April 23rd news that the rig was sinking sparked pollution fears, see for example the Guardian site.

Today 10 days after the explosion it is clear that a major oil slik is moving towards the coast of Louisianna. Why did the BOP not work? The whole exploration industry and particularly the crew on the sister platform to Deepwater Horizon are of-course waiting for answer to the question: What happened?

At the time of the explosion the Deepwater Horizon was under contract to BP Exploration. This mean the explosion is the second double digit fatality disaster to hit BP within the last 10 years. What will be the consequences of this for BP?

At the time of the Exxon Valdez disaster in Alaska, I remember reading a news story, which stated, that only two companies in the world had the economic means of surviewing such a disaster: Exxon and Shell. The current situation in the Gulf of Mexico have already been compared to the Exxon Valdez disaster. So what will happen to BP?

For a summary of the long term impact that the Exxon Valdez diaster had on the environment in Alaska read the report Summary Points: 10 Years of Intertidal Monitoring After the Exxon Valdez Spill from the NOAA, which states that 10 years after the event the causal observer would not see any oil damage. Given the warmer climate in the Gulf of Mexico we can hope for a similar positive outcome from the current disaster.

Once the events just before the explosion on the Deepwater Horizon has been analyzed, and a casue for the explosion determined, than another consequence could well be stricter regulation for exploration off the coast of Norway and off the east coast of Greenland. We have to wait an see.

Monday, March 01, 2010

CCPS Process Safety Beaon - how can we improve it?

Each month I read the CCPS Process Safety Beacon with great interest. It provide well documented examples of what can go wrong. They are excellent for getting students attention by a short presentation with just one or two presentation slides.

The topic this month is about facility siting, and a simple slide with pictures fra the destroyed BP Texas City Refinery unit quickly get the attention of engineering students, and it is hoped that they then will not locate trailers and other temporary facilities for people close to sources of potential hydrocarbon releases. But do they really understand why? Or do they walk away thinking, that the explosion on March 23, 2005 at BP's facility in Texas City was just a case of poor facility siting?

The Process Safety Beacon usually have two sections. A section, which describe something, that went wrong, and a section about what you can do. This months what-you-can-do-section contain six bullet points requiring the reader to understand, point out, assure and insist - all positive actions. However, one of the middle bullets starts don't!

I think the Process Safety Beacon would be better with fewer bullets and more focused bullets that all are formulated in a positive maner, e.g. know were to seek refuge prior to starting work. Or in stead of "As soon as you become aware of a flammalbe material release which could create a vapor cloud, follow your plant's emergency procedures, including sounding evacuations alarms ot ensure that non-essential personnel evacuate process units and nearby buildings". That is a rather complex task! First the person need to evaluate if the release is flammable oor not. Second the person need to evaluate if the material could form a vapor cloud. Only if both answers are afirmative should the emergency procedures be followed. However in following these the person is further required to consider questions such as: What is non-essential personnel? What are nearby buildings? Nearby to what? I believe the message a) that your plant should have emergency procedures, b) that you should know your plants emergency procedures, and c) that the procedures should be followed for ANY release is completely lass in trying to be specific.

I also think people should be encouraged to go to a web-site such as www.safetybeacon.org or safety.aiche.org for more information - not www.aiche.org/CCPS/Publications/Beacon/index.aspx - and the site web-server should be smart enough to display the index page if the 'index.aspx' is omitted or misspelled.

Furthermore if you manage to find the archive you find yourself at a different place. You are no longer at the AIChE website or the CCPS website, you are at the SAChE website. Maybe there are good historical reasons for this, but the CCPS Process Safety Beacon deserves in my opinion to be presented by professionally than is currently happening.