An effective loss-of-containment (LOC) reduction program should identify and assess the chemical hazards present in the facility and consider the potential for equipment failure and human error.
Even if you are not a process safety expert, you know that a hazardous chemical release can have dire consequences, such as serious injuries, fires and explosions, environmental damage, and delays in production or research. If you work at a facility where hazardous chemicals are handled — including a plant, pilot plant, or laboratory — you should be aware of the dangers of loss of containment (LOC) of hazardous materials and how to respond or evacuate if an LOC incident occurs.
Process safety programs help to prevent and mitigate the effects of LOC incidents and other potentially hazardous events associated with the use and storage of toxic, flammable, and reactive chemicals. Implementing appropriate process safety systems is necessary even if your facility is not covered by process safety management (PSM) and related federal, state, and/or local regulations — e.g., the U.S. Occupational Safety and Health Administration (OSHA) PSM standard, U.S. Environmental Protection Agency (EPA) Risk Management Plan (RMP) rules — based on the types and quantities of hazardous materials present (1, 2). In many cases, even small releases can have serious consequences. This article discusses some of the most important process safety systems that reduce the potential for LOC incidents and the associated risks.
Loss-of-containment (LOC) incidents
LOC is generally the largest category of process safety incidents, ranging from small releases of relatively non-hazardous materials to catastrophic events that involve large releases of materials and/or energy. The consequences of LOC depend on the intrinsic hazardous properties of the materials released, as well as the processing conditions, such as concentration, temperature, and/or pressure.
For example, a small release of a highly toxic material can have more serious consequences than a much larger release of a nonhazardous material. Likewise, a small release of a flammable material above its flashpoint may be more serious than a larger release below the flashpoint. Just as a release of cold water is probably not as serious as a release of high-pressure steam, a release in a laboratory hood might not be as hazardous as the same release outside of a hood in a pilot plant or manufacturing facility. Even if the consequences are not severe, extensive cleanup activities may be required and operations or research activities may be disrupted.
Before hazardous chemicals are used, knowledgeable and experienced personnel should carefully evaluate a range of failure scenarios that can cause LOC. Determining the potential consequences and process risks associated with a release helps to ensure that appropriate safeguards and practices are implemented to prevent and mitigate possible releases.
Many significant chemical incidents, including many of those investigated by the U.S. Chemical Safety and Hazard Investigation Board (CSB), involve LOC. An LOC incident can be caused directly by equipment failure or operating problems, or indirectly by a process event, such as pressure buildup, a runaway reaction, or dust deflagration, that causes emergency venting or loss of vessel integrity (3).
In one LOC incident, a chlorine transfer hose ruptured during railcar unloading, releasing 48,000 lb of chlorine (4). The CSB concluded that the facility’s quality assurance system was a cause of the event, as personnel did not ensure that proper hoses had been received and were being used. The facility’s testing and inspection program also did not include procedures to ensure that the emergency shutdown system would operate as designed.
In another incident, gasoline that was being offloaded from a tanker ship overflowed from a large storage tank into a secondary containment dike. The overflowing gasoline formed a large flammable vapor cloud, which ignited and caused an explosion and fire (Figure 1) (5). The CSB found that inadequate procedures, design flaws, and control failures were causes of the incident.
These incidents illustrate that many types of failures — equipment failures and human error, as well as inadequate management system implementation or execution — can cause serious LOC incidents. The next section discusses the elements of an effective safety program necessary to anticipate and reduce the potential for LOC events.
An effective LOC reduction program
An effective LOC reduction program must identify and assess the hazards, evaluate the range of potential causes and consequences, and provide appropriate safeguards and systems to help reduce the potential for serious LOC incidents.
Many LOC incidents relate to equipment failures caused by mechanical integrity problems, such as inadequate equipment installation, poor (or lack of) preventive maintenance, and inadequate analysis of the lifecycle of equipment components. Incidents may also be rooted in inadequate hazard evaluation, poor equipment design, poor procedures, failure of employees to follow procedures (operational discipline), lack of incident and near-miss investigations, ineffective emergency planning and response, and poor training. Any approach to preventing and mitigating the consequences of LOC must therefore consider a wide range of possible system failures encompassing all aspects of process safety.
An effective LOC reduction program consists of six steps:
- Identify and assess the chemical hazards present and eliminate or reduce hazards when possible.
- Manage the risks of potential LOC events.
- Reduce the potential for human error.
- Reduce the potential for equipment failure.
- Learn from LOC events.
- Manage changes to reduce the potential for LOC.
1. Identify and assess chemical hazards
The first step in designing a program to reduce the potential for LOC is to identify and assess the chemical hazards (2, 6). If toxic, flammable, reactive, or otherwise hazardous chemicals or materials are used or stored in the facility, then a risk of LOC likely exists and must be further evaluated to help ensure that appropriate safeguards and systems are in place.
Although the chemicals involved might not be present in sufficient quantities to be covered by regulations and/or internal company standards, they might present LOC risks that need to be evaluated. For example, a flammable mixture of 8,000 lb is below the OSHA 10,000-lb threshold quantity, but a significant risk of fire and/or explosion could still exist. It is also desirable to, wherever possible, reduce or eliminate the use of hazardous chemicals to lower the risk of LOC. Put simply: What you don’t have can’t leak (7).
Begin the review process with a systematic assessment of hazards (e.g., flammability) and hazard level (e.g., flashpoint) of the materials in your facility. Safety data sheets (SDSs) can help and should be reviewed, but SDSs for the chemicals involved must be supplemented by other sources of data. For example, SDSs do not typically provide the reactivity of chemical mixtures that could lead to runaway reactions and LOC events. The hazard assessment team may need to conduct a literature search, create models, or test mixtures in a laboratory or pilot plant to help identify and understand potential reactivity hazards.
To assess the hazards, it is necessary to first define the boundaries of the process of interest. These process boundaries may correspond to the entire facility or subsections of it. Compile a complete list of all raw materials, intermediates, products, and utilities within the boundaries of the process. As appropriate, also track amounts, rates, state (vapor, liquid, solid), compositions, etc. of the process streams. The level and nature of the hazard will vary in different process areas and depend on the quantities of chemicals, the intrinsic material properties, and how the materials are being used.
For example, a tank farm that contains a variety of chemicals stored as liquids at ambient temperature will likely have significantly different hazards than a manufacturing process that has some of the same chemicals being reacted at high temperature or pressure or than a research facility reacting the chemicals in much smaller quantities under a laboratory hood. Consider also the potential for chemicals and materials from within the boundaries of one process to inadvertently enter another process area, possibly introducing new hazards.
2. Manage the risks of potential LOC events
What you don’t manage will leak (8). Risk management reviews should be conducted to determine the causes and consequences of potentially hazardous LOC (and other) events that result from the absence or loss of engineering and administrative controls for the process (1, 2, 6). Established risk-assessment methods — such as process hazards analysis (PHA) — provide insights into the type, severity, and likelihood of injuries, property damage, and environmental harm for a range of LOC events. The risk management review also identifies the safeguards and systems needed to manage these risks.
A small LOC event could be caused by a small-diameter hole in a vessel or pipe, or possibly a procedural error, such as an employee leaving a valve open or in the wrong position. Catastrophic failure events involve a sudden failure of a piece of equipment, structure, or system that causes a major LOC of chemicals or release of energy. Although catastrophic failure events are not common, the consequences of such events can be significant; therefore, multiple safeguards should be put in place to manage the risks.
The EPA’s areal locations of hazardous atmospheres (ALOHA) modeling software (9) and many commercial models are available to calculate the areas impacted by LOC events (e.g., spills, holes in pipes, pump leaks, stack releases) to support a risk management review. These models typically require inputs such as physical properties, release conditions, meteorology data, and levels of concern (i.e., gas concentrations) for various consequence thresholds.
The primary goal of modeling is to determine the area that could be impacted by the release for the defined input conditions and level of concern (Figure 2). For example, for a large chemical release, the model would calculate the distance to a toxicity and/or flammability level, such as emergency response planning guideline (ERPG) levels or the lower flammability limit (LFL). The risk-assessment team must then interpret the model results to evaluate the potential health and flammability effects — i.e., the type, severity, and number of injuries and other impacts — within the area impacted by the release to help understand the consequences of the event. This requires consideration of:
- how many people may be exposed to the LOC event
- how long they may be exposed
- the properties of the hazardous chemical
- the presence of ventilation and exits
- the effects (e.g., toxicity, flammability) that the hazardous chemical may have on people. For example, for toxic materials, this includes the acute toxicity of the material, how the material affects the body, and whether exposure to the material will affect a person’s ability to evacuate.
Consequence modeling can also be used to assess possible secondary effects of the event, such as damage to piping or vessels in other parts of the facility, which can cause additional injuries or property damage. In addition, consequence modeling can be used to evaluate the effectiveness of certain preventive or mitigating safeguards.
The risk management evaluation and consequence modeling identifies safeguards to manage and mitigate risk. Safeguards might include:
- process design features that minimize the potential for LOC events
- safer operating practices
- more informed and effective testing, inspection, and maintenance procedures
- detection, containment, and/or mitigation systems.
The results of the risk management review should also be shared with emergency planning and response resources to assist them in developing emergency action plans based on the hazardous events identified.
3. Reduce the potential for human error
In an incident investigated by the CSB (10), an operator opened the bottom valve of an operating polymerization reactor, apparently bypassing an active pressure interlock, instead of opening the bottom valve of a nearby identical reactor being cleaned. A large release of flammable material from the reactor ignited and the resulting explosion caused five fatalities and major damage to the facility (Figure 3). The CSB concluded (among other things) that the facility did not adequately address the potential for human error.
Unfortunately, many LOC incidents are the result of human error, often due to the factors shown in Table 1. Human error therefore must be anticipated and appropriate safeguards and systems must be implemented to reduce the frequency and consequences of LOC. For example:
- consider human factors (Table 1) in process design and operations
- clearly define safe work practices through procedures, work instructions, and/or checklists
- effectively train personnel, including contract workers, and provide refresher training periodically
- evaluate workers’ fitness for duty.
Table 1. Human error is often a cause of LOC incidents and frequently involves these factors (2). |
Mistakes, inability to complete the task correctly, complacency, and lack of commitment |
Training insufficiencies, including procedure quality and training effctiveness |
Workplace environment, including distractions and inaccessibility of information |
Lack of familiarity with the work being done and/or a significant length of time since the task was last performed |
Fitness-for-duty impediments, such as alcohol, drugs, stress, or fatigue |
Urgency to complete a task quickly Lack of risk recognition or sense of vulnerability |
Operational discipline (OD) programs should be implemented to help ensure that personnel are committed to following established procedures and systems. An OD program contains both an organizational component and a personal component (2, 11, 12).
Organizational OD efforts are closely related to good safety culture and leadership practices across the facility or company. Management develops the organizational OD program to support a safe work environment and provides resources for identifying and supporting improvement efforts.
The personal component of OD helps individual workers understand system and procedure requirements. A worker who understands how the work activity should be done, is committed to doing it the correct way, and maintains awareness of possible problems during the work activity is more likely to do their work correctly and safely every time.
4. Reduce the potential for equipment failure
Although not the only remedy to prevent LOC, a good mechanical integrity (MI) program (13) can identify the potential for equipment failure and help prevent failures before they occur. It is imperative that all equipment in the process areas, tank farms, and other pertinent areas where hazardous materials are used or stored are maintained in good condition. Therefore, preventive maintenance inspection and testing tasks should be performed in accordance with the manufacturers’ recommendations, the history of the process demand on the equipment, and/or the recommended and generally accepted good engineering practices (RAGAGEPs).
An MI program is made up of several elements:
- maintenance procedures and training
- equipment inspection and testing
- quality assurance.
At a minimum, the MI program must include all relevant equipment in the process area, and inspection tasks must be carried out on a prescribed schedule with aggressive actions to correct any deficiencies, such as out-of-calibration instruments or failed equipment.
During MI testing and maintenance procedures, process safety information (PSI) and risk management reviews should be evaluated and steps taken to ensure the use of proper pipes, flanges, gaskets, hoses, bolts, and materials of construction. MI should also be considered in the design and testing of safety systems and other process safeguards, as well as during the specification of instrumentation and rotating equipment, such as pumps. All equipment must be manufactured and maintained to the proper specifications for the intended uses, since equipment failure is a frequent cause of LOC.
An inspection, testing, and preventive maintenance (ITPM) plan identifies all process equipment and assigns the type and frequency of inspection and testing that should be performed on each piece of equipment (13). An ITPM plan can serve as an effective roadmap to ensure that each piece of equipment is being maintained as needed to minimize the potential for LOC and other adverse events (Table 2).
Table 2. An inspection, testing, and preventive maintenance (ITPM) plan that consists of these elements is essential for reducing the potential for equipment failure (13). | |
Element | Description |
Equipment Item or Class | Each piece of equipment needs an ITPM plan. Equipment types that have similar ITPM tasks can often be grouped into a general equipment class (e.g., pressure vessels, pumps). |
Required Tasks | The required tasks are specified by applicable codes and standards, manufacturers’ recommendations, industry practice, and/or the equipment’s performance history. |
Task Interval | The task interval is the time interval in which an ITPM task must be completed. It is generally based on the shortest time specified in the applicable codes and standards, manufacturers’ recommendations, and/or industry practices. Experience or inspection data may indicate that the interval should be adjusted for some equipment. |
Basis | The basis – comprised of applicable codes and standards, manufacturers’ recommendations, and equipment performance histories – is used to establish the appropriate ITPM tasks and their corresponding frequencies. |
Inspection Personnel Qualification Requirements | The inspection personnel qualification requirements are based on the requirements (e.g., ertifications, training) specified by applicable codes or standards. If there are not any applicable codes or standards, the requirements are based on general knowledge for the task. |
Procedure(s) | Procedures are based on site-specific procedure(s) and/or vendor-supplied documentation (e.g., equipment manual, checklists) associated with the required task. |
Once the ITPM plan is developed, you can use it as input to a computerized maintenance management system (CMMS), as well as to formulate a training program for the personnel performing the maintenance and inspection tasks.
An important element of an effective quality assurance program is a material verification program (MVP), which can minimize the potential for release of hazardous substances due to nonconforming materials of construction (14). The MVP is an ongoing program that involves many functions and personnel to help ensure the use of proper equipment, including hoses and other often-overlooked parts of piping systems. It applies to all new construction, replacements, alterations, warehouse transactions, and routine maintenance functions. Lack of (or poor implementation of) an MVP program can cause serious LOC events. For example, the chlorine release described earlier originated from a failed hose (Figure 4), and the installed hose failed because it was made of the wrong material of construction.
5. Learn from LOC events
Despite efforts to reduce the frequency of LOC events, releases and near misses may still occur. Investigate these incidents (1, 2, 15, 16) and understand their causes, then make improvements to prevent (or reduce the likelihood of) the occurrence of future incidents. Not all small spills, depending on the actual or potential consequences, need to undergo a full incident investigation that involves a root-cause failure analysis, but spill reduction programs that involve recordkeeping and metrics related to the number, locations, causes, and consequences of releases should be considered to help drive continuous improvement. More serious releases should be investigated thoroughly, both to see if the causes had been previously identified and to identify additional or better safeguards for prevention and mitigation.
Periodically evaluate trends in LOC leading and lagging metrics to determine if:
- performance is improving or getting worse
- there are common causes of releases that can be addressed
- other improvement efforts, such as more effective emergency planning and response, are needed.
6. Manage changes to reduce the potential for LOC
Some facilities make fairly frequent equipment and operational changes, which can introduce new LOC hazards or compromise existing safeguards. All equipment or operational changes must be carefully reviewed and authorized through a management of change (MOC) system (1, 2) to ensure that:
- all aspects of the change are understood
- appropriate safeguards are provided and a risk management review is conducted, if needed
- technical information is updated
- operating, maintenance, and emergency procedures are revised or developed
- training on the change is provided to affected personnel.
Pre-startup safety reviews (PSSRs) should be conducted as part of the MOC process to help ensure that changes are installed and completed correctly, so equipment is ready for safe use.
In closing
LOC incidents that involve hazardous chemicals — caused by operating or mechanical failures or other serious events, such as out-of-control reactions — often represent the worst-case events at many types of facilities. The consequences may include serious injuries, significant environmental impacts, lost production, and substantial and costly equipment damage. An LOC reduction program is the most effective way to establish the chemical and process hazards present, the causes and consequences of releases, and appropriate safeguards.
Much can be done to help prevent LOC incidents. Equipment and process design must include hazard assessment and risk management reviews to identify appropriate safeguards (e.g., instrumentation and controls) to help prevent LOC incidents, as well as LOC mitigation systems, such as secondary containment for spills. In addition, effective operational discipline, mechanical integrity, and management of change programs must be in place to help prevent LOC. Appropriate emergency planning and response systems, including incident investigation, must be in place to help mitigate and learn from LOC events.
If hazardous chemicals are present, the possibility of hazardous LOC events will also always be present. An effective LOC reduction program can help reduce the risk of significant LOC events.
Literature Cited
- Center for Chemical Process Safety, “Guidelines for Risk Based Process Safety,” American Institute of Chemical Engineers, John Wiley & Sons, Hoboken, NJ (2007).
- Klein, J. A., and B. K. Vaughen, “Process Safety: Key Concepts and Practical Approaches,” CRC Press, Boca Raton, FL (2017).
- Atherton, J., and F. Gil, “Incidents that Define Process Safety,” CCPS, American Institute of Chemical Engineers, John Wiley & Sons, Hoboken, NJ (2008).
- U.S. Chemical Safety and Hazard Investigation Board, “Chlorine Release,” Report No. 2002-04-I-MO (2003).
- U.S. Chemical Safety and Hazard Investigation Board, “Caribbean Petroleum Tank Terminal Explosion and Multiple Tank Fires,” Report No. 2010.02.I.PR (2015).
- Center for Chemical Process Safety, “A Practical Approach to Hazard Identification for Operations and Maintenance Workers,” American Institute of Chemical Engineers, John Wiley & Sons, Hoboken, NJ (2010).
- Kletz, T. A., “What You Don’t Have Can’t Leak,” Chemistry and Industry,6, pp. 287–292 (1978).
- Vaughen, B. K., and J. A. Klein, “What You Don’t Manage Will Leak: A Tribute to Trevor Kletz,” Process Safety and Environmental Protection,90 (5), pp. 411–418 (2012).
- U.S. Environmental Protection Agency, “ALOHA Software,” EPA, Washington, DC, www.epa.gov/cameo/aloha-software (accessed Apr. 8, 2020).
- U.S. Chemical Safety and Hazard Investigation Board, “Vinyl Chloride Monomer Explosion,” Report No. 2004-10-I-IL (2007).
- Klein, J. A., and B. K. Vaughen, “Implement an Operational Discipline Program to Improve Plant Process Safety,” Chemical Engineering Progress,107 (6), pp. 48–52 (June 2011).
- Vaughen, B. K., and J. A. Klein, “Improving Operational Discipline to Help Prevent Loss of Containment Incidents,” Process Safety Progress,30 (3), pp. 216–220 (2011).
- Center for Chemical Process Safety, “Guidelines for Asset Integrity Management,” American Institute of Chemical Engineers, John Wiley & Sons, Hoboken, NJ (2016).
- American Petroleum Institute, “Guidelines for a Material Verification Program (MVP) for New and Existing Assets,” API Recommended Practice 578, 3rd ed. (Feb. 2018).
- Klein, J. A., “The ChE as Sherlock Holmes: Investigating Process Incidents,” Chemical Engineering Progress,112 (10), pp. 28–34 (Oct. 2016).
- Schmidt, M. S., “Getting Incident Investigations Right,” Chemical Engineering Progress,116 (3), pp. 51–57 (Mar. 2020).
Copyright Permissions
Would you like to reuse content from CEP Magazine? It’s easy to request permission to reuse content. Simply click here to connect instantly to licensing services, where you can choose from a list of options regarding how you would like to reuse the desired content and complete the transaction.