Process safety and personal safety need to be managed in very different ways
My name is Phil Eames and I’m a chemical engineer with 36 years experience in the process industries in a variety of engineering and management roles. I have a long-held interest in process safety and have practised as a process safety consultant for the last ten years, attaining Professional Process Safety Engineer status in 2015.
I have experienced the transformation in the profile of process safety over the last 15 years and am particularly interested in the differences between the management of process and occupational safety, which I will explore in this series of articles.
The last 10–15 years, particularly since the publication of the investigation report that followed the tragedy in Texas City, US in 20051, have seen an enormous increase in the attention being given to process safety. One important lesson from that investigation was that process safety and personal (sometimes called occupational) safety need to be managed in very different ways.
The difference is captured by psychologist James Reason – the original proponent of the “Swiss Cheese” model – in his saying: “There are two kinds of accident; those that happen to individuals and those that happen to organisations”2.
This article explores the differences between events that relate to process safety and those that relate to personal safety, and the way that these differences give rise to some important process safety concepts. Some important challenges related to these concepts will be explored in a sequence of features to follow.
Table 1 shows six different characteristics that can be applied to safety events (incidents), how these characteristics differ between process and personal safety events, and the process safety concept that arises from the difference.
Let's expand on each difference in turn.
Personal safety hazards (sometimes over-simplified as “slips trips and falls") are often visible and readily perceived and understood; the nature and scale of a potential injury – for example from a fall – is easy to imagine. In contrast, although some process hazards might be easily perceived – loss of containment from corroded pipe work for example – many hazards are not visible and not intuitive – the sequence of events following a loss of process control for example. Furthermore, the scale of consequences is not easily imagined and often underestimated. For example what could happen in the event of loss of containment of flammable materials? A burn injury? A fire? An explosion? Destruction of the plant? Rigorous, structured methods of hazard identification and risk assessment are required to reveal process safety hazards and understand the associated risks.
Most personal injury events are of relatively low impact (to the organisation, that is, rather than the individual) compared to the potential for on-and off-site multiple fatalities, major asset damage, environmental pollution or reputational damage which could threaten the existence of the facility or business. Because of their potential scale, process hazards and risk exposures need to be understood in detail and considered as existential threats. The basis of safety – a description of why the plant is safe – must be thoroughly understood and should be focussed on engineered design rather than human action or intervention.
Personal safety incidents often relate to interactions of people with plant or equipment in which the agent (the human actor) is the victim – body parts being caught in operating equipment for example. Appealing to individuals to “be safe” and promoting the philosophy that “all injuries are preventable” can be effective in helping to prevent such events if they are part of a sustained programme.
In contrast, in most process safety incidents the agents (human actors) are rarely the victims; they are often separated in space (operators in the control room remote from the plant for example) or in time (engineers making modifications or technicians conducting maintenance to poor standards some time earlier). Appealing to them to “be safe” is unlikely to be effective when there is no immediate danger related to their actions. Process safety requires focus on the safety of the engineered design of the system, which in turn relies on operational discipline in performing tasks thoroughly and “right first time, every time” in design, installation, operation, maintenance and modification.
Personal injury events are normally relatively simple and can be represented as a combination of incipient unsafe acts and unsafe conditions. In contrast, process safety events – at least major events – often involve socio-technical system failures (management system deterioration) with complex causality involving equipment, control system, management system and human failures. They often involve combinations of active (revealed) and latent (unrevealed, sometimes long-standing) issues.
The term “normalisation of deviance” was introduced by Diane Vaughan after the Challenger space shuttle disaster in 1986 to describe “the gradual process through which unacceptable practice or standards become acceptable. As the deviant behaviour is repeated without catastrophic results, it becomes the social norm for the organisation”3. Organisations need to be aware of this phenomenon and seek to challenge it within their management of change, “near-hit” reporting and other systems to sustain a state of “chronic unease”.
Conventional “lagging” indicators based on numbers of events (injuries in relation to hours worked) cannot work in process safety because the number of process safety events is never likely to generate a meaningful trend.
“Leading” (or predictive) indicators – specific to process safety – are required that are designed to detect and respond to drifts in operational and maintenance performance as well as other aspects of process safety management. Examples are measures related to control loops operating under manual control, equipment operating outside of inspection requirements and numbers of temporary modifications in place.
Those of us who have experienced serious process safety incidents have a heightened awareness of the aspects discussed above. However the rarity of such events means that most of us may not have the benefit of such experience, which must therefore be gained from historical and contemporary events inside and outside our own organisations and industries. Within our own organisations it is important to institutionalise the lessons from past events and maintain awareness of them, and to investigate “near-hit” incidents as if their maximum potential had been realised. For lessons outside of our own organisations, it is important to use them not just to raise awareness (the effect of which will be temporary) but to take specific actions to implement the lessons as if they had happened at our own facility.
Having set out some important differences between process and personal safety, and the implications in relation to process safety management, this series of subsequent features will explore some of the challenges these represent and describe practices to help meet the challenges of:
In the meantime, I would urge you to share this piece with colleagues and peers, and to reflect on how your own organisations are maintaining an appropriate balance in the performance measurement and resourcing of both personal and process safety.
1. The Report of the BP US Refineries Independent Safety Review Panel, January 2007.
2. Managing The Risks of Organizational Accidents, Reason, Ashgate, 1997.
3. The Challenger Launch Decision, Risky Technology, Culture and Deviation at NASA, Diane Vaughan, University of Chicago Press, 1996.
IChemE’s Fundamentals of Process Safety course provides a more detailed exploration of this topic.