Inherently safer design represents a fundamentally different approach to chemical process safety. Rather than accepting the hazards in a process, and then adding on safety systems and layers of protection to control those hazards, the process designer is challenged to reconsider the process and eliminate the hazards. If the designer cannot eliminate the hazards, the challenge becomes to minimize or reduce them as much as possible by modifying the process, rather than by adding external layers of protection.

Inherent has been defined as "existing in something as a permanent and inseparable element, quality, or attribute." A chemical manufacturing process is inherently safer if it reduces or eliminates the hazards associated with materials and operations used in the process, and this reduction or elimination is permanent and inseparable. To appreciate this definition fully, it is essential to understand the precise meaning of the word "hazard."

A hazard is defined as a physical or chemical characteristic that has the potential for causing harm to people, the environment, or property. The key to this definition is that the hazard is intrinsic to the material, or to its conditions of storage or use. Some specific examples of hazards include:

  • Hydrogen Sulfide can produce extremely rapid unconsciousness and death
  • Chlorine is corrosive to skin and tissue on contact or inhalation
  • Sulfuric acid is extremely corrosive to the skin and toxic to inhalation
  • Ethylene is highly flammable and reactive
  • Steam confined in a drum at 600 psig contains a significant amount of potential energy (Pv energy)
  • Acrylic acid can polymerize, releasing large amounts of heat

These hazards cannot be changed. They are basic properties of the materials and the conditions of usage. The inherently safer approach is to reduce the hazard by reducing the quantity of hazardous material or energy, or by completely eliminating the hazardous agent.

Following is a three-step process which most accidents follow:

  • Initiation: the event that starts the accident
  • Propagation: the events that maintain or expand the accident
  • Termination: the events that stop the accident or diminish it in size

Inherently safer strategies can impact the accident process at any of the three stages. The most effective strategies will prevent initiation of the accident. Inherently safer design can also reduce the potential for propagating an accident, or provide an early termination of the accident sequence before there are major impacts on people, property, or the environment.

One traditional risk management approach is to control the hazard by providing layers of protection between it and the people, property, and surrounding environment to be protected. These layers of protection may include operator supervision, control systems, alarms, interlocks, physical protection devices, and emergency response systems.

The approach of imposing barriers between a hazard and potentially impacted people, property, and environment has significant disadvantages:

  • The layers of protection are expensive to build and maintain throughout the life of the process. Factors include initial capital expense, operating costs, safety training cost, maintenance cost, and diversion of scarce and valuable technical resources into maintenance and operation of the layers of protection.
  • The hazard remains, and some combination of failures of the layers of protection may result in an accident. Since no layer of protection can be perfect, there is always some risk that an incident will occur.
  • Because the hazard is still present, there is always a danger that its potential impacts could be realized by some unanticipated route or mechanism. Nature may be more creative in inventing ways by which a hazardous event can occur than experts are in identifying them. Accidents can occur by mechanisms that were unanticipated or poorly understood.

For these reasons, the inherently safer approach should be an essential aspect of any safety program. If the hazards can be eliminated or reduced, the extensive layers of protection to control those hazards will not be required.

There can be much discussion about whether or not a particular safety feature in a chemical process is "inherent." Such discussions may arise in part because different people are viewing the process at different levels of resolution, ranging from a global view of the entire process to a very detailed view of specific features of the process. The definition of hazard (an inherent physical or chemical characteristic that has the potential for causing harm to people, the environment, or property) can be applied at any level of resolution. For example, Raul, a process control engineer, describes an interlock system as "inherently safer" because it uses diverse multiple sensing elements, compared to an alternative design which uses multiple, but identical, sensors. Raul is looking at the process at a very detailed level, considering the characteristics of a layer of protection. The inherent physical characteristic of the system he defines as a hazard is the potential for common mode failure with identical sensing elements. Therefore, he regards the system using diverse sensing elements as inherently safer with regard to this very specific hazard.

On the other hand, Ramona, a research process development engineer, does not consider Raul's system to be inherently safer, because a truly inherently safer system would not require an interlock at all. The process uses flammable materials and operates at elevated pressure. Ramona, looking at the entire process, would only consider it to be inherently safer if the flammable materials were eliminated or the process was operated at ambient pressure. Ramona is considering the inherent safety characteristics of the entire process, rather than a single interlock system.

From Raul's and Ramona's viewpoints, each may be correct. Raul's diverse interlock system is indeed inherently safer as a layer of protection than the alternative using identical sensors, but it is still part of a process which is inherently less safe than alternatives which may be feasible. Ramona is searching for that inherently safer process, which may make Raul's interlock system unnecessary. However, until Ramona finds that alternative, it is shown to be feasible, and it is actually implemented, Raul's diverse interlock system is an inherently safer way of designing a required interlock. Both Raul and Ramona are applying inherently safer concepts in their thinking about the process, but they are applying those concepts at different levels. Raul's interlock system does not represent true inherent safety for the process, but for purposes of this text, any improvement in a layer of protection which is permanent and inseparable, and not easily weakened or removed from the system, is considered to be a process safety improvement in an inherently safer direction.

In considering the economics of process alternatives, it is important to think about the total life cycle costs. There is an increasing interest in this concept in the environmental area, with recognition of the need to incorporate waste treatment, waste disposal, regulatory compliance, potential liability for environmental damage, and other long term environmental costs into project economic evaluation. Similarly, we must consider life cycle safety costs. Some examples of factors which should be considered include:

  • Capital cost of safety and environmental equipment
  • Capital cost of passive barriers (for example, containment dikes, and vacant land to provide spacing, required by codes, regulations and insurers)
  • Operating and maintenance costs for safety instruments and interlocks, fire protection systems, personal protective equipment, and other safety equipment
  • Increased maintenance cost for process equipment due to safety requirements (for example, safety permits, cleaning and purging equipment, personal protective equipment, training, and restricted access to process areas)
  • Operator safety training costs for hazardous materials or processes
  • Regulatory compliance costs
  • Insurance costs
  • Potential property damage, product loss, and business interruption costs if an incident occurs
  • Potential liability if an incident occurs

Inherently safer process provides an opportunity to reduce or eliminate many of these long term economic costs. These benefits will not be realized unless we recognize and fully account for the long term costs associated with hazardous materials and processes.

Note that a process is referred as "inherently safer," when compared to some other alternative, but not as "inherently safe." All materials and processes have hazards, and it is not realistic or practical to propose that we can eliminate all of them. In many cases we can identify material and process alternatives which clearly reduce hazards, and we can consider those alternatives to be inherently safer.

Inherently safer design is a fundamentally different way of thinking about the design of chemical processes and plants. It focuses on the elimination or reduction of the hazards, rather than on management and control. This approach should result in safer and more robust processes, and it is likely that these inherently safer processes will also be more economical in the long run.

See The Role of Inherently Safer Design Concepts in Process Risk Management for more information related to this article.