Although many engineers provide only the minimum adequate vessel design to minimize costs, it is inherently safer to minimize the use of safety interlocks and administrative controls by designing robust equipment. Passive hardware devices can be substituted for active control systems. For example, if the design pressure of the vessel system is higher than the maximum expected pressure, an interlock to trip the system on high pressure or temperatures may be unnecessary.

Creating a strong system that constitutes a passive design requires a complete knowledge and characterization of the potential overpressure scenarios. This requires knowledge of the chemistry outside the design conditions to evaluate effects of loss of utilities and the loss of control systems.

Systems with a passive design fully withstand any overpressure and the yield point stress of the system is not exceeded. When an overpressure stresses the vessel system, the metal returns to its normal crystalline state after stretching. Systems designed to "bend but not break" slightly exceed the plastic region of the metal and are deformed (hardened). The vessel is then actually made stronger by this process; however, a new hazard is that the vessel will not stretch and will usually burst if the scenario is repeated. Thus, vessels subjected to "bend but not break" conditions require more frequent inspections for deformation and integrity. A truly passive design is not only safer, it is more cost effective when the lifetime test and inspection requirements are considered.

A passive design must include all hardware elements of the system. Little is gained if containment is lost when pipes, joints, or instruments fail due to overpressure.

Following are some examples and considerations for specific common unit operations.


Reactor design is particularly critical, because reactors involve chemical transformations and often potentially significant energy releases.

Evaluation of the safety characteristics for a given reactor design, requires an understanding of what controls the rate of reaction (catalysis, mass transfer, heat transfer, etc.) as well as the total potential energy involved in the reaction. The possibility of the energy generating pressure and/or undesired side reactions should also be evaluated. This information is usually necessary for evaluating the suitability of various reactor types (Continuous Stirred-Tank Reactor, batch, tubular, various novel designs such as eductors in loop reactors, static mixers, extruders) for the desired reaction. Mixing and mass transfer are often the critical elements in reactor design as chemicals often react quickly once the molecules are brought together .

Not all reactions take place in a designated reactor. Some occur in a heat exchanger, a distillation column, or a tank. Understand the reaction mechanisms and know where the reactions occur before selecting the final design.

Some batch reactions have the potential for very high energy levels. If all the reactants (and sometimes catalysts) are put into a kettle before the reaction is initiated, some exothermic reactions may result in a "runaway." The use of continuous or "semi·batch" reactors to limit the energy present and to reduce the risk of a "runaway" should be considered. The term "semi-batch" refers to a system where one reactant and, if necessary, a catalyst is initially charged to a batch reactor. A second reactant is subsequently fed to the reactor under conditions such that an upset in reacting conditions can be detected and the flow of the reactant stopped, thus limiting the total amount of potential energy in the reactor.


There are options to minimize the hazards that may be thermally unstable or have a tendency to react with other chemicals present. Some options include:

  • Trays without outlet weirs
  • Proprietary designs and sieve trays
  • Wiped film evaporators
  • An internal baffle in the base section to minimize hold-up
  • Reduced base diameter
  • Vacuum distillation to lower temperatures
  • Smaller reflux accumulators and reboilers
  • Internal reflux condensers and reboilers where practical
  • Column internals that minimize holdup without sacrificing operation efficiency

Another option is to remove toxic, corrosive, or otherwise hazardous materials early in a distillation sequence, reducing the spread of such materials throughout a process.

Low-inventory distillation equipment, such as the thin film evaporator, are also available and should be considered for hazardous materials. This equipment offers the additional advantage of short residence time and is particularly useful for reactive or unstable materials.

Solids Handling

Solids handling frequently has the potential for dusting, which can lead to potential health and explosion hazards. Handling solids in the form of larger particle size granules or pellets rather than a fine powder reduces the potential for worker exposure. Worker exposure hazards are reduced by formulating dyes as liquids or wet pastes rather than dry solids or powders.

If the solid is combustible, the dust explosion hazard can be greatly reduced or even eliminated by using a larger particle size material. It is important to remember, however, that particle attrition can occur during handling and processing, resulting in the generation of small particles which could increase dust explosion hazards. Study the sequence of size reduction steps or even the required particle size to minimize the number of processing steps that involve very small particles. Another option would be to change the form to a less dusty shape (pellets, beads, prills, etc.). Handling of solids as a wet paste or slurry can also reduce hazards. For example, using wet benzoyl peroxide instead of dry reduces the hazards of this extremely reactive material.

It may even be possible to eliminate solids handling by processing in a solution. However, this may require an assessment of the hazards of a toxic or flammable solvent in a process compared to the hazards of the solvent-free process.

Heat Transfer

Some processes have large heat transfer requirements. This may result in large inventories of material within the heat transfer equipment. If the material is thermally unstable it would be inherently safer to reduce the residence time in the heat exchanger. Options to minimize heat exchanger inventory include the use of different types of heat exchangers. Inventories in shell and tube heat exchangers can be reduced by the use of "turbulators" in the tubes to enhance heat transfer coefficients, and by placing the more hazardous material on the tube side.

Heat transfer equipment has a great variation in heat transfer area per unit of material volume. Table below compares the surface compactness of a variety of heat exchanger types. Falling film evaporators and wiped film heat exchangers also reduce the inventory of material on the tube side. Process inventory can be minimized by using heat exchangers with the minimum volume of hazardous process fluid for the heat transfer area required.

Type of Exchanger Surface Compactness (m2/m3)
Shell and tube 70-500
Plate 120-225 up to 1,000
Spiral plate Up to 185
Shell and finned tube 65-270 up to 3,300
Plate fin 150-450 up to 5,900
Printed circuit 1,000-5,000
Regenerative-rotary Up to 6,600
Regenerative-fixed Up to 15,000 (some types have a compactness as low as 25 m2/m3)
Human lung 20,000

Transfer Piping

Inventory in transfer lines can be a major risk. For example, a quantitative risk analysis of a chlorine storage and supply system identified the pipeline from the storage area to the manufacturing area as the most important contributor to total risk. To minimize the risk associated with transfer lines, their length should be minimized by careful attention to unit location and pipe routing. Pipe size should be sufficient to convey the required amount of material and no larger. However, small bore piping is less robust and less tolerant of abuse when compared to large diameter piping, and additional attention to proper support and installation will be required. In some cases, for example, chlorine for water treatment applications, it may be possible to transfer material as a gas rather than a liquid with a large reduction of inventory in the transfer line.

Piping systems should be designed to minimize the use of components that are likely to leak or fail. Sight glasses and flexible connectors such as hoses and bellows should be eliminated wherever possible. Where these devices must be used, they must be specified in detail so they are structurally robust, compatible with process fluids, and installed to minimize the risk of external damage or impact.

Where flanges are necessary, spiral wound gaskets and flexible graphite type gaskets are preferred. The construction of these gaskets makes them less likely to fail catastrophically resulting in a large leak. Proper installation of spiral wound gaskets, particularly torquing of the flanges, is important in preventing leaks.

To reduce the potential for large releases of hazardous materials:

  • Minimize or eliminate in-process inventory of hazardous material, including inventory in the processing equipment as well as in tanks. Elimination of intermediate storage tanks will likely require improvements in the reliability of the upstream and downstream operations.
  • Review dikes, impoundments and spacing for tanks storing flammable materials. A sump inside a dike facilitates the collection of small spills. Sump drains or pumps can direct material to a safe and environmentally acceptable place. See the latest issue of National Fire Protection Association (NFPA) 30.
  • Review the layout to minimize the length of piping containing hazardous material.

In batch operation minimizing pre-charging the most energetic chemical. Consider adding energetic material in a "semi-batch" mode. That is, add most of the ingredients initially, then add the energetic material under flow control with a safety interlock to stop the feed as soon as the Critical Safe Operating Parameter (frequently temperature or pressure) approaches the limits of the safe operating window. Consider a physical limit (pipe size, orifice, limited pump capacity) to limit available energy. Low temperature can be dangerous if the energetic material "pools" unreacted in the kettle and then the reaction initiates. The "pooled" material could have enough potential energy to result in catastrophic releases.

When dealing with flammable materials, the selection from the inherently safer design options may vary according to the site and process. For example,

  • Use nonflammable materials.
  • Inert the vessel.
  • Design the vessel to withstand the pressure generated.
  • Install explosion suppression.
  • Install relief panels (directed to a safer location).

In designing the process and equipment, use chemical engineering principles to minimize the accumulation of energy or materials and to contain the energy and materials:

  • Specify design pressures high enough to contain pressures generated during exothermic reactions and avoid opening the relief valve and/or rupturing the vessel.
  • Use physical limits of pipe size; restrictive orifices, and pump sizing to limit excessive flow rates.
  • Consider the incident avoidance benefits of reliable equipment when specifying hardware.
  • Use inherently safer strategies when establishing company design standards, guidelines, or practices.
  • Use gravity flow in plant layout where feasible to minimize the need for pumps or solids handling equipment for hazardous materials. Conduct a hazard review to assess the effect of layout on potential spills.
  • Review injection points for erosion concerns. Design for lower velocities.
  • Use materials of construction that enhance inherently safer operations. Corrosion leads to leaks; incompatible materials can lead to unwanted reactions.
  • Use materials with low corrosion rates for the process.
  • Use the right alloy for the job (more expensive is not necessarily better).
  • Use materials that are applicable over the full range of operating conditions such as normal, startup, routine shutdown, emergency shutdown, and draining the system. For example, carbon steel may be acceptable for normal operating conditions but may be subject to brittle fracture at low temperatures under abnormal conditions (as in the case of a liquefied gas). Cold water, of less than 60°F, during hydrotest may cause brittle fracture of carbon steel.
  • Avoid materials that crack or pit; uniform corrosion is safer than nonuniform corrosion patterns.
  • Avoid incompatible materials that could come into contact in abnormal conditions.
  • Do not use copper fittings in acetylene service, or titanium in dry chlorine service. These principles also apply to gaskets, lubricants, and instruments.

If possible, eliminate inherently weak equipment like sight glasses, hoses, rotameters, bellows, expansion joints, and most plastic equipment. The spare parts consumption from the shop and warehouse will indicate what is wearing out.

Minimize contamination via fewer cross-connections and fewer hose stations. Minimize the number of hoses required in loading/unloading facilities. Cross-contamination, sometimes even from catalytic amounts of material, can result in undesired hazardous reactions. To prevent contamination due to rainwater and spills, consider storing a material that can react vigorously with water under a roof.

Flexible connections should never be used as a cure for improper piping alignment and piping support concerns. Where expansion joints are required in piping systems containing toxic materials, consider using double-walled expansion joints with pressure indication between the two walls for leak detection. All welded pipe is preferable to flanged piping, and threaded piping should be avoided for flammable and toxic materials.

Consider a weak roof seam for API tanks; if the tank is going to split under internal pressure, the roof seam should fail, not the bottom seam. The weak roof seam must be specifically included in the specifications and the mechanical design must address the issue. This emphasis is made because smaller tanks (less than 50 feet in diameter) manufactured under API 650 will not automatically have a weak roof seam.

Pinch valves that have no packing to leak can leak if the tube breaks.

There are trade-offs for magnetic drive and canned pumps versus centrifugal pumps with double-mechanical seals. The former have no seals to leak, but need active interlocks to prevent high temperature for temperature sensitive materials. Similarly, diaphragm pumps, that have no shaft seals to leak, have potential for process leaks out of the exhaust line and air leaks diaphragm pumps exhaust line.