Simplification Principle of Inherently Safer Design

Simplification means designing to eliminate unnecessary complexity, reducing the opportunities for error and mis-operation. A simpler plant is generally safer and more cost effective than a complex one. For example, it is often cheaper to spend a relatively small amount of money to build a higher pressure reactor, rather than a large amount of money for an elaborate system to collect and treat the discharge from the emergency relief system of a reactor designed for a lower maximum pressure. A few examples of simplification and error tolerance are discussed in the following sections.

1. Containment within Process Equipment

In many cases it is possible to design process equipment strong enough to contain the maximum or minimum pressure resulting from a process incident. Containment within the process vessel simplifies the design by eliminating high pressure interlock systems. Emergency relief devices such as rupture disks or relief valves may still be required by regulations and codes, but the size may be reduced and the hazards associated with opening of the relief devices may be considered to be eliminated. Catch tanks, scrubbers, flare stacks, or other devices to dispose of the effluent from emergency relief systems safely may also be eliminated.


The maximum pressure resulting from a deflagration of a combustible dust or flammable vapor in air initially at atmospheric pressure is often less than 10 bar. It may be feasible to build equipment strong enough to contain this type of event. When designing a system for combustion containment, the engineer must consider factors such as highly reactive materials, oxygen or other oxidant enriched atmospheres, and congested geometry inside vessels or pipelines which could result in transition to detonation. All of these factors can significantly increase the maximum pressure of a combustion reaction.


Designing vessels for full vacuum eliminates the risk of vessel collapse due to vacuum. Many storage and transport vessels have been imploded by pumping material out with the vents closed.

Runaway Reactions

Choosing a reactor design pressure sufficiently high to contain the maximum pressure resulting from a runaway reaction eliminates the need for a large emergency relief system. It is essential that the reaction mechanisms, thermodynamic, and kinetics under runaway conditions are thoroughly understood for the designer to be confident that the design pressure is sufficiently high for all credible reaction scenarios. All causes of a runaway reaction must be understood, and any side reactions, decompositions, and shifts in reaction paths at the elevated temperatures and pressures experienced under runaway conditions must be evaluated.

Containment Vessels

In many cases, if it is not feasible to contain a runaway reaction within the reactor, it may be possible to pipe the emergency device effluent to a separate pressure vessel for containment and subsequent treatment.

Heat Exchangers

The shell and tube sides of heat exchangers can be designed to contain the maximum attainable pressure on either side, eliminating reliance on pressure relief to protect the exchanger shell in case of tube rupture.

2. Liquid Transfer

Liquid transfer systems can be designed to minimize leakage potential. For example, transfer systems which use gravity, pressure, or vacuum require no moving parts or seals. If a pump is needed, centrifugal pumps with double mechanical seals, diaphragm pumps, jet pumps, and various types of sealless pumps may be good choices. Sealless pumps greatly reduce the risk of a process fluid leak, but they also introduce new hazards and concerns, such as overheating; which may be very rapid and internal leakage.

3. Reactor Geometry

Research on safer nuclear power reactors has identified systems which utilize natural convection to provide emergency core cooling rather than relying on pumped cooling water circulation. Other new approaches utilizing reactor geometry, in-situ moderators, and novel materials of construction can prevent core overheating more reliably and are being researched.

Similar approaches are applicable in the chemical industry. For example, maleic anhydride is manufactured by partial oxidation of benzene in a fixed catalyst bed tubular reactor. There is a potential for extremely high temperatures due to thermal runaway if feed ratios are not maintained within safe limits. Catalyst geometry, heat capacity, and partial catalyst deactivation have been used to create a self-regulatory mechanism to prevent excessive temperature.

4. Fail Safe Valves

Processes should be reviewed to identify the safest failure position for all electric or pneumatic valves. The process design engineer should consider all failures including the control system, all driving utilities, and all operating situations. In most cases process valves should fail closed. Often cooling water valves should fail open. In some cases a valve should fail in its last position (in-place), remaining open if it is already open and remaining closed if it is already closed. For example, the vent valve on a batch reactor which is vented to a scrubber in several steps, but must be closed for a pressurized reaction step, should probably fail in its last position.

Remember that the failure position of a valve refers to its failure mode if there is a utility failure. A valve can mechanically fail in any position; it is possible for a "fail closed" valve to get stuck in the open position. When doing a process hazard analysis it is important to consider all possible failure positions of a valve, and not only the failure position resulting from utility failure.

5. Distributed Control Systems

A distributed control system (DCS) normally uses input and output modules which contain eight, sixteen, or more inputs or outputs. Failure of the module will simultaneously disable a large number of control loops. Attention to the assignment of input/output points to the modules makes the plant more tolerant of a failure of an input or output module.

6. Separation of Process Steps

A multistep batch process can be carried out in a single vessel, or in several vessels, each optimized for a single processing step. The complexity of the batch reactor in below figure 1, with many potential process fluid and utility interactions, can be greatly reduced by dividing the same process into three vessels as shown in the following figure 2. Again, this is an example of an inherent safety conflict. The system in figure 1 requires only one reactor, although it is extremely complex, and process intermediates never leave the reaction vessel. The system in figure 2 uses three vessels, each of which can be optimally designed for a single task. Although each vessel is considerably simpler, it is necessary to transfer intermediate products from one vessel to another. If one of those intermediate products is extremely toxic, it may be judged to be preferable to use the single reactor (a “one pot" process) to avoid transfer of the toxic intermediate. As always, the inherent safety advantages and disadvantages of each system must be evaluated with careful consideration of all of the hazards of a particular chemical process.

Figure 1

Figure 2

Tags: inherently safer simplification