Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations cowski on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

How Effective has OSHA CFR 1910.119 Been? 1

Status
Not open for further replies.
owg

owg

Chemical
Joined
Sep 2, 2001
Messages
741
Location
CA
In 1992 we started to implement the OSHA Regulation of the Process Safety Management of Highly Hazardous Chemicals. Has anyone seen any papers on the effectiveness of the program? Its been 15 years now and we should have some idea of how it is working.

HAZOP at
 
Sort by date Sort by votes
Even if we find statistics, how would we diffentiate direct Process Safety Management changes from related changes. Would you lump all operator and contractor training as well as the SIS equipment into 1919.119? This would be logical but not necessarily correct.
 
Upvote 0 Downvote
From what I have seen, the program is effective for those who choose to follow it. I believe the intent is to create a corporate culture of safety.

I also believe that the biggest issue is enforcement. There are too many facilities and the enforcement agency is forced into reactive mode.

Too many are relying on past history and "it can't happen to me"... complacency.
 
Upvote 0 Downvote
New projects generally provide the segregation between the basic regulatory process control and safety shutdown. This is not the case with the existing plants.

Clearly the existing facilities continue to put off the installing the additional transmitters and separate shutdown systems. This also suggests that less SIL evaluation etc. exists for operating facilities. A study of the BP accident at Texas City reflects this lack of initive within existing plants. Even where new shutdown signals are added, some companies appear to delay providing proper SIS equipment pending a major control systems upgrade. Often the projected upgrade projects just don't happen. Perhaps some existing facilities will put off compliance as long as possible.

Other aspects such as the contractor safety training and access to MSDS etc. are implemented pretty well.
 
Upvote 0 Downvote
The major chemical plants had a similar program in place way before 1910.119 so they saw no change. It was the smaller and less engineered facilities that were forced into compliance and implimented the program that have seen changes.
 
Upvote 0 Downvote
Bhopal and Pasadena had not no root cause linked to SIS. Most disasters are the result of more than one failure that includes human intervention. The biggest factor (IMHO) has been the implimentation of training for operators. Investing time with them has so many benefits. Just the fact that bigger plants had to add staff to covering training is allows more time for people to rest, understand, and debate how the plants operate. As an engineer, open discussions (and sometimes stopping them and telling operators NO can be good) lets everyone come away more alert. I'll never let an SIS drive my car or supercede the pilot on a plane I fly in.

As for having segregation between regulatory and safety, not a fan either. I come from an industry the uses SCADA with individual packages on each piece of equipment to control and shutdown. That is true distributed control. No master room where one problem can stop everything.
 
Upvote 0 Downvote
dcasto:

I am more familiar with the Bhopal accident, so my comments will relate to that.

You are correct that the SIS did not cause the accident at Bhopal - it never had a chance to - it was turned off because someone saw a way to save some money. Recommendations for further mitigation measures were not instituted. There were several root causes, as is the case in most accidents, that stem all the way back to the conceptual design stage of that project. Training was an issue as well. All layers throughout the project and facility must work together in order to reduce the likelihood. In this case, if one layer of protection was operating correctly, then the accident could have been avoided. From what I have read, the operators did everything they could to prevent it.

Bhopal is a case where several layers of protection did not work (for varying reasons) at the same time. I have referred to it as an accident but it was a catastrophe that could have been avoided.

One point to note - if you give a human a choice in a stressful and critical moment, odds are he will make the wrong decision. A statistic I heard the other day is that NASA trains their pilots for 3 days straight before a mission and still only expect the correct decision to be made less than 50% of the time.

The single and specific purpose of an SIS is to monitor the process for deviations and place it into a safe state before a catastrophe occurs. I must also state that we should not be putting in SISs at will, they must be considered only after all other avenues have been exhausted. Smaller is definitely better.

There are several reasons for segregation between regulatory and safety systems:
1. Single point of failure
2. Common Cause
3. Regulatory typically do not monitor the circuits and states of safety critical functions. Safety critical functions are dormant - hopefully for years, but we must know that they will work when we need them to.

I know of several SCADA systems that do not provide the level of risk reduction required. I hear of failures in ESD equipment all the time and the owner insists on fixing the symptoms rather than going back to the root cause. If there is an accident on that line, I know that the SCADA system will be a major contributing factor. Because they are not following a PSM program, they turn a blind eye to the possibility of failure. (What to do about it is for a different post - ethics).

One of the root causes of Texas City was operational error that could have been avoided if the safety system was operational. A root cause of the Westray Mine Accident in Canada was owner neglect for applying a layer of protection (dust control). There are numerous others. My point is that while human interaction is important, it cannot be the only layer of protection. We forget, we get distracted, we get tired, we get replaced at the end of a shift, etc. Several layers, as many as possible, need to be in place in case of a failure in one - not just the human factor either.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

adrich91
  • Locked
  • Question Question
How to interpret "pressure" in incompressible fluids pipes
Replies
6
Views
2K
adrich91
adrich91
Peter_Kim_niceman
  • Locked
  • Question Question
How to cool down liquid CO2 Tank
Replies
9
Views
1K
Peter_Kim_niceman
Peter_Kim_niceman
rika kose
  • Locked
  • Question Question
How to determine the max/min allowable working pressure
Replies
9
Views
928
rika kose
rika kose
aegis4048
  • Locked
  • Question Question
How to implement P&ID for liquid level control?
Replies
16
Views
3K
LittleInch
LittleInch
Sammule
  • Locked
  • Question Question
How to set a diaphragmvalve and a blanked-off junction in PIPENET?
Replies
0
Views
186
Sammule
Sammule

Part and Inventory Search

Sponsor

Back
Top