Five catastrophic risk failure modes commonly overlooked

It's my experience that operations in developed countries have a tendency to underestimate their exposure to catastrophic risk. They falsely believe they have more advanced processes and more extensively trained people and that the likelihood of catastrophic events in these facilities is therefore much smaller than in developing economies.

Unfortunately this is not the case. Catastrophic events are still happening in places with some of the most rigorous training and safety procedures in place. Think of the Mount Polley mine disaster in Canada in 2014, for instance, or the Deepwater Horizon catastrophe in the US. These high-profile catastrophic events continue to happen in some of the most developed countries in the world, dominating the news cycle and devastating people's lives and the environment.

In a previous article I spoke about how several psychological biases can cloud our judgment and decision-making when it comes to catastrophic risk, undermining mitigation efforts. In this blog, I want to discuss why it’s critically important that operators pull back the curtain on these biases and take steps to properly understand the complexity of their individual catastrophic risk profiles and, share some of the most common areas that I've seen poor understanding and management.

Five of the most common failures in catastrophic risk events

When it comes to any multiple-layer protection system where just a few interlocks or procedures are what stands between a good day and an epic disaster, you need to be able to understand the fundamentals of how they work. Operators require deep technical expertise to identify the minutiae at play in catastrophic risk. We need to know how to connect the dots between our previously siloed risk areas to discover potential pathways to catastrophic events, and put procedures and tools in place to prevent those circumstances from occurring.

Through many years of technical experience, I’ve found that these five seemingly obvious risk areas are poorly understood and managed despite extensive layers of protection, established engineering approaches, and volumes of training material. Common to high temperature processing at an industrial scale, these five cover key processes that are familiar to all. I've seen a great variety of approaches, sometimes within the same organization, and seldom are the critical controls tied to the underlying science as they should, but often are to our own experiences.

1. Confined space entry

Every operator has a confined space issue. What differs is the extent to which they recognize the dynamic nature of confined spaces. Most operators focus on identifying spaces and restricting entry through a permit system. Very few, however, have a stratified approach to understanding how the atmosphere could change during the work. Welding changes an atmosphere, so dropping a tool into a weak arsenic solution (even at 1 ppm Ar) creates highly toxic arsine gas, not to mention the potential of upstream and downstream processes not being isolated properly. Understanding your ability to control the atmosphere within the confined space at all times requires a proper risk approach for each and every location and task. 

2. Molten material

No risk factor is more contentious than the potential for and causes of explosions resulting from water and molten material contact. No matter the maturity of your system design, leak detection, and approach, a materially unwanted event is possible. Far too often we are caught up in debates on the factors leading to an event and arguing on how much water is too much water. I think the answer is uncontrolled water is too much water. An area I often find overlooked in these systems is a safe response once a water leak is detected. I have personal experience with an eruption causing significant damage several hours after the furnace was de-energized. This begs the questions: how do we know it's safe to re-enter a pyrometallurgical vessel that has seen water? What do we do to eliminate the risk? How confident are you that the systems and practices in place guarantee your employees will be safe?

3. Oxygen-enriched fires

Oxygen enrichment is common in today’s plants and many produce the oxygen on site through air separation facilities. A highly enriched oxygen atmosphere has a remarkable effect on the potential for a significant fire and your definition of what is combustible. I often see operators who lack the fundamental understanding of how different equipment handling oxygen must be from normal compressed air, whether it's the materials of construction or the right maintenance cleaning requirements. The speed and temperature of oxygen-enriched fire requires special approaches to design and construction which are often eroded over time on a plant as piping is replaced and control approaches change. In addition, facilities need to work with local emergency responders to ensure systems can be isolated and a response plan is in place for all. Using non-exempt materials on oxygen lines or valves is a fundamental mistake. 

4. Explosive atmospheres

Fuel sources are common in industrial plants with the use of natural gas, propane, and fuel oil often replacing more expensive heat sources. This means burners and firing systems of which most operators have a limited understanding. By far the most common error I see is a lack of critical system understanding: essentially, how does the burner work and what prevents the creation of an explosive atmosphere? A good example is a client who produces carbon monoxide in large volumes and must occasionally purge the system. To save costs, they elect to purge the system by moving from a reducing atmosphere in the reactor to an oxidative atmosphere by opening a relief hatch, essentially purging the system with CO₂. Not a bad approach, but one that missed a fundamental check. During a purge, the atmosphere moves from 90% CO to less than 1% CO. With available oxygen, extremely high temperatures, and naked flames, the mixture passes through the explosive range of CO at some point. No control mechanism existed to remove any likelihood of an explosion, and with safety of highest priority, that's simply unacceptable. 

5. SO₂ release

Organizations have made tremendous strides removing SO₂ from gas streams at many of the world's copper and nickel smelters. This required the installation of acid plants and the concentration of gas streams. Moving that much gas across numerous reactors requires pressure and energy. Thus, most smelters have systems containing streams of SO₂ in excess of 12% and 25,000 Nm/h. That, in addition to known challenges with corrosion in acid plants, means facilities need to understand the implications of a sudden vessel collapse and SO₂ release. Very few do. A maximum consequence study is critical to establish shutdown procedures, evacuation planning, and community notification. This is important not only for the company, but for the surrounding communities too. How do we notify nearby facilities when an event occurs and what should they do to remain safe?

Plugging the holes in layers of protection

Understanding these common areas of weakness is great, but what can we do as an industry to improve? In my experience, world-leading organizations are focused on doing a few key things well:

1. Acknowledge that solving these challenges requires deep technical knowledge of the underlying processes. Understanding how fast a cloud of SO₂ moves takes skill and experience as well as a command of CFD modelling–you can't build an evacuation plan if you don’t know for sure where the cloud is going to go.
2. Establish a clear program with C-suite support to seek out these risks.
3. Be clear that your organization is unlikely to have all the skills to evaluate all the technical details. And that's OK. Find a trusted, technically focused consultant who can help.
4. Be open to working with experts and making real changes to change how your facility and people operate.