Reproduced with permission
Early in the 20th century a factory in the town of Pitsea in England manufactured the explosives using nitro-glycerine.
Making nitro-glycerine was very dangerous. Concentrated acids were mixed with glycerine in huge vats. If too much glycerine was added too quickly to the mixture, it would become unstable, and a large valve would have to be opened to quickly dump the whole batch into a large vat of water. Failure to do this quickly could have led to a catastrophic explosion.
Mostly, though it was very dull. The operator would sit at the mixing machine for long hours just looking at the dials to make sure the machine was working OK, and there was a good chance they could fall asleep on the job. A one-legged stool made sure they had to perch to stay awake . . . in all the years the factory operated they never once had to dump the Nitro-Glycerine mixture.
In other words, the worker in charge of this process (the rather stout gentleman shown in the picture) was allowed to sit down but only on a one-legged stool. Hence if he dozed off, he would fall and wake up.
Let’s consider this situation using process safety management thinking.
- The hazard is “wrong composition”, i.e., too much glycerine.
- The consequence is a devastating explosion.
- The predicted frequency of the event is very low.
Such a situation is what process safety professionals face all the time.
The difference between then and now lies in the safeguards. In the Pitsea factory the safeguard was a one-legged stool — that’s all. It was cheap, easy to maintain and effective.
Were we to build a process such as this now we would install multiple layers of protection, involving sophisticated instrumentation and backup safety devices. Such systems are expensive, require considerable maintenance and are difficult to understand. Yet they would not necessarily be more effective than the one-legged stool. After all, the process at Pitsea never experienced an explosion.
It might be thought that the time and place of this example is so distant as to be not pertinent to modern industry. But I recall, early in my career, working at two chemical plants, one in south-east Texas and the other in Europe, where the clients made large quantities of ethylene oxide (EO) — a chemical that is both toxic and highly flammable.
EO was stored in a large tanks. The tanks had no instrumentation at all. The only way of measuring the level was with a manual strapping gauge. To modern eyes this situation sounds extraordinarily hazardous, yet it worked — in many years of operation neither facility had a spill or any other type of incident to do with tanks.
The modern process safety expert could not live with either of the above examples. He or she would not accept that the level in both the nitro-glycerine vat and the EO tanks could be monitored without any type of instrumentation. He would insist on conducting elaborate studies that generate recommendations for the installation of expensive level control systems backed up with a high-integrity Safety Instrumentation System. Indeed, an industry regulation or standard may require that such a system be installed.
This new system may or may not make the operation of the tank more safe, but it will most certainly increase capital and maintenance costs substantially. Moreover, a complex system such as this is vulnerable to the Law of Unintended Consequences. If something can break it will. But with the one-legged stool, all that can break is the leg of the stool itself, and that can be fixed in no time flat.
The following Table compares the two approaches to controlling the level in the nitro-glycerine reactor using process safety management terms.
Although the above analysis is written somewhat tongue-in-cheek, it is actually an example of the application of Inherent Safety, specifically the value of Simplicity. The modern, highly instrumented approach, could be considered as an example of, “We’ve found the solution, now where’s the problem?”