Teaching process safety in 2017

The last 4 years I’ve given guest lectures in process safety at the Norwegian University of Science and Technology for undergrad chemical engineering students – and I’ve promised to do this also this year – this is my annual pro bono event :).

I used to work as a consultant with Lloyd’s Register, and previously I’ve used slides based on their internal course in process safety, that I also used to teach. Now I have a new job at a different firm in a different sector (information security in a devops environment – in otherwords something completely different and not related to process safety or chemical engineering).


Obviously, I need to create some new content for this year’s lectures. I’m looking forward to it, as this is a great opportunity to brush up also on the form of delivery. So, the plan so far is:

  • Basic principles (no single point of failure, risk-based design thinking, observable risks, usability)
  • Process accident examples (the fire from ice example from CSB is still great, but perhaps I can find something new to add)
  • Key safety standards, and some examples on how to use them
    • ISO 10418 / API RP 14C / NORSOK P-002 (process design and safety)
    • IEC 61511 (safety instrumented systems and safety integrity levels)
    • IEC 62443-3-3 (New! Cybersec in process systems, I think this one’s going to be increasingly relevant)
  • The mother of all accidents: overpressure
    • Blowdown systems
    • How to simulate blowdown in a simple process segment
    • Pressure equalization in compressor trains
  • New threats to process plants
    • Cyber attacks
    • Practices to make your plant less vulnerable

What more do you think undergrad chemical engineering students need to learn about safety in design?

9 thoughts on “Teaching process safety in 2017

  1. Good luck with new job. Sound interesting.

    I would add a slide or two about the development of a typical process accident : loss of containment, dispersion of released gas, ignition, fire and/or explosion, response of structure and equipment and escalation. I would focus on the physics to underline that one needs (at least some) understanding of the underlying physical properties to really understand how an accidents develop and how they can be avoided.

    Liked by 1 person

    • An inescapable fact is that conditions, behaviors, actions, and inactions were what they were because those in authority wanted them that way, tolerated their being that way, or didn’t know that they were that way. This applies from the work location to the top governance and regulatory oversight.

      Observation: Situational awareness is a prerequisite for acting accountably.

      Quotation: “What is permitted is promoted.”- Unknown (for now)

      Observation: This has yet to be addressed for Fukushima.

      Quotation: “Truth? You can’t handle the truth!”-The character Colonel Jessup in the movie “A Few Good Men .”

      Observation: Unless the harmful behaviors and/or inactions of those in authority are corrected those behaviors and/or inactions are left to become involved in the causation of future harm.

      Quotation: “A fish rots from the head back.”-Old Russian proverb

      Observation: Leadership by example is a chilling effect when the leaders do not report the nonconformities that their subordinates know that they know about.

      Quotation: “…the people in a big system like NASA know what has to be done—without being told.” –Richard P. Feynman, Presidential Commission on Challenger

      Observation: “See no evil; hear no evil; speak no evil” appears to be a high level mantra protected at all costs.

      Quotation: “Quis custodiet ipsos custodies?” -Juvenal (Roman poet-2nd Century CE) A modern translation is “Who will oversee the overseers?”


  2. An inescapable fact is that unless the simulation of an occurrence, episode, condition, task, service condition, or the like is faithful to the actual the conclusions can be materially misleading. Simulation fidelity can be affected by differences affecting the situation, the participants, the conditions, the conditions, the behaviors, the actions, the inactions and the like.

    Simulations include all measures to model an occurrence, episode, condition, task, service condition, or the like artificially. Simulations include simulator simulations, dry runs, dress rehearsals, qualification tests, drills, table top exercises, and much, much more.

    Simulations of an activity, action, service condition, or phenomenon can be prospective to foresee the outcomes or retrospective to analyze possible alternative outcomes.

    Observation: In the movie “Sully” the simulations that resulted in safe landings at La Guardia Airport and Teterboro Airport had numerous infidelities. These infidelities included 1) the simulator pilots were drilled on the exact casualty, but the real pilots had not been so trained, 2) the simulator pilots had numerous “free trials” to perfect their performance, but the real pilots had one shot, 3) the simulator pilots could begin action immediately after the bird strike, but the real pilots had to take time to diagnose the situation.

    Observation: In the movie “Sully” the simulations that resulted in safe landings at La Guardia Airport and Teterboro Airport were examples of “preconditioning”, i.e., conducting a simulation, test, surveillance, or the like under circumstances that make it highly likely that the results will be favorable . Preconditioning indicates shortfalls in integrity, and, perhaps, competence, compliance, and transparency.

    Observation: Part of the causation of the Fukushima Explosions and Meltdowns included the failure of the safety analysts to effectively model the tsunamis that were well known to accompany the earthquakes to which the plant was designed. The simulations concentrated on ground motion, but ignored sea hydraulic effects.

    Observation: Part of the causation of the steam generator tube leaks resulting in the decommissioning of San Onofre Nuclear Generating station Units Two and Three included the failure of the computer simulation to effectively model in-service tube vibration.

    Observation: The causation of the collapse of the Hartford Civic Center Roof in 1978 included unfaithful representation of the actual structure in a “state-of-the-art” computer program .

    Observation: The retrospective simulation of the mid-air collision of the F-16 Fighter Jet and the Cessna 150 in July 2015 in South Carolina showed some of the details of the Cessna’s flight trajectory as well as some of the details of the F-16’s flight trajectory , thus revealing some elements of the causation.

    Liked by 1 person

  3. I too have presented the gamut of seminars from detailed course subjects to focused short courses to one and two-day seminars and single “guest lectures”. You have experience already, so if it works for you I won’t suggest major changes. Reviewing and updating material is always recommended for a teacher, but it may not be necessary or desirable to throw our everything – unless you have a specific prohibition or cannot get permission to use previous work-related materials going forward.

    So, my caveat is that we usually include TOO MUCH detail! I try to discuss with the regular lecturer what has been covered, and what will be covered in the course. If they miss an important topic, bring it up with them, not in the presentation. A guest lecture should bring the theory and application to “life” for the student – demonstrating how what they are studying has real importance in the “real world”.

    However, it cannot and should not attempt to do more than introduce the topics with relevant examples. GOOD results are very helpful to use as well as the normally-used “catastrophic” events! WHY are things like HAZOPs, accountability, cybersecurity and layers of protection so important? Don’t get mired in how any of them are actually done – you want to motivate the students to learn that in detail from the compelling overview you are giving them.

    You may not even have enough time to “list” all of the important topics. Without some example or description, a simple (and long) list would just be boring. So, you may need to select the MOST important 5 – 10 practices to focus on. For example, mentioning the necessity of good procedures in passing is fine, because it is a bedrock of good safety practices. However, incorrect procedures are rarely the cause of incidents, so “getting them right” isn’t a high priority for this type of lecture. Why they may be ignored, as often is the case, may be a better focal point in this case.

    I like to teach because it helps me to stay current and to ensure that I really know what I am talking about. So, enjoy the work of research, compilation, practice and finally delivery! I always ask myself – as an industrial manager – WHAT would I hope these students know well, if they are going to work in MY plant?

    Best regards,


  4. Another aspect is the design for operability. Most of the accidents occur at the start-up After maintenance or modifications. The management of safety and the human and organisational factors are Key points in my opinions.

    Liked by 1 person

    • Thanks, I agree with that too – a very good point! Previously I have used CSB movies to demonstrate that operability aspects and poor management are usually identified as key factors in the accident chains. Both the “fire from ice” about dead legs and the Texas City investigation summary are good intros to discussions about these things. An earlier colleague of mine also suggested to include a description of accident chains, which I think is a very good perspective missing from must university materials on process safety today – and especially if we want to integrate the human factors perspective.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s