Home > Articles

This chapter is from the book

1-13 Inherently Safer Design

Section 1-11, “Protecting Against Hazards: Safeguards,” described how hazards are protected with safeguards to prevent initiating events from propagating into more serious incidents with consequences. These safeguards add considerable cost to the process and also require testing and maintenance—and even with these actions, the safeguards can still fail.

If we could design a process with fewer hazards, then the process would be simplified, and the safeguards reduced. This is the essence of inherently safer design—to eliminate hazards rather than to provide complex safeguard hierarchies around the hazards. An inherently safer plant uses the elimination of hazards to prevent accidents rather than depending on control systems, interlocks, redundancy, special management systems, complex operating instructions, or elaborate procedures. Inherently safer plants are tolerant of errors; are generally cost-effective; and are simpler, easier to operate, and more reliable.

Table 1-20 provides examples of the four inherently safer design strategies: minimize, substitute, moderate, and simplify. Other references12 provide more detailed strategies, but many of these additional strategies can be included in the four shown in the table. The four strategies listed in Table 1-20 are the traditional strategies, though they might go by other names (shown in parentheses in the table).

Table 1-20 Inherently Safer Design Strategies


Example applications

Minimize (intensification)

Replace a large batch reactor with a smaller continuous reactor.

Reduce storage inventory of raw materials.

Improve management and control to reduce inventory of hazardous intermediate chemicals.

Reduce process hold-up.

Substitute (substitution)

Use mechanical pump seals instead of packing.

Use a welded pipe rather than a flanged pipe.

Use solvents that are less hazardous.

Use chemicals with higher flash point temperatures, boiling points, and other less hazardous properties.

Use water as a heat transfer fluid instead of hot oil.

Moderate (attenuation and limitation of effects)

Reduce process temperatures and pressure.

Use a vacuum to reduce the boiling-point temperature.

Refrigerate storage vessels to reduce the vapor pressure of liquids.

Dissolve hazardous material in a nonhazardous solvent.

Operate at conditions where reactor runaway is not possible.

Locate control rooms remotely from the process to reduce impacts of accidents.

Provide adequate separation distance from process units to reduce impacts of accidents.

Provide barriers to reduce impacts of explosions.

Provide water curtains to reduce downwind concentrations.

Simplify (simplification and error tolerance)

Reduce piping lengths, valves, and fittings.

Simplify piping systems and improve ability to follow the pipes within them.

Design equipment layout for easy and safe operation and maintenance.

Select equipment that requires less maintenance.

Select equipment with higher reliability.

Label process equipment—including pipelines—for easy identification and understanding.

Design control panels and displays that are easy to comprehend.

Design alarm systems to provide the operators with critical information.

The minimize strategy entails reducing the hazards by using smaller quantities of hazardous materials in the process. When possible, hazardous materials should be produced and consumed on site—this minimizes the storage and transportation of hazardous raw materials and intermediates.

The substitute strategy entails replacing hazardous materials with less hazardous materials. For example, a nonflammable solvent could replace a flammable solvent.

The moderate strategy entails using hazardous materials under less hazardous conditions. This includes using these materials at lower temperatures and pressures. Other approaches include (1) refrigeration to lower vapor pressures, (2) diluting solutions to a lower concentration, and (3) using larger particle-sized solids to reduce dust explosions, to name a few.

The simplify strategy is based on the fact that simpler plants are friendlier than complex plants, because they provide fewer opportunities for error and because they contain less equipment that can cause problems. Often, the complexity in a process is driven by the need to add equipment and automation to control the hazards. Simplification reduces the opportunities for errors and mis-operation.

In the strictest sense, inherently safer design applies only to the elimination of hazards. Some of the inherently safer design strategies shown in Table 1-20 treat hazards by making the hazard less intense or less likely to occur. For instance, simplifying a complex piping system reduces the frequency of leaks and operator error, but does not completely eliminate the hazard—the remaining pipes and valves can still leak. The inherently safer design strategies that eliminate the hazard are called first-order strategies, whereas strategies that make the hazard less intense or less likely to occur are called second-order strategies.

Although inherently safer design should be applied at every point in a process life cycle, the potential for major improvements is the greatest at the earliest stages of process development. At these early stages, process engineers and chemists have the maximum degree of freedom in the selection of the reaction, chemicals, process technology, and plant design and process specifications.

Inherently safer design can significantly reduce the hazards in a process, but it can go only so far. Many chemicals and products are used precisely because of their hazardous properties. For instance, if gasoline is the product, then flammability is the necessary hazardous property for this product—this hazard cannot be eliminated.

After we have applied inherently safer design as much as possible, we can use a hierarchy of management systems to control the remaining hazards, as shown in Table 1-21. Inherently safer design appears at the top of the hierarchy and should be the first approach, followed by passive, active, and procedural strategies. The strategies closer to the top of Table 1-21 are more robust than the lower strategies and should be preferred.

Table 1-21 Hierarchy of Process Risk Management Strategies. The strategies at the top of the table are more robust





See Table 1-20.

Minimize (intensification).

Substitute (substitution).

Moderate (attenuation and limitation of effects).

Simplify (simplification and error tolerance).


Minimizes the hazard through process and equipment design features that reduce either the frequency or the consequence without the active functioning of any device.

Using equipment with a higher pressure rating than the maximum possible pressure.

Blast walls around process equipment to reduce blast overpressures.

Dikes around storage vessels to contain spills.

Separation of equipment from occupied buildings and other locations where personnel may be present.


Requires an active response. These systems are commonly referred to as engineering controls, although human intervention is also included.

Alarms, with operator response.

Process control system, including basic process control systems, safety instrumented systems, and safety instrumented functions.

Sprinklers and water deluge systems.

Pressure relief devices.

Inerting and purging systems.

Water curtains to knock down gas releases.



Based on an established or official way of doing something. These are commonly referred to as administrative controls.


Operating procedures.

Safe work practices, such as lock-out/tag-out, vessel entry, and hot work.

Emergency response procedures.


Active safeguards require the physical motion or activity in the performance of the equipment’s function; a valve opening or closing is an example. A passive safeguard is hardware that is not physically actuated to perform its function; dikes around storage vessels are an example. Procedural safeguards, often called administrative safeguards, are administrative or management safeguards that do not directly involve hardware; an operating procedure is an example.

One potential problem with inherently safer design is risk shifting. That is, application of inherently safer design strategies might shift the risk from one population to another. For example, one company used a highly toxic chemical as a catalyst in a process. The chemical was highly effective and was recycled with little make-up. The company decided to replace the highly toxic catalyst with one that was considerably less toxic—an inherently safer approach by substitution. The less toxic catalyst required a substantial amount of make-up, necessitating regular and substantial truck shipments. While the risk to the company’s employees was reduced, the risk to the community was increased due to the truck shipments along municipal roads.

Environmental impacts should also be considered in inherently safer designs. A classic example of this is refrigeration systems. In the very early days of refrigeration, ammonia was used as a refrigerant. Ammonia is toxic, and leaks of this gas can affect both employees and the surrounding communities. Later, chlorofluorocarbons (CFCs) were developed to replace ammonia. Since these refrigerants are not toxic, CFCs were inherently safer than ammonia. However, in the 1970s, CFCs were found to deplete the ozone layer. Hydrochlorofluorocarbons (HCFCs) were used for a short period since these had less impact on the environment. More recently, many refrigeration systems have returned to ammonia as a preferred refrigerant primarily to reduce environmental impacts.

  • + Share This
  • 🔖 Save To Your Account