Introduction To Technical Safety y

HAZARD IDENTIFICATION
What can happen What causes it to happen What's stops it happening What protects us if it happens pp

Changed plant Changed process

New people Changed roles New technology g New knowledge

Periodic requirement Near miss / incident Poor performance of controls

PEOPLE

SMS

PLANT

HAZARD ASSESSMENT
Improved procedures Improved training Verification & examination of SCE Risked based inspection

New Plant Process safety management

New Staffing patterns . Revised responsibilities More informed employees p y

HAZARD MITIGATION

How bad will it be How How likely will it happen Are the risk tolerable Where should we focus our effort to reduce risk

Todays Today s Objectives

What technical safety is about why do it when to do it key principles & techniques be able to participate in reviews

Oil and Gas Technical Safety

LPG Oil LNG

Drilling rigs

Technical Safety is applicable to all scopes, subsea, topsides, drilling rigs, FPSO etc

Oil and Gas

Oil Sands

Everyone is Responsible for Safety

In the oil industry y EVERYONE is responsible p for safety y From the lab technician to the cleaner to the managing director Nobody wants to be involved with a major accident Nobody wants to see their fellow coworkers injured or killed as a result of their work Nobody wants to see their jobs or business destroyed

Two aspects of Safety

There are two aspects of safety
- PERSONAL SAFETY - PROCESS SAFETY
Personal Safety: I id t that Incidents th t have h the th potential t ti l to t injure one person and generally occur due to individual work habits. Occupational incidents slips/trips/falls, struck-by incidents, physical strains, electrocution. Generall OHS are a Generally avoided oided b by wearing PPEs & following procedures.

Process Safety:
Process safety hazards can give rise to major accidents involving the release of potentially dangerous materials, the release of energy (such as fires and explosions), or both. These are events t that th t have h the th potential t ti l to t lead l dt to multiple fatalities and/or major environmental damage. Process safety management ensures there are Adequate Barriers to MAEs. MAE s.

Slide 5

An effective personal safety management g system y DOES NOT prevent major accidents events!

Two aspects of Safety

PROCESS SAFETY
I Increasin ng Conse equences s of Even nt

PERSONAL SAFETY

Po ss ibl e

Es ca lat ion

Lo P o ss es ten in tia l cr ea si ng

Major Accident Hazard Risks

Occupational Health & Safety Risks

Increasing Likelihood of Event

Why have a Safety Case

Major Industrial Disasters Flixborough UK Flixborough, UK, 1974 Explosion 28 workers killed (happened on a weekend so plant was minimal manned) Piper Alpha 167 killed in 1988 Clapham Junction Rail disaster (35 fatalities) Phillips p 66 Texas

All disasters above had Common Findings & Recommendations

Conclusion : Prescriptive approach not appropriate- move to a goal based approach, approach described in a Safety Safety Case Case. Prescriptive regime does not require identification and understanding of hazards. Involve workforce awareness of hazard management.
Petrobras PP-36 Brazil, 2001 Temsah Platform Egypt, 2004 High Platform Mumbai, 2005 Texas City Texas 2005

Footer

Other Safety related legislation

July, 1976 Seveso, Italy June, 1974 Flixborough, g , UK

- poorly designed temporary piping failure - 28 killed - dioxin cloud 6 km x 1 km - >100,000 , people p p exposed

Dec, 1984 Bhopal, India Nov, 1984 Mexico City

i rupture t - LPG pipe led to bleve - 650 killed - Methyl Icocynate leak - >2000 deaths

July, 1988 July Piper Alpha, North Sea

- Poor maintenance procedures causes overpressure, fire & explosion - 167 killed

Oct, 1989 Pasadena, USA

- Seal failure on ethylene th l reactor t leads to explosion - 23 killed

1982 European Community Seveso Directive

1984 1986 UK US Control of Emergency Industrial Major Planning and Accident HazardCommunity Right Act to Know Act

1992 US OSHA 1910.119 PSM of Highly Hazardous Chemicals

1996 US ISA S84 Application of SIS for the Process Industries

2003 World IEC 61511 SIS for the process industry sector, 8 Parts 1-3

Typical contents of a Safety Case

Operations Safety CASE

Part 1 Introduction and Management Summary

Part 2 EHS Management System Description-

Part 3 Facility p Description

Part 4 Formal Safety Assessment s & Hazards and Effects Analysis

Part 5 Management of SCEs

Part 6 Remedial Action Plan

Part 7 Conclusions

Slide 9

Examples p of Major j Accident Events

Helicopter crash Turret Failure Projectile / Missile impact Structural damage

Cargo g Tank Explosion p

Dropped pp Objects j

Ship p collisions

Surface Blowout

Riser / Pipeline Releases Process HC Releases Fires /Explosions

Offshore Training pack

Establish Design Integrity and Safeguard it during Operations

Project Phase Establish Integrity by identifying MAE, SCE ( Safety Critical Elements) producing Performance Standards(PS) all contributing to the establishment of Technical Integrity (TI). In the operation phase, safeguard integrity by maintaining equipment, reviewing, verifying and assuring integrity using performance standards standards, corrective action should be closed out appropriately all leading to maintaining TI.

Technical Integrity Management

MAXIMO

MAJOR ACCIDENT EVENTS (MAE)

Safeguard Technical Integrity

WHAT HOW WHO

Audit
Corporate Audit Audit Program MA Class Verification Regulator
KPI /Target Verification Competency Assurance Operator Maintainer

Status Judgement

Verify

Peer /Third Party Verification Maintenance Inspection

Asset Manager / ICP

Status Judgement
Status Report

Testing

Review

Compliance KPI Effectiveness Review

Risk Overview Risk Overview

MOC Standards , Regulations , & Class Compliance

Technical Authority / OPS Manager

Monitor

Critical Information Engineering TI Maintenance Status Processes Inspection Compliance Safety Action Monitor Compliance Case Tracking Morning MOC SC Equipment Performance and Audit call Maintenanc Standard Trip Process Compliance &e Condition S Surveillance ill C diti Classification etc t
Change Management System BOD ,/ Technical Std Stds s Operating Envelope Production Accounting System Competency Management System Incident Investigation Management Regulations Legislation

Status Judgement
Technical Integrity / Safety Engineer

Status Judgement
Process Owner Implementer

Process Procedure

CTO
Risk Management Maintenance Management Sys Permit

to work

Technical Integrity Process

Gap

But are design should be Inherently Safe in the first place

1 . Minimise use smaller 2 . Substitute replace a material with a less
Hot Oil Gas THE BASICS Fewer hazards Fewer causes Reduced severity Fewer consequences Hot Water

quantities of hazardous substances Gas

hazardous substance

3 . Moderate use a less

hazardous condition, a less hazardous form of a material, or facilities that minimise the impact of a hazardous material or energy

complexity and make operating errors less likely and that are more forgiving of errors which are made

4 . Simplify design facilities that eliminate unnecessary

barg

barg

Typical Safety Systems

S f t Systems Safety S t General Design Layout HAZOPS & DEsign Reviews Command & Control Command Communications Emergency Power & UPS Control Room E Ergonimics, i i etc. Control & Mitigation Process Control & Alarms Segregation & Isolation I l i F&G Detection ESD Blowdown Active Fire Protection Passive Fire Protection Fire Barriers & Penetrations Materials Handling Protection Hazardous Area Classification Galley Fire Protection Systems Habitability HVAC Emergency Lighting Escape & Evacuation Escape Routes Lifeboats Liferafts Ladders & Chutes, etc Lifejackets Lifebuoys Personal Protective Equipment Pyrotechnics EPIRBS Helideck Crash Rescue Kit Recovery Helideck wave wave-off off Emergency Power Active Fire Protection

Hazard and Risk

Potential hazard Undesired event Protection layers Risk = Frequency x Consequence Th objective The bj i iis d driving i i the h risk to a tolerable level using Independent Layers of Protection Tolerable Risk

Intolerable Risk

Oil and Gas Technical Safety - 1

Establish Integrity
DESIGN SAFETY HAZID, HR HAZOP, BOWTIE, LAYOUT REVIEW, FMEA, HFA

HAZARD Identification

CONSTRUCTION SAFETY

CONSTRUCTABILITY REVIEWS INSTALLATION HAZID

OPERATIONAL SAFETY

Permit to work, task risk assessment, checklist, safe operating procedures

Oil and Gas Technical Safety - 2

Establish Integrity
DESIGN SAFETY EERA, TRA , EIA, HRA, QR A, FRA,HFA, ET, FT, LOPA, DO,SIL , SIA

HAZARD Assessment

CONSTRUCTION SAFETY

CONSTRUCTABILITY REVIEWS INSTALLATION HAZID

OPERATIONAL SAFETY

Permit to work, task risk assessment, checklist

Oil and Gas Technical Safety - 3

Establish Integrity
DESIGN SAFETY
PREVENTION CONTROL RESPONSE Fire protection (active & passive) F&G / ESD/ Flare / Ignition control / HVAC Overpressure protection Maintenance SCE PS Emergency Response

HAZARD Mitigation

CONSTRUCTION SAFETY

Standby vessel, the use of hot pressurised habitat, scaffolding, PPE, Approved workpacks, hot tapping, SIMOPS, PERMIT TO WORK, training ,

OPERATIONAL SAFETY

Permit to work, What if, task risk assessment, checklist, ISSOW,

Oil and Gas Technical Safety Hazard

Management Process Summary
Risk Assessment Process
HAZARD IDENTIFICATION [HAZOP][HAZID][LAYOUT REVIEW] [BOWTIE][ FMEA] [HRA] HAZARD ASSESSMNET [[FRA][EETRA][QRA][ALARP][DO][LOPA] HAZARD MITIGATION [F&G][ISD][IGNCONTROL][AFP][PFP][BLOWDOWN][FLARE] [DOP][LOPA] [ SCE]

Sources of Information

Legislation & Regulations International Codes & Standards, Industry Standards, Company Standards

New/ Major Facilities Brownfield fi / Sites Si

Task Risk Assessment -Qualitative Health Risk Assessment Safety Cases, Hazard Registers, Site Standards, Procedures, PTW HSE Bulletins, Toolbox meetings

Workgroup Non-Routine Activity

Risk Potential Matrix Inspection checklists, Induction handbooks, Incident Report feedback, Job Start meetings

Routine Activity by Individuals and Workgroups

Hazard Identification Design Safety 1a

Hazard Identification - HAZID and Hazard Register

Hazard Identification Design Safety 1b

Design Flaw (construction material) Scenario 1 Low temperature (brittle fraction) Scenario 2 External loads (heat radiation, blast,)

Hazards and their causes

Scenario 3

Wrong manipulation (operator error)

Scenario 4

LPG
Scenario 5 S Scenario i 6 Scenario 7

Fatigue

Leak
Undesired event : major leak

Mechanical failure (valve, gasket, flange,..)

Overpressure

S Scenario i 8 Scenario 9

Overfilling

Corrosion

Scenario 10

- TP Process Safety Series 2009 Safety Critical Measures

External impact (missiles, collision,)

21

Hazard Identification Design Safety 2a

Hazard Identification - HAZOP
Soft water

chemistry
100% 0%

Vent

process design p g
Plant air supply Dry air

FAL

FT

Emergency vent 600mm

AV1 HS

FI

Mixer Electrical heater Air drier Pump TI

Acrylamide Storage Tank

LAL LSH

To preparation plant LT LI FQ

Package

Package

AV2 TT TT PI AV3 Filter Control unit NRV Water Air

COMBUSTIBLE

INERT
2 Water Vent to atmosphere

TAH

Water

FLAMMABLE RANGE UFL LFL 0%

S T C HIO
Seal pot

Vent Soft Water To drain Additive

MET R

Y
Truck Acrylamide Delivery Hose

100% OXIDANT

0%

substance properties

equipment design

operating p gp procedures

- TP Process Safety Series 2009 Hazard Identification Techniques

22

Hazard Identification Design Safety 2b

Hazard Identification - HAZOP
The team investigates process parameters deviations

Hazard Identification Design Safety 2c

Guideword = More Parameter = Pressure
Deviation Cause

Potential Risk
G P

Residual Risk
Safeguard s G P Recommendations

Undesired events (UE) / Effects / Impact

UE : More pressure PIC failure F= 10-1 / y Effects : 1 tonne of C3H6 released to atmosphere 140 mb within 80 meters Probability ignition = 0,6 (CHARAD) Impact : 2 fatalities on site Probability = 1 Rupture of C1 (P= 2*Pdesign) Probabilty : 0,5 C C a ta t a a s E-2 ts 33 E-2 t r r o o p p h ih i c c

Safety valve PFD = 10-2 C a t a s t 3 E-4 r o p h i c

Consider to install a PSH (SIL2)

Hazard Assessment Design Safety 2d

Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.2 = 7.28 10-8/yr

HAZOP Accident scenario :

Risk = 5.2 10-5/yr 10 5/yr x 0.07 x 0.1 x 0.5 = 1.82 10 10-7/yr 7/yr

Risk = 5.2 10-5/yr x 0.07 x 0.1 x 1 = 3.64 10-7/yr Probability of fatality 1 0.5 0.2

Medium Leak (35 mm) = 5.2 x 10-5/yr

Probability of Wind Direction = 0.07

Probability of Ignition = 0.1

Leak

Deviation : other than water Cause : error during water drain operation Undesired event : 10 kg/s LPG to atmosphere Effects : LPG cloud with distance to LFL = 200 m, risk of flash fire Impact : fatal injuries to people outside within 200 m radius
25

- TP Process Safety Series 2009 LOPA

Hazard Identification Design Safety 3a

Hazard Identification - BOWTIES

Hazard Identification Design Safety 3b

Contaminated Fuel
Barrier Barrier

Helicopter Operations
Recovery Measure

Helideck Consequence 1 Fi Fire

Recovery Measure

Mechanical Failure

Barrier

Barrier

Helicopter crash

Recovery Measure

Recovery Measure

Injury Consequence 1 Fatality

Barrier

Pilot Error

Recovery Measure Recovery Measure

Barrier

Major equipment Structural1 Consequence D Damage

BARRIERS: Prevent MAE from occurring

RECOVERY MEASURES: Prevent or reduce the consequence of MAE

INHERENT DESIGN FEATURES + SAFETY CRITICAL ELEMENTS (Layout, Structural Integrity) (Procedures, Equipment, Tasks)

Hazard Identification Design Safety 4a

Hazard Identification - Layout Review Brownfield Projects
Considering layout and escape routes, access to Equipment, also ensuring the hazardous area zoning of the platform is not compromised

H Hazard d Identification Id tifi ti Design D i Safety S f t 4b

Hazard Identification - Layout Review Greenfield Projects
For Greenfield projects layout is a bit easier as you are starting with a clean sheet. Layout must prevent fires and explosions in areas with hydrocarbons (process area, risers etc) escalating to less hazardous and safe areas Create a safety gradient on the topsides layout from safe areas (accommodation) through to areas with maximum hydrocarbon risk by distance As much as possible (large) liquid hydrocarbon containing vessels should be located at lower elevations, HP gas equipment at upper levels Reduce the probability of flammable gas build-up and the increased likelihood of an explosion p Prevent escalation of fires and explosions

Hazard Identification Design Safety 4c

The objectives of layout design are: Segregation of different risks; To permit access for firefighting and emergency services; To minimize involvement of adjacent facilities in a fire and hence prevent further equipment failures; To ensure that critical emergency facilities are not subjected to fire damage; To minimize vulnerable pipework; To limit exposure; To ensure safe control room design; To ensure security. The following topics should be considered in early plot layout: Location of process areas and storage areas Location of people and minimization of potential exposure Site roads Traffic Buildings Effluents, sewers Fire fighting g g including g fire breaks in process p areas and access for fire fighting g g Emergency Security

Hazard Identification Design Safety 5

Hazard Identification - Human Factors Need to consider the guys who are going to maintain equipment etc
Work Environment Organizational g Structure (lighting, noise, chemical exposures, climate) (job design, communication, task) Individual Constraints (age, size, training, skills, intelligence)

Sensory Information H Human

Action

TASK
Displays Controls

Output Machine

Input

Hazard Assessment Design Safety 1

Hazard Assessment - Escape Evacuation Rescue Assessment need to know how to escape in an Emergency, where to go, Whose in charge

Hazard Assessment Design Safety 2a

Hazard Assessment - Layers of Protection Analysis

LOPA is a tool to determine the SIL (safety integrity level) of a SIF( safety Instrumented function) and evaluates the other protection layers individually by looking at the risk mitigation they lead to. Any layer of protection could be small, or significant, but overall the total risk reduction strategy should deliver an acceptable risk. risk Independent Protection Layers are often depicted as an onion skin. Each layer is independent in terms of operation. The failure of one layer does not affect the next. Designed to prevent the hazardous event event, or mitigate the consequences of the event.

Hazard Assessment Design Safety 2b

What is a Safety Instrumented System (SIS) & Safety y Instrumented Function ( (SIF) )? A SIS have several Safety Instrumented Functions to mitigate several process hazards. SIF is a safety instrumented function with a specified safety integrity level which is necessary to achieve functional safety. SIF is a function to be implemented by a SIS which is intended to automatically achieve or maintain a safe state for the process with respect to a specific hazardous event. ( (IEC61511 ISA SP 84.01) )

Process
Input Output SV

Process

SIS Transmitters Program

Safety valves

Sensors

Logic solver Final Typical applications for SIS Elements ESD - Emergency Shut Down System
HIPPS - High Integrity Pressure Protection System WHCP W ll H Well Head dC Control t lP Panel l

SIF

SIS

Logic Solver Sensors Final elements

Hazard Assessment Design Safety 2c

M I T I G Designed to perform its safety function during normal, A T abnormal, , and design g basis conditions. I The SIL is a measure of the availability of a protection O layer or barrier. Protection layers include basic process N control system (BPCS), critical alarms and human P intervention safety instrumented functions (SIF) intervention, (SIF), R physical protection and emergency response. E V All these mitigate the frequency of the occurrence of E the potential unwanted end-consequence or mitigate N th impact the i t the th end d consequence represents. t T I Performs specified functions to achieve or maintain a O safe state of the process when unacceptable or N dangerous g p process conditions are detected. SIFs are ADD ON and ACTIVE measures Need to exhaust non-SIS layers (e.g. spacing, segregation) before any requirement for SIFs SIFs. Addition of multiple SIFs (esp. SIL 2 & 3) may indicate that additional risk reduction via ISD is needed.

Why We Use Safety Instrumented System (SIS) ?

Plant and Emergency Response Blast wall Dike Fireproof

Emergency response layer

Passive protection layer

Relief valve valve, Rupture disk

Active protection layer Emergency Shut Down

SIS

Safety layer Trip level alarm

Process shutdown Operator Intervention P Process alarm l Basic Process Control System Process value Process control layer Normal behaviour

Inherently Safer Design

Process Design Layer

Hazard Assessment Design Safety 2d

SIF Safety Instrumented Function , its the individual loops that make up your SIS including any hardware software and final control element . Not always software based it could be as simple p as a p pneumatic hi/lo p pressure shutdown at a well site , or a high level shutdown on tank to prevent an environmental incident.
Traditional names: Emergency Shutdown System Critical Control Systems Protective otect e Instrumented st u e ted Systems Syste s Equipment Protection Systems Safety Critical Systems Interlocks Do I need a SIS , maybe , maybe not?

System composed of sensors, logic solvers, and final control elements for the purpose of t ki th taking the process t to a safe f state t t when h predetermined conditions are violated.

Hazard Assessment Design Safety 3a

Hazard Assessment - Explosion p modelling g
Explosion modeling Explosion overpressures Blast loading Blast and structural interaction Structural vulnerability assessment When new equipment and pipework is added to the platform it has to be designed for blast, sometime the new equipment will increase explosion overpressures offshore as it blocks explosion vents, all these need to be checked.

Hazard Assessment Design Safety 3b

Effects of Blast
Overpressure Level ( (mbar) ) 70 Damage Roof of cone-roof tank collapsed Damage to above-ground telephone and public address systems Piping, instruments and cables hit by debris, causing limited damage Instrument windows and gauges broken Breakage of gauge glasses Extensive minor damage due to debris Some fire heaters moved and pipes broken Exposed pipework and fire hydrants damaged Missile damageInstrument and power lines severed Failure of hold-down on half-full conventional storage tank Cooling tower badly damaged Failure of hold-down bolts on most storage tanks Collapse of steel stacks Fire heaters overturned Pi Pipework kb by movement t of f large l or di distortion t ti of f pipe i supports t Substations severely damaged All above ground wrecked Transformer power lines severed Some columns overturned or destroyed Failure of bracing on spheres Reactors, horizontal vessels and exchangers overturned Loss of power to motors

150

200

300

500 Within cloud

Explosion Overpressure 35 mbar

Effect
USACE CDL Superficial Damage Description of Component Damage Component has no visible permanent damage Component has some permanent deflection. It is generally repairable, if necessary, although replacement may be more economical and aesthetic Component has not failed, but it has significant permanent deflections causing it to be unrepairable Component has failed, and debris velocities range from insignificant to very significant Component is overwhelmed by the blast load causing debris with significant velocities

90% glass breakage No fatality and very low probability of injury Damage to internal partitions and joinery but can be repaired 70 mbar Probability of injury is 10%. No fatality 140 mbar House uninhabitable and badly cracked Reinforced structures distort 210 mbar Storage tanks fail 20%change 20% change of fatality to a person in a building House uninhabitable Wagons and plant items overturned 350 mbar Threshold of eardrum damage 50% change of fatality for a person in a building and 15% chance of fatal - TP Process Safety Series in 2009 open Consequences for a person the estimation Th h ld f l d

Moderate Damage

Heavy Damage Hazardous Failure Blowout

38

Hazard Assessment Design Safety 4

Hazard Assessment - Ship Impact Study
Offshore platforms are located around shipping lanes and therefore in designing the platforms/ FPSO you ought to consider what will happen if it is impacted by a ship. You cant design for every scenario, but you can determine which member can result in total collapse of platform and perhaps strengthen them for anticipated loads . You can also provide ship impact protection for the platform legs. Risers should also be protected ideally you don't want to offload cargo where the risers are.

Hazard Assessment Design Safety 5a

Hazard Assessment - Fire Risk Assessment
Modelling g - How do we do it? Identify Isolatable Inventories size / volume hydrocarbon composition Assume hole size and use design condition to calculate leak rate and subsequent q fire sizes based on ign prb.

Types of fires scenarios Jet ignited releases of high pressure gas streams p y ignited g releases of 2 p phase or liquid q Spray streams Flash / Vapour Cloud Explosion (VCE) delayed ignition of a gas cloud Pool / Sea Surface ignited releases of low pressure streams accumulated on plated deck

Hazard Assessment Design Safety 5b

Hazard Assessment - Fire Risk Assessment
How this Information is used Layout reviews Equipment - provide separation and segregation Escape ways Fire Protection Philosophy and Study Fire zones BOD Sheets Use of AFP and PFP Used in QRA model

Effects Eff t Heat released - thermal effects Products of combustion - toxic release Consequence C exposition effect = consequence Effects of fires will depend on Li id properties Liquid ti Flammability characteristics (L.F.L) Thermodynamics properties (heat of combustion, latent heat of vaporisation) i ti ) quantity of liquid or gas Atmospheric condition i.e Wind, Relative humidity

Potential target of fires People Material, structures Environment (residue of combustion)

Hazard Assessment Design Safety 5C

Fire Events

Fire size and duration - potential to cause escalation structural structural failure equipment failure / BLEVE impairment of escape routes fatalities

Hazard Assessment Design Safety 6

Hazard Assessment - Dispersion p Assessment
Used to ensure no gases or exhaust fumes or smoke can reach the helideck or crane cab, HVAC for switch rooms and accommodation during normal operations Based on isolatable inventories utilised for fire modelling What happens if the flare ignition fails, fails can the gas reach the accommodation block before shutdown of the HVAC The use of wind rose to determine predominant wind direction

Hazard Assessment Design g Safety y7

Hazard Assessment - Flare radiation modelling
Flare height determines the radiation levels on the platform and this has to be considered in the design. Minimise Minimise atmospheric emissions. Dispersion of hydrocarbon and toxic gases from an unignited flare. The impact of heat radiation on equipment and personnel. The potential for liquid carry-over to the flare. Integrity of the flare system seal/purge arrangements. Also consider crane driver in the crane cab offshore When new equipment is placed offshore you have to consider the effect of the flare on new equipment
50 45 40 Radiation kW W/m2 35 30 25 20 15 10 5 0 0 5 10 15 20 25 30 35 40 45 50 55 60 Time seconds Pain no effect Heavy sunburn 1st degree burns 2nd degree burns Fatalities

Hazard Assessment Design Safety 8a

Hazard Assessment - Event / Fault Tree
Event Tree Analysis Example
Documents the sequence of events and failures leading to an escalation of a "hazardous hazardous event" event 'Logic gates' YES/NO Can be used pre-incident or post-incident

Fault Tree Analysis Example

Documents the sequence of threats or causes that could lead to the "hazardous event" 'Logic Logic gates gates' AND /OR Strengths: widely used, clear and logical Weaknesses: diagrams can lack assumption info; complicated and time-consuming for large systems; can overlook failure modes and can be too simplistic

Hazard Assessment Design Safety 9

Hazard Assessment - Dropped Object
Items can be dropped on people , process and subsea pipelines Dropped object protection can be recommended if the likelihood of dropping on equipment is high but following ISD principles the crane should not lift over lift equipment and pipelines. pipelines

Hazard Assessment Design Safety 10

Hazard Assessment - Quantitative Risk Assessment
Sometimes we have to quantify the risk , using past equipment failure and leaks to give us likelihoods and probabilities of failure. Lots of assumptions are used and they have to be reasonable assumptions, when assumptions change the risk analysis has to be updated

Hazard Mitigation Design Safety 1a

Hazard Mitigation - Fire and Gas Detection
Fire and gas detection The use of fire and gas mapping to ensure coverage is adequate

Types of detectors Smoke Detectors (Optical/ Ionisation) ) Heat Detectors ( FT/ RoR) Flame Detectors (UV/ UVIR/ IR/IR2/IR3) Hydrocarbon Gas Leak Detectors ( Line of sight , ultrasonic) T i G Toxic Gas Detectors D t t Open Path Gas leak Detectors VESDA

Hazard Mitigation Design Safety 1b

Hazard Mitigation - Fire and Gas Detection

Provide rapid and reliable indication of the occurrence of a hazardous event involving fire and/or loss of containment of flammable or toxic inventories to : Emergency Shutdown (ESD 1) of affected Fire Zone ( on confirmed gas detection or fire detection ) Initiate Alarms Trigger emergency isolation and depressurisation of hydrocarbon inventories Initiate fire water deluge g system y (fire, sometimes toxic or flammable gas) Initiate CO2 or INERGEN or FMC 200 fixed fire extinguishing systems Trip power generation and electrical equipment Increase ventilation in enclosures Close dampers in HVAC air intakes

Hazard Mitigation Design Safety 2a

Hazard Mitigation g - Fire Protection
Active fire protection ( fire pumps, ringmain, deluge valves and nozzles) Passive fire protection ( fire walls, chartek, blast wall, fire blankets) Design for blast possible explosion overpressure J 45/ H60, 0.3 bar Blast wall

A 60 Firewall

Hazard Mitigation Design Safety 2b

Hazard Mitigation g - Fire Protection
The duration of the required stability and integrity A = 60 minutes H = 120 minutes J = J-class is not a standard fire rating. SEV specification retains H capabilities of 120 minutes Coatings on Bulkheads - For A / H / JF ( with wire mesh ) Prefabricated GRP Panels - For A / H / JF Prefabricated Panels with insulation - For A / H / Not JF Critical Structural Members / Risers / Flare Structure / Supports Intumescent or Cementious coatings - For H / JF ( with wire mesh) Risers / ESDV's / Equipment / Panels GRP Cast Sections for risers and boxes for ESDV Intumescent half shells Penetrations : Seals suitable for For A / H / JF Fire Barriers / Partitions between areas eg Process / Non Process :

C 1 200

Standard Fire Curves Temperature vs. Time

1 000

Jet fire Hydrocarbon fire

800

Cellulosic fire
600

400

200

10

20

30

40

50

60

minutes

Hazard Mitigation Design Safety 3a

Hazard Mitigation - Emergency Shutdown
In the event of a process upset that can lead to loss of containment or hydrocarbon leak we need to shutdown the process unit and sometimes the platform immediately so the event does not escalate to other areas of the Platform.
ESD0 Total Black-Out (if applicable) Restricted area ESD1-1 Emergency Shut-Down Fire Zone 1 SD2-1.1 Functional Unit Shut Down Unit 1.1 SD2-1.j... Functional Unit Shut Down Unit 1.j... ESD1-i... Emergency Shut-Down Fire Zone 2... SD2-i.1 Functional Unit Shut Down Unit i.1 SD2-i.j Functional Unit Shut Down Unit i.j... SD3-i.j.1 Individual Indi id al Sh Shut-Down t Do n Equipment i.j.1 SD3-i.j.k... Individual Shut-Down Equipment i i.j.k... jk

SD3-1.1.1 Individual Indi id al Sh Shut-Down t Do n Equipment 1.1.1 SD3-1.1.k Individual Shut-Down Equipment 1 1.1.k... 1k

SD3-1.j.1 Individual Indi id al Sh Shut-Down t Do n Equipment 1.j.1 SD3-1.j.k... Individual Shut-Down Equipment 1 1.j.k... jk

SD3-i.1.1 Individual Indi id al Sh Shut-Down t Do n Equipment i.1.1 SD3-i.1.k... Individual Shut-Down Equipment i i.1.k... 1k

Hazard Mitigation Design Safety 3b

Hazard Mitigation - Emergency Shutdown
Emergency shutdown system contains different levels (process, emergency, fire & gas and if required ultimate safety system), each of them consisting in a set of safety loops. Safety loops , logic g solvers and final elements (e.g. ( g valves). ) consist of field sensors, The main purposes of ESD systems are:

To limit the loss of containment, by isolating hydrocarbon production and processing. To protect personnel, e.g. smoke and gas detection in the HVAC intakes of Buildings. To prevent ignition by elimination of potential sources of ignition. T reduce To d fl flammable bl or toxic t i inventory i t by b depressurisation d i ti th through h th the EDP system. t

ESD system shall take into account the the requirements that may arise during other possible (and likely to occur) abnormal or down-graded configurations. New hazards can appear as a consequence of the loss of essential utilities such as essential power, air, hydraulics, etc. These new hazards shall be identified, mitigated ad the associated risks shall be assessed.

Hazard Mitigation Design Safety 4

Hazard Mitigation - Overpressure Protection
Most of the plant is pressurised so what happens during an over pressure event. Relief valves are installed and during g an overpressure event they open and allow the gas to go to the flare thus preventing over pressure of equipment. Process engineers g have to size these valves for the equipment they are protecting.

Hazard Mitigation Design Safety 5

Hazard Mitigation - Drainage
Function Of Drainage Systems SAFETY Minimise uncontrolled spillage Minimise the risk of ignition (evacuation of flammable liquids away from ignition sources) Prevent escalation of a fire across the installation (containment and evacuation of flammable liquids) ENVIRONMENT Minimise direct discharge of polluted streams by channelling to appropriate treatment units Ke Features Key Feat res For Safety Safet Of Drainage - Architecture of network to prevent cross-contamination - Gas seals and fire breaks to prevent migration Closed Drains Are Connected To: - Hydrocarbon equipment under PRESSURE - Equipment handling TOXIC fluids (intentional release atmosphere not acceptable) Open drains are ATMOSPHERIC systems

Hazard Mitigation Design Safety 6a

Hazard Mitigation g - Ignition g control Due to the flammable nature of oil and gas ignition control is very important because if there is no ignition source there will be no explosion p or fires.
Precautions: > Avoiding flammable substances (replacement technologies) > Inerting I ti (addition ( dditi of f nitrogen, it carbon b dioxide di id etc.) t ) > Limitation of the concentration by means of ventilation

Ignition sources identification: Apparatus which, separately or jointly, are intended for the generation, conversion of energy capable of causing an explosion through their own potential sources of ignition

Measures to limit the effect of explosions to a safe degree: > Explosion pressure resistant construction > Explosion relief devices > Explosion suppression by means of extinguishers, deluge, etc

Hazard Mitigation Design Safety 6b

Hazard Mitigation g - Ignition g control

According to Standard EN 1127-1, 13 types of ignition sources :
Hot surfaces Flames & hot gases Mechanically generated sparks Electrical apparatus Stray electrical currents, Cathode corrosion protection Static electricity Lightning Electromagnetic fields Electromagnetic radiation Ionising radiation Ultrasonic Adiabatic compression, shock waves, gas flows Chemical reactions

When handling a number of different flammable fluids, , classification to be based on the most volatile fluid anticipated. Keep in mind that it does not address scenarios of major releases under catastrophic failures (ex rupture of a pressure vessel), but do not forget scenarios of operation and maintenance of equipment. Do not forget drain traps on process decks (potential Zones 0 & 1). Reduce risks through design improvements by reducing release sources, by grouping equipment and by optimizing ventilation. Avoid non hazardous area surrounded by hazardous areas (unless ventilation protected enclosure). Once minimum extent is determined determined, utilize distinct landmarks for the actual boundaries, to permit easy identification by operators.

Ref ATEX directives implementation guide

Hazard Mitigation Design Safety 7a

Hazard Mitigation - Hazardous Area Classification
Zone 0. In which ignitable concentrations of flammable gases or vapours are present continuously, or in which ignitable concentrations of flammable gases or vapours are present for long periods of time. Zone 1 1. In which ignitable concentrations of flammable gases or vapours are likely to exist under normal operating conditions. (for a full definition refer to API RP 505). Zone 2. In which ignitable concentrations of flammable gases or vapours are not likely t occur in to i normal l operation, ti and d if th they do d occur will ill exist i t only l f for a short h t period (for a full definition refer to API RP 505).

Equipment q p spacing p g

Hazard Mitigation Design Safety 7c

Hazard Mitigation - Hazardous Area Classification
IDENTIFICATION OF LEAK SOURCES FLUID CLASS AND CATEGORY GAS BUOYANCY

CODE (IP15, API 505,)

CLASSIFICATION AND EXTENT OF HAZARDOUS AREAS

EXTENT OF ZONES

FREQUENCY OF RELEASE

GRADE OF RELEASE

TYPE OF VENTILATION Secondary grade release: Flanges & piping connections, valves, tapings PSV, , vents, , sample p points, p , which in normal operation p do not generate release to atm Most pumps, compressors, No release sources: Pressure vessels, atm tanks, welded pipe, sealed drums,

Continuous grade release: Within tanks, above liquid interface, temperature > flashpoint s mps sumps Primary grade release: Sample points, PSV discharge, vents Pig launchers & receivers, sumps Some pumps, compressors, filters (if releases are part of normal operation)

Hazard Mitigation Design Safety 7b

Hazard Mitigation g - Hazardous Area Classification
The lowest temperature at which, when mixed with air at normal pressure and as a consequence of chemical reactions initiated on account solely of t temperature, t the th substance b t will ill i ignite it and db burn i in the absence of any initiating source of spark or flame.

Temperature class

Hazard Mitigation Design Safety 7d

Hazard Mitigation - Hazardous Area Classification
Classified : All hydrocarbons handled at a temperature above their flashpoint are liable to generate hazardous areas,or whose flashpoint is below 37.8C (ref API 505 & NFPA 497) Unclassified : Liquid hydrocarbons with a flashpoint > 100C

Flammability limits change with ith Inerts Temperature Pressure

Hazard Mitigation Design Safety 8a

Hazard Mitigation - HVAC & Ventilation
HVAC unit usually is placed between the helideck and the roof of the quarters. The living quarters and electrical switch rooms also requires q a ventilation system y , in the event of a gas release or fire the HVAC damper shut off preventing gas ingress. Note normally you will have fire and gas detectors at HVAC inlets to detect gas and shutdown damper p especially p y if HVAC inlet is in close proximity to the process area.

Hazard Mitigation Design Safety 8a

Hazard Mitigation - HVAC & Ventilation
Dilution ventilation (of enclosed areas) : Adequate ventilation = open area : Ventilation at such a rate that the probability At least 12 air changes/hr with no stagnant of formation of a flammable atmosphere is areas. so low that the area can be considered nonnon Ventilation V til ti air i can b be t taken k f from a nonhazardous (i.e. gas concentration < 20% hazardous area, or an external Zone 2 LFL). area, but must not be drawn from either Zone 0 or Zone 1 area.

Importance of ventilation (enclosures containing a source of release): Grade of release Continuous Primary Secondary q Adequate ventilation Zone 0 Zone 1 Zone 2 Inadequate q ventilation Zone 0 Zone 0 Zone 1 Dilution ventilation Non hazardous Non hazardous Non hazardous Overpressure p protection N/A N/A Zone 2*

* Only in conjunction with adequate ventilation, when surrounded by zone 0 or 1 area.

Hazard Mitigation Design Safety 9a

Hazard Mitigation - SAFETY CRITICAL ELEMENTS ( SCE)

Hazard Mitigation Design Safety 9b

SCE example Scenario Consequence potential Safety Critical Measure Major leak probability control valve
Upon failure of ESD system Upon success of ESD system : :

: Vapour cloud explosion due to major leak at control valve in 6 inch feed line from LPG sphere : Catastrophic (estimation using TOTAL risk matrix) : Automated ESD system rated SIL2 (PFD=10E-2) : 1.25E-4/yr (source : CHARAD 5) for 1 inch leak
formation of major flammable vapour cloud with potential catastrophic impact in case of ignition* formation of limited flammable vapour cloud with limited in case of ignition*

LPG sphere Logic solver

Gas detection

- TP Process Safety Series 2009 Safety Critical Measures

ESD system

Control valve

66

Hazard Mitigation Design Safety 10

Hazard Mitigation - Performance Standards ( PS) SCEs should have performance standards

PS Description Identifies System, linkage to MAE/Bow-Tie, Scope (Individual SCEs e.g. e g Shut Down Valves) and PS Goal (e.g. Isolation of Hydrocarbons). Function Performance Standard (Isolation of Hydrocarbons), Performance Criteria (e.g. Leakage Criteria or closure time referenced against a standard) & Assurance Task (e.g. Valve Function & Leak Test) via maintenance activities (e.g. AMOS, maximo, i SAP) t to h help l d demonstrate t t th that t th the critical iti l systems t achieve the performance standard with the required reliability throughout their life of service. Reliability/Availability, Survivability & Interdependency Level of performance (e.g. ESDV should achieve 100% reliability/availability of service) and interdependency (e.g. ESDV links with ESD system).

Hazard Mitigation Design Safety 11

Hazard Mitigation - Emergency Response No fire trucks offshore just the trained fire fighting team but cant can t fight a major fire

Process design issues resulting in accidents

Spec breaks at the wrong location Material of construction not specified for minimum temperatures expected Not meeting code requirement for area Wrong fitting for piping and fittings Tanks and Vessels Not Meeting Regulatory Requirements Sizing Secondary Containment Improperly q p Not Spaced p Properly p y Equipment Forgetting Buried Lines at Production Facilities Not Installing any measures for Corrosion Control MECHANICAL RISKS due to Low temperature weakening of not resilient construction materials High temperature weakening, particularly with plastic construction materials High stress due to dilatation or bad supporting Cavitation Water hammer Vib ti Vibration

HAZARD REGISTER
Becomes the summary of Hazard Identification Identification, Assessment and Mitigation

DESIGN SAFETY FEATURES - OFFSHORE

Open Process Area grated decks, decks open sides therefore less explosion overpressures
THYLACINE WELLHEAD PLATFORM

Plated Main Deck reduces the likelihood of escalation between main deck and mezzanine deck

Utilities separate from Process, Process segregation of hazardous area from no hazardous area by distance Main Deck limits escalation
Mezzanine Deck

Cellar Deck

Duplex Stainless Steel Process less corrosion issues when you start operating Passive Fire Protection around RESDV the RESDV will survive for some time if impacted by a jet flame

S u bC e lla rD e c k Firewall

Riser inside jacket legsprevents shIp impact with risers

DESIGN SAFETY FEATURES - ONSHORE

Buffer zones between high g risk p process LPG bullets mounded Truck loading separate from Process area

Single Process Train

Admin away from Truck & Process area

Slugcatcher separated from process & sized optimised

Passive Fire Protection on key supports/vessels

MCC Explosion Resistant

Technical Integrity (TI) is all about management of SCE ( HAZARD MITIGATION MEASURES) )
H A
Safe Operation

Risk Control Dimensions

Shutdown S t Systems

Hydrocarbon Leak Major j Accident

Z A R D S A
Plant Design

Prevention Barrier C Permit to

work

B Inspection
and Maintenance

Staff Competence

Mitigation Barrier H G
Alarms & Instruments Emergency arrangements

D Plant change
management t

EOperational p
Procedures

C O N S E Q U E N C E S

Plant Inspection & C A 8 Dimensions of B Integrity Monitoring Design Maintenance

Permit to Work

DPlant Change E
Management

Operations Proedures

Staff Competence

Alarms & Instruments

Emergency H Arrangements

Mech Integrity Ignition Control Fire & Blast walls location

Thickness

mment PM checks Equip online Equip. Condition monitoring

Significant Failing in just one critical barrier sometimes is sufficient to cause incident Continuous monitoring & testing of Barriers is needed through suitable tools

Temporary procedures for changed situations Each Barrier is important risk assessed. Concurrent failure in barriers can result in Near Miss or MAE Case to operate

Defined & understood scope of work Hazards identified identified, risk assessed & Controls in place Work authorised

Risk assessment for potential impacts Authorised management of change

Standardsd Operating Procedures Periodical review done

Role specific competency criteria for process safety Periodic inputs for updating Periodic assessment

Fire & Gas alarms Routine monitng of alarms / trips Defined procedure for management of inhibits / overrides

Periodic testing of ESD / trips and emergency systems Periodic Mock drills of ERP Emergency procedures updated

Role of Performance Standards driving TI

Summary Hazard Identification/ Assessment/ Mitigation

Development p of systematic y hazard identification processes Identification of gaps in controls measures Recognition of a need for ongoing improvement in control measures Increased layers of protection and control measures Improved emergency plans

BP TECHNICAL SAFETY PROCESS

Effec ctiveness of Ris sk Reduction Ef ffort Group risk reporting (MAR) line
Risk Level at different CVP stages

Inherently Safer Design (ISD)

Includes Concept, Selection, Layout and Structural Optimisation Measures

Contin uous Risk Redu ct

Safety Critical Design Measures (SCDM)

ion

Residual Risk
P Procedural d l Measurements

Appraise

Select

Define |

Execute

Operate

TOTAL TECHNICAL SAFETY PROCESS

Figure 3
Step 1
S Scenarios ii & S Scenarios & Critical Critical Events Events Register Register Hazardous Hazardous Events Events Hazard Hazard Identification Identification

Step 2

Preliminary Preliminary Risk Risk Assessment Assessment

Step 3

Detailed Detailed Analysis Analysis of of Scenarios Scenarios

Safety, Safety, Environment Environment & & Asset Asset

Quantitative Quantitative Risk Risk Analysis Analysis (QRA) (QRA)

Safety SafetyIndividual Individual Risk Risk

Scenario Scenario RiskAssessment Evaluation Risk

Individual Risk Assessment of Evaluation Individual Risk

Step 4
Iterations

Risk Risk Reduction Reduction Workshop Workshop ALARP ALARP Demonstration Demonstration e o st at o Cost Cost Benefit Benefit Analysis Analysis

Iterations

Step 5

Action Action Plan, Plan, Risk Risk Register Register

Common to both methods QRA method

Scenario based method

Sometimes we can still g get it all wrong g

Even before the platform reaches its final location we need to ensure we design adequately for the transportation phase .

.. the wonderful sight of the completed platform sailing away towards the sunset ..

.. but unfortunately, the design engineer didnt get his calculations quite right ..

Main hazards of substances

Flammability Oxidizing agents Pyrophoric products Instability Reactivity Toxicity Corrosivity

ACETYLENE :FLAMMABILITY LIMITS (% by volume in air):Lower: 2.5Upper: 100 an extremely wide id range!!!!Other !!!!Oth chemicals with wide range : hydrogen, ethylene

FLASH POINT -Temperature above that the vapour pressure of a liquid can be ignited by a flame in a given atmosphere (generally : air) MINIMUM OXIDANT CONCENTRATION -Minimum concentration of the oxidant (generally oxygen) in the atmosphere to allow the combustion of a given combustible AUTO-IGNITION TEMPERATURE -Lowest temperature above which a given combustible can ignite spontaneously at an optimal concentration in a given atmosphere (generally : air) MINIMUM IGNITION ENERGY -Lowest Energy of an electric spark able to ignite a mixture at the optimal concentration of a given combustible in a given atmosphere (generally : air)

Things g to consider at HAZOP

Low pressure: force is pressure time area so at low pressure if area is large force becomes large. A pressure of 100 mbarg on a surface of 1 1.77 77 m results in a force of 17700 N N. A force of 17700 N can give an acceleration of 9 9.8 8 m/s to a weight of about 1800 kg which is like 1800 kg falling from a height !!! Vacuum : Most equipment can not withstand underpressure. A very slight pressure drop (< 100 mbarg) is sufficient to damage equipment not designed for vacuum (tanks, vessels, etc.). Small bore piping: Risk factors are Diameter, Pressure, Vibrations & insulation. Design of small bores: should consider layout, Schedule, Material selection, and avoid Excessive load Importance to include Materials and Corrosion in process development. Materials can play a role in corrosion but also process conditions. A chemical product can be corrosive to a given material in givenconditions and not in other ones HIGH TEMPERATURE due to Control failure Cooling failure External fire LOW TEMPERATURE due to External temperature (icing, plugging) Sudden depressurisation of liquefied gases HIGH LEVEL and OVERFLOW due to Control failure Bottom connection of two tanks of different height OVERPRESSURE due to Control failure Cooling failure (distillation condenser) Overheating (external fire, ambient temperature, ) Vent plugging (polymers, crystallisation,) Badly designed collecting network (back pressure) Badly designed pressure limitation devices

Degradation modes encountered

Corrosion (uniform (uniform, Pitting Pitting, Crevice, Crevice Stress Cracking Cracking, Intergranular, Galvanic, Selective, erosion, H2) Abrasion / wear / friction Fatigue High temperature corrosion Creep + combination of these modes Ageing of polymers Permeability

Prevention of leaks and spillages Tightness of equipment assembly Upper and lower limit of pressure and temperature Flanges facing carefully chosen in sever operating conditions Number of flanges to be minimized Assembly checked Tightness of mobile element Pumps Double mechanical seals or tandem arrangements Magnetic drive pump Valves B ll Bellow fitted fitt d valve l Prevention of leaks and spillages Strength of equipment Rules of design Regulations External recommended rules Internal recommended rule Potential corrosion to be taken into account Control of overfilling Instrumentation (level control, alarm, high level trip) Suitable relief discharge g with g gas/liquid q separating p g drum upstream p from treatment facility \Safety valve Emergency isolation valves or shut-off valves to prevent a serious leak Remote operated valves (operator) Automatic operated valve (part of a fully automatic system based on physical parameter sensors and/or gas detectors) Excess flow valve Shut off or reduce leaks Emergency material transfer

Controlling ignition sources Sources of ignition To identify and tend to eliminate them Some examples Electrical; friction; hot surfaces; burner flames; static electricity l t i it spark; k etc Controlling static electricity Bonding and grounding Relaxation Increasingconductivity with additives Dip pipes Controlling ignition sources Controlling electrical equipment Hazardous area classification Directive 1999/92/CE (ATEX 118a for safe use) Zone 0; 1; 2 for gases (20;21;22 for cloud of combustible dust) Classification of equipment Di ti 94/9/CE (ATEX 100a Directive 100 for f free f trade) t d ) Group II Category 1; 2; 3 Safeguarding of electrical equipment Selection of electrical equipment Directive 1999/92/CE Correspondence between zones and categories

Mechanical Integrity Scope (29 CFR 1910.119)(j)

Vessels

Pressure vessels Storage tanks Piping Systems Components (valves, connections, etc.) Relief valves and components Flare system (including headers, flare tips, knock-out drums, etc.) Master control devices Remotely operated valves Monitoring devices (LEL detectors, UV flame detectors, etc.) Alarms Suppression systems Safety Instrumented Systems (SIS), interlocks, etc.

Piping p g

Relief Systems and Components

Emergency Shutdown Systems

Controls

Pumps, and other Rotating Equipment

83

Ignition Sources & Controls

Fire or Flames Furnaces and Boilers Flares Welding S k from Sparks f Tools T l Spread from other Areas

Matches and Lighters

Spacing & Layout Spacing & Layout Work Procedures W k Procedures, Work P d pneumatic ti t tools, l Sewer Design, Diking, Weed Control, Housekeeping Procedures

Hot Surfaces Hot Pipes and Equipment Spacing (>600 F) A tomoti e Eq Automotive Equipment ipment Proced res Procedures Electrical Sparks from switches/motors Static Lightning Hand Held Electric Equipment

Area Classification Grounding, Inerting, Relaxation Snuffing, grounding, injection of steam in the vent Procedures

- TP Process Safety Series 2009 Consequences estimation

84

General principles: Provide access for fire fighting Provide clearance for maintenance (safe blinding blinding, opening, etc) and removal (with mobile equipment) Heavy equipment (> 100 kg) should be located at ground level (if possible) Equipment (pumps, (pumps heat exchangers exchangers, etc) that need to be maintained, opened, etc on a regular base should be located at the boundary of the unit unit. Equipment containing flammable materials should be located away from air coolers