Toward a safer tomorrow

By Stephen R. Brown

Flixborough, Bhopal, Seveso, Piper Alpha, and Mexico City: These places and their associated terrible incidents are all familiar to those involved in process safety. 

They were also the drivers for the development of OSHA 1910.119 in the U.S. and similar laws in other countries. 

The establishment of the AIChE Center for Chemical Process Safety and the development of the ANSI/ISA-84 standard were also direct results of these tragedies.

The original ANSI/ISA-84 standard came out in 1996. So, why 10 years later, do we still experience industrial accidents? 

Some companies do not address all requirements of the safety lifecycle found in the standard and have focused on the initial phases of the safety lifecycle while not providing enough resources to address the ongoing maintenance, testing, and management of change activities. 

In some recent incidents, correct decisions took place in the design phase to use redundant components to reduce risk. Unfortunately, when there was none of the mandated inspection, testing, or maintenance of these components, multiple failures led to catastrophic events.

One of the greatest problems in dealing with safety systems is the ability to "get away with" unsafe behavior many times before an incident occurs. In several cases, a plant has performed an operation such as a startup many times before an incident occurs. (See "Texas City safety saga persists" at

The design of industrial facilities should ensure thousands of years between fatalities. 

Industrial companies must take the following steps to ensure major incidents do not continue to occur:

  • For U.S. facilities, perform grandfather assessments on all existing safety systems to ensure they meet all the requirements of prior standards and are providing adequate risk reduction. Grandfathering a system does not eliminate the obligation to meet the ongoing requirements of ISA-84 and documentation may need improvement in order to do so.
  • Carefully follow the safety lifecycle. Inattention to details can turn this useful tool into an expensive way to satisfy managers without providing much benefit to actual safety. The result is either a system that does not provide as much risk reduction as it needs to or an over-designed system resulting from simplistic assumptions.
  • Consider all scenarios when performing process hazards analysis (PHA). Many actual events were "not credible" or not considered during the PHA.
  • Ensure the individuals responsible for safety-instrumented systems at the plant level understand their specific responsibilities under the applicable safety standards. This would include operations, maintenance, site engineering, and management. Job specific training and testing will accomplish this, and refresher training should be in place. At most companies, the corporate safety engineers have a reasonable understanding of the standards. At some plant sites, there may be little or no awareness of new requirements that come from these standards.
  • Adequately maintain safety instrumented systems so they function properly when required. Develop thorough maintenance, inspection, and testing procedures to ensure safety systems maintenance is consistent, even when employee turnover is an issue.
  • Conduct internal audits using individuals familiar with the facility, as well as external audits using independent professionals to monitor compliance to ISA-84 and quickly address any recommendations from these audits. Most incident reports include a sentence that states that the incident was preventable. If companies properly use the available standards, we can all look forward to a safer tomorrow.

Stephen Brown ( is an ISA member and is on the ISA-SP84 committee. He is a senior safety and control systems engineer at DuPont.