|Conducting Environmental Impact Assessment in Developing Countries (UNU, 1999, 375 pages)|
|9. Emerging developments in EIA|
|9.4 Environmental risk assessments|
|9.4.11 Guidelines for disaster management planning|
The disaster management plan (DMP) should generally include the following:
· details of the specification of equipment and machineries, plot plan, and hazardous areas classifications;
· details of the risk assessment procedure adopted;
· details of the on-site and off-site emergency plan;
· details of the fire extinguishers and foams.
Source: Environmental Risk Assessment for Sustainable Cities, Technical Publication Series , International Environmental Technology Centre, Osaka, 1996.
The first step in the design of any plant is the preparation of specifications of equipment and machinery for safety considerations in the design. For example, in general for catalytic reactors the design temperature should take into account the rise in catalyst bed temperature when it becomes old or that the temperature may shoot up due to operation of the plant.
Safety considerations are taken into account while finalizing the plot plan of an industrial plant producing chemicals. Sufficient spacing should be provided between the boundaries of different sections of the plant, and the distances between individual pieces of equipment in each section should be well within boundaries limit. The distances between individual pieces of equipment bear in mind accessibility, safe maintenance space, and safety from the adjacent equipment.
To determine the suitable type of electrical installation, the entire plant area is classified into different zones according to the hazardous material likely to be present.
P & I diagrams are the documents which are prepared at the earliest stage of the design of a plant. It shows all the equipment in position, process and utility valves, instruments, control system, safety valves and other safety devices. After the zero revision, the P & I is reviewed in great detail taking all aspects into consideration, regarding safety of the plant under all eventualities. One of the methods used for the process may be a hazard and operability study (HAZOP study).
Safety considerations include the location of the tank farm, alternative access, the allowable number of tanks in a tank farm, proper spacing between tanks, proper height of the dike wall, adequate tank farm enclosure capacity, minimum distance between the tank and nearby vicinity to be conformed to, emergency venting in fixed roof tanks, provision of a pump house, provision of floating roof tanks on top of the naphtha and methanol storage tanks, proper velocity at the inlet of methanol or naphtha tanks, provision of nitrogen blanketing for the naphtha or methanol tanks, and, in case of more than one tank, provision of double block and bleed valves with spectacle fluid.
"Non-pressure'' fixed roof tanks should be suitable for working at atmospheric pressure, but be designed for an internal pressure of 7.5 mbar and a vacuum of 2.5 mbar. "Low-pressure'' fixed roof tanks should be designed for an internal pressure of 20 mbar and a vacuum of 6 mbar. "High-pressure'' fixed roof tanks should be designed for an internal pressure of 56 mbar and a vacuum of 7 mbar. See Table 9.10.
Table 9.10 Recommended types of cylindrical tanks for petroleum liquids
Type of tank
Class "I" petroleum (flashpoint below 21 °C/70°F),e.g.,
motor and aviation gasolines
(a) Floating roof
Class "II" petroleum (flashpoint above 55°C/131 °F)e.g.,
kerosene, special boiling point liquids
(a) Floating roof
Class "III" petroleum (flashpoint above 55°C/131
°F),e.g., diesel and gas oils, medium and heavy fuel oils, lubricating oils
"Non-pressure" fixed roof with "atmospheric" vents. Tanks which
contain heavy fuel oils or bitumen are insulated and
(i) Hazard analysis : risk assessment of plants
Hazard analysis should answer these questions:
1 Which materials or process streams are flammable or combustible?
2 What is their ignition temperature or what is their ignition energy requirement?
3 How fast will they burn?
4 How much heat can be generated per unit?
5 How much quantity will be available in any one area?
6 Will it explode?
(ii) Scope and objectives of risk assessment of industries
(a) To develop a risk hazard checking system.
(b) To rank the plant layout on the hazard potentials.
(c) To remodify the plant layout and identify safety measures to be undertaken within the industry, so as to minimize the on-site economic damage as well as off-site risks to the society and environment.
(d) To assist the regulatory authorities, planners, and designers to investigate plant accidents and predict the possible consequences for decision-making.
(e) To make decisions on industrial clearance swiftly and on a more rational basis.
(iii) Total risk assessment
Risk assessment consists of the following four steps:
1 Identification of possible hazardous events.
2 Consequence analysis.
3 Quantitative analysis of system failure probability from their component failure or frequency assessment.
(a) Hazard identification procedures. Effective hazard identification depends primarily upon two factors: data and organization. For well-tried processes and common materials this data will be readily available when required. However, if new conditions, chemicals, and materials are involved it may take several months to design and carry out experiments to produce the required data.
Types of hazard identification methods are comparative methods which rely upon comparing the design with some recognized code or set of design practices and fundamental methods such as HAZOP, which can be applied in almost any situation.
Comparative methods use engineering codes and practices as the standards against which the acceptability of a design is evaluated. Comparisons with codes and practices generate questions such as "Shouldn't the design be like...?'', "Why is this different from previous proven practice?'', and "Will this change cover the hazard at the same risk level?'' If the designer is unable to demonstrate that he has covered the hazard, the question is recorded for further study. Equipment checklists used by the equipment designers are also used by the hazard identification (HAZID) team to re-check critical aspects of the design.
Fundamental methods can be further subdivided.
Hazard and operability studies use guide words such as "too much'' and "too little'', which can be applied to the process parameters to generate questions such as "What if there is too much flow?''
Failure modes and effects analysis (FMEA) is based on identifying the possible failure modes of each component of a system and predicting the consequences of the failure. The method is especially useful for the analysis of very critical processes but is extremely time consuming if applied on too broad a scale.
Fault tree analysis works from a chosen "top event'' such as "explosion in Reactor 1'' and then considers the combination of failures and conditions which could cause the event to occur. Both failure modes and effects analysis are useful aids to hazard identification as they both structure and document the analysis. However, because they involve very detailed analysis of components and operations, their use in the process industry is mainly limited to the identification of special hazards where they form the basis of qualification of risks.
Hazard indices, such as those developed by Dow Chemical company and extended by Lewis, are methods which are designed to give a quantitative indication of the potential for hazardous incidents associated with a given design of plant. They require a minimum of process and design data and can graphically demonstrate which areas within the plant require more detailed information.
Event tree analysis works from a chosen event called the initiating event and is a systematic representation of all the possible states of the system, conditional to the given initiating event and relevant for a given type of consequence.
The given event may be the top event in a fault tree as well as the initiating event in an event tree. The main problem is at which level an event has to be regarded as the top event, for example, initiating event. Too high will lead to an extensive fault tree and small event trees; too low will lead to the reverse.
(b) Consequence analysis. There are three categories of dispersion model: simple "passive'', moment jet, and dense vapour cloud.
Simple "passive'' dispersion involves neutral buoyancy and plume rise for heat and momentum. It is used for those phases of gas dispersion dominated by atmospheric turbulence.
Moment jet dispersion covers high velocity release, when the released gas can be denser or lighter than air, and involves simple horizontal jet models, and complex plume path models. Moment jet dispersion is for vapour only. The jet dispersion model does assume a Gaussian concentration profile. However, the rate of dilution in jet dispersion is greater than the rate in neutral dispersion. Hence, by using the true release rate and source in the neutral dispersion model, calculations will result in concentrations which are too high.
Dense vapour cloud dispersion deals with clouds heavier than air, cold clouds, for example, LNG vapour, and liquid and vapour clouds, for example, ammonia.
Vulnerability model or probit equations have been derived for estimating, from dose relationships, the probability of affecting a certain proportion of the exposed population. These have been based almost exclusively on animal test data. The probit equation is:
Pr = At + Bt ln(Cnte)
where Pr = probability function, At, Bt, and n are constants, C is the concentration of pollutant to which exposure is made (in ppm v/v), and te is the duration of exposure to the pollutant, measured in minutes.
The consequences for toxic releases are expressed in terms of distances to specific concentrations. These are then translated into effects on people or property by means of vulnerability models, which may also require the duration of the effect.
(c) Frequency assessment and quantitative analysis. What is the probability that the system will fail on demand? What is the frequency of occurrence of the top event? Does a change in the system design improve or reduce the system reliability?
Given the "top event'', the analyst has to work logically and systematically through the system to determine how each top event can occur. Here, the required numerical information is obtained, for example the probability and/or frequency of the top event.
The application of event tree in this analysis can be illustrated diagrammatically. The nodal events in these (plant) event trees mainly concern the functionality of the engineered safety features. The next set of pinch points occur when the fault progression can determine the type and quantity of release of material from the containment. The nodal event in these (containment) event trees are mainly phenomenological questions. The probabilities are generated from the subjective assessments of accident conditions prevailing in the various fault conditions. Another set of event trees deal with the transport of hazardous chemicals in the environment and the system, when outcomes are the environmental consequences.
Hence, the frequency of any outcome is equal to the frequency of the initiating event multiplied by the probability of outcome or accident sequence.
The derivation of nodal probabilities is crucial to both on-site and off-site emergency planning and requires works managements to identify systematically what emergencies could arise in their plants. These should range from small events, which can be dealt with by works personnel without outside help, to the largest event for which it is practical to have a plan. Experience has shown that for every occasion that the full potential of an accident is realized, there are many occasions when some lesser event occurs or when a developing incident is made safe before reaching full potential.
Most major hazard accidents involve either flammable or toxic materials.
Events involving flammable materials can be broken down into (a) major fires with no danger of explosion, with hazards from prolonged high levels of thermal radiation and smoke; (b) fire threatening items of plant containing hazardous substances, with hazards from spread of fire, explosion, or release of toxic substances; and (c) explosion with little or no warning, with hazards from blast wave, flying debris, and high levels of thermal radiation.
Events involving toxic materials can be broken down into (a) slow or intermittent release of toxic substances, for example, from a leaking valve; (b) items of plant threatened by fire, with hazards from potential loss of containment; (c) rapid release of limited duration, due to plant failure, for example, fracture of pipe, with hazards from a toxic cloud, limited in size, which may quickly disperse; (d) massive release of a toxic substance due to failure of a large storage or process vessel, an uncontrollable chemical reaction and failure of safety systems, with the exposure hazard affecting a wide area.
The assessment of possible incidents should produce a report indicating: (a) the worst events considered; (b) the route of those worst events; (c) the timescale to lesser events along the way; (d) the size of lesser events if their development is halted; (e) the relative likelihood of events; and (f) the consequences of each event. This report may be part of the hazard assessment report or may be a separate exercise produced specifically for the purposes of emergency planning.
The following elements should be included in an on-site emergency plan: (a) proper alarm and communication mechanisms; (b) appointment of personnel; these include: (i) the site incident controller who will take care of the area around the incident when the emergency occurs and who will arrange the required rescue operations and (ii) a site main controller who will direct operations from the emergency control centre after relieving the site incident controller of the responsibility for overall control; and (c) details of the emergency control centres.
Off-site emergency planning takes care of the area outside the works. The responsibility for the off-site plan will be likely to rest either with the works management or, as is the case under European Community legislation, with the local authority. Aspects to be included in an off-site emergency plan are as follows.
(i) Organization: details of command structure, warning systems, implementation procedures, emergency control centres; names and appointments of incident controller, site main controller, their deputies, and other key personnel.
(ii) Communications: identification of personnel involved, communication centre, call signs, network, lists of telephone numbers.
(iii) Specialized emergency equipment: details of availability and location of heavy lifting gear, bulldozers, specified fire-fighting equipment, fire boats.
(iv) Specialized knowledge: details of specialist bodies, firms and people upon whom it may be necessary to call, for example, those with specialized chemical knowledge, laboratories.
(v) Voluntary organizations: details of organizers, telephone numbers, resources, etc.
(vi) Chemical information: details of the hazardous substances stored or processed on each site and a summary of the risks associated with them.
(vii) Meteorological information: arrangements for obtaining details of weather conditions prevailing at the time and weather forecasts.
(viii) Humanitarian arrangements: transport, evacuation centres, emergency feeding, treatment of injured, first aid, ambulances, temporary mortuaries.
(ix) Public information: arrangements for (a) dealing with the media press office and (b) informing relatives, etc.
(x) Assessment: arrangements for (a) collecting information on the causes of the emergency and (b) reviewing the efficiency and effectiveness of all aspects of the emergency plan.