To contact us:

PS -

US

- WP

- 045

-01

CHILWORTH TECHNOLOGY, INC.Chilworth Technology, a DEKRA company, helps its clients achieve enabling and sustainable Process Safety Management programs, Process Safety Proficiency (competency, know-how, and experience), and a culture that encourages excellence in process safety. Our full range of services includes:

Process Safety Management (PSM) Programs• Design and creation of relevant PSM programs• Support the implementation, monitoring, and sustainability of PSM programs• Audit existing PSM programs, comparing with best practices around the world • Correct and improve deficient programs

Process Safety Information (Laboratory Testing)• Flammability/combustibility properties of dusts, gases, vapors, mists, and hybrid atmospheres• Chemical reaction hazards and chemical process optimization (reaction and adiabatic calorimetry RC1, ARC, VSP, Dewar)• Thermal instability (DSC, DTA, and powder specific tests)• Energetic materials, explosives, propellants, pyrotechnics to DOT, UN, etc. protocols• Regulatory testing: REACH, UN, CLP, ADR, OSHA, DOT• Electrostatic testing for powders, liquids, process equipment, liners, shoes, FIBCs

Specialist Consulting (technical/engineering)• Dust, gas, and vapor flash fire and explosion hazards• Electrostatic hazards, problems, and applications• Reactive chemical, self-heating, and thermal instability hazards• Hazardous area classification• Mechanical equipment ignition risk assessment• Transport & classification of dangerous goods

Chilworth serves clients throughout the agrochemical, chemical, engineering, food processing, government, insurance/le-gal, metals, oil/gas, pharmaceutical, plastics, rubber and other industries. Chilworth has offices throughout North America, Europe, and Asia. For more information about Chilworth, visit www.chilworth.com.

Hazards Control & Assess-CHEMICAL PLANT VULNERABILITY

Richard W. Prugh

Richard W. Prugh, M.S.Ch.E., CSP, PE (Engineering and Fire Protection), Mr. Prugh is the Principal Process Safety Specialist at Chilworth and provides process safety engineering expertise to clients at large and small plants, to improve the safety of manufacturing and operations for multiple industries. During his career with the Du Pont Company, he was involved in instrument engineering, explosion-hazards testing, explosives manufacturing and testing, pilot-plant supervision, organic-chemicals research, safety and fire protection audits, and process-safety consulting. Since 1985, he has provided process safety services to chemical and petrochemical plants in thirty-two states and in twenty foreign countries. He is the author of “Guidelines for Vapor Release Mitigation” and 25 presentations to Loss Prevention Symposia, and he prepared the “Toxicity” section for the 8th edition of “Perry’s Chemical Engineers’ Handbook” and the “Safety” sections for three encyclopedias. His experience involved overseeing the safety analyses of nerve-gas destruction plants and auditing the safety status of a dozen off-shore installations, including evaluation of management and employee safety culture.

CHEMICAL PLANT VULNERABILITYCONSIDERATION OF “PROACTIVE” METHODS WHEN PROTECTING HAZARDOUS-MATERIALS ASSETSRichard W. Prugh, PE, CSP, Principal Process Safety Engineer

Introduction For several decades, there have been increasing corporate “self-preservation” efforts – such as Process Hazards Analysis, and self-audits – to prevent injuries and property loss from incidents in chemical plants that involve releases of hazardous materials and events such as runaway reactions. There also have been externally-imposed requirements for protection of employees [OSHA PSM] and for the protection of the public and the environment [EPA RMP]. It is now becoming more apparent that similar efforts are needed to protect chemical plants and their employees from more-insidious internal threats [sabotage] and external threats [terrorism]. This webinar will present guidelines for reducing the vulnerability of such threats to site employees, to the plant infra-structure, and to plant equipment. With decreased on-site vulnerability, the surrounding public and the environment also would be better-protected.

Of particular importance are the protection of “safety-critical” process-control devices, protection of pressurized containers of hazardous materials, and engineering and administrative measures to prevent unauthorized changes to programmable electronic systems [cyber security]. The following discussion follows the outline for Security Vulnerability Analysis that is presented in the publication of the Center for Chemical Process Safety [Reference 1].

> France : info-fr@chilworthglobal.com

> Netherlands : info-nl@chilworthglobal.com

> India : info-in@chilworthglobal.com

> Italy : info-it@chilworthglobal.com

> Germany : exam-info@dekra.com

> Spain : info-es@chilworthglobal.com

> UK : info-uk@chilworthglobal.com

> USA : safety-usa@chilworthglobal.com

> China : info-cn@chilworthglobal.com

> Wallonia : info-be@chilworthglobal.com

Security-Vulnerability AuditsOne or more individuals should perform an audit of the existing security features of a site. This would include a study of the precautions that are taken for individuals and vehicles entering the plant, a tour around the inside and outside of the site boundary, study of line-of-sights from outside the boundary toward storage tanks of hazardous materials, and an expert review of PHAs of processes, to verify the absence of vulnerability to loss of utilities and to inadvertent or deliberate process upsets.

References1. Center for Chemical Process Safety [AIChE], “Guidelines for Analyzing and Managing the Security

Vulnerabilities of Fixed Chemical Sites” (2003).

2. International Society of Automation [ISA], “Industrial Automation and Control Systems (AICS) Security”, ISA/IEC 62443; formerly ISA99 (2015; some sections are under development).

Facility Characterization for the Security of Hazardous MaterialsIt is most important that every hazardous material on-site be well-protected from intentional release, whether by merely opening a valve or by causing rupture of a container. The risk associated with release would depend on the type of hazard – fire, flash fire, explosion, or toxicity – and the quantity that could be released. Thus, an injury-causing fire hazard usually would involve thousands of gallons of a flammable liquid, or hundreds of pounds of a liquefied flammable gas. A hazardous flash fire could result from a release of a few gallons of flammable vapor or a few pounds of a flammable gas. An explosion hazard usually would involve a few dozen cubic feet of a mixture of flammable gas or vapor and air, a few gallons of a reactive mixture, or a few pounds of a solid explosive. A toxicity hazard might involve release of a few pounds of a low-toxicity gas, vapor, or dust or a few grams of a high-toxicity material. Thus, a first step in characterizing the vulnerability of a chemical plant would be to list the flammable, toxic, reactive, and explosive materials and the quantities that are typically on-site. The next step would be to determine how well-protected the containers and containment systems of such materials are from “mischief” or malicious intent. An evaluation of site security would provide an estimate of the “ease of access” to containers or locations of hazardous materials. This would involve the physical security of the site, as would be provided by perimeter fencing, well-controlled gates, and monitoring of the areas along the fence. Site security is particularly difficult when a plant is located on a river or in a coastal area, since there may be floodplain, high-tide, or easement restrictions concerning installation of fencing along a shoreline.

Another type of site vulnerability could involve the theft of materials, and this could range from precious metals that might be used as catalysts, to chemicals that could be used to manufacture explosives or toxic materials, including toxins for the environment. Thus, such materials should be included in the listing of “assets” that might be subjected to a threat from inside or outside the site boundaries.

During periods when road or railway gates are open, entry through the gates should be controlled by guards or other personnel who have authority to stop unauthorized access. It is important that guards have continuous radio communication with site management and/or a continuously-attended station, to warn of an impending dangerous security violation. In relatively rare situations, it may be advisable to station armed guards at or near entry points into the plant, depending on the surrounding security or political environment.

Risk Assessment for Hazardous MaterialsAn important part of a Security Vulnerability study is an assessment of risk, in terms of hazard, exposure to threat, and the consequences of an incident occurrence. Thus, the listing of the flammable, reactive, and explosive materials and the typical inventory should include the locations where such materials are within the plant. For example, storage locations along or near the site boundary usually would be at much greater risk than locations well inside the plant. However, the consequences of threat occurrence might be more severe for a location inside the plant (due to population densities). Therefore, a risk assessment would include the following:

a. Identity and character of the hazardous material, including flammability, explosibility, reactivity, pyrophoricity, and toxicity, with consideration of materials that would be inherently safer;

b. Typical or maximum quantity/inventory of the hazardous material, with consideration of reduced quantities because of volatility, employee population near storage locations, and wind direction;

c. The existing storage conditions and material state, such as indoor, outdoor, or underground location, water-spray protection, protection of liquefied-gas tanks, and dike protection for liquids, with consideration of improved storage and protection;

d. Storage or use location of the hazardous material, including distance to the site boundary, and limitations on day-tank and drum storage in operating areas, with considerations of storage re-location; and

e. Existing protection against malicious threats, including site-entry requirements, procedures for telephoned or email threats, and cyber hacking, with consideration of improved methods of protection against such threats.

For the use of persons who are responsible for minimizing security threats, it would be helpful to identify the locations of hazardous-materials storage and use. However, the distribution of such a map should be limited and closely-controlled, to prevent its misuse.

Countermeasures against Threats to Hazardous MaterialsThe objectives of countermeasures are to identify possible source(s) of the attack and to prevent or deter a malicious attack on the site’s assets, to detect an attack if it were to occur, to identify the source of the attack and/or immobilize or delay the escape of the attacker until the appropriate authorities can arrive and intervene.

Hazardous-materials “assets” can be protected by “pro-active”, “passive”, and “active” methods. Methods for “pro-active” protection would include the use of less-hazardous materials, smaller quantities of hazardous materials, “fail-safe” design of processes, and emergency systems such as shutdown interlocks and overpressure protection.

Among the “passive” methods are fencing around individual containers of flammable and toxic materials, with locked access gates. In some cases, concrete barriers [walls and/or shells] or underground storage might be needed to protect large tanks of hazardous materials – such as chlorine – from attack by rifle fire or other munitions at long range. Where roadways or railways pass near containers of hazardous materials, reinforced-concrete bollards, or crash-resistant barricades might be required. Passive methods also include locks on drain valves at tanks [and dikes] and/or pipe caps on drains.

“Active” methods include closed-circuit television with motion detection, frequent patrols of the fenceline, visible passes [with photographs] worn by all personnel within the site boundaries, flammable-gas and flammable-vapor detection and alarm systems, and toxic-gas detection and alarm systems. This also would include searches of all personnel entering the site, with metal detectors and/or “pat-down”, and thorough searches of all passenger vehicles and small trucks entering the site. Active methods also include thorough background checks or “vetting” of contractors’ employees and all service employees.

Countermeasures against vulnerability threats also includes the appropriate responses to malicious releases of hazardous materials. The site should have an alarm system that warns the site occupants that an emergency situation has developed, and all personnel should be well-trained in the appropriate responses to such an alarm. The site’s emergency-response team should be equipped and trained to respond to releases of flammable liquids and gases and to releases of toxic materials, and this would include the rescue of persons who are not accounted-for at assembly points. Members of the local fire and police departments and ambulance services should be made aware of the site’s hazardous materials, so that they would be prepared to assist the site in responding to likely or possible hazardous-release scenarios.

An important vulnerability hazard is the entry of large delivery trucks into the site. Delivery trucks should be required to stop outside the site boundary until a thorough check can be made concerning the origin of the truck, verification of all of the contents of the truck against purchases of the materials, and the proper identification of the driver. The travel of the truck into the plant ideally should be physically limited – by fences or other barricades – to a route directly from the plant gate to the delivery point, such as a warehouse or an unloading dock, to prevent entry into processing areas. Similar precautions should be taken for “empty” bulk trucks and rail cars that enter the plant to receive the site’s products. It may be advisable to install derailers outside the site boundary, to prevent unauthorized entry to the site.

Facility Characterization for the Security of Other AssetsThere may be other vulnerability threats to a chemical plant. They could include electrical-power supplies and other utilities such as natural gas, fire-protection systems, process-control systems, and potable-water, process-water, and cooling-water supplies. Chemical processes – and particularly chemical reactions – should be acceptably “immune” to loss of utilities, as determined by an appropriate Process Hazards Analysis and “fail-safe” control systems. Stand-by power systems may be needed for some safety-critical items such as reactor agitators and cooling-water pumps.

Risk Assessment for Process-Control SystemsThe site’s control of process hazards – as evaluated by Process Hazards Analysis [PHA] – should include protection against deliberate impairment of process-control systems. The PHA should identify “safety-critical” devices and systems, and the consequences of failures (deliberate impairments) of such devices and systems. This would include electronic controllers, the sensors that provide input to control systems, and the process-control elements such as valves, pumps, switches, fans and blowers, and other powered devices. The PHA should show how the safety-critical devices and systems have real-time protection against deliberate impairment, as contrasted with periodic and relatively-infrequent inspections and tests.

Countermeasures against Threats to Process-Control SystemsSafety-critical safety devices and systems should be protected against deliberate impairment by one or more layers of security. In addition to site security, process-area security should be provided by sign-in of entrants including contractors, service providers, and visitors. Service providers and visitors should be escorted into process areas, and employees should be vigilant concerning unusual, out-of-scope, and hazardous activities of contractors. Further, individual components of process-control and emergency systems may need to be protected by locks, mechanical guards, or other devices that would prevent or deter impairment or prevent access. This would include locked-open shutoff valves in utilities supplies and fire-protection systems; locked doors to instrument, analytical, and electronics rooms; locked-closed bypass valves around process-control valves; locked-open valves in pressure-control piping; restricted access to explosion vents and rupture disks, locked-closed or capped drain valves in process piping and at storage tanks; and locked doors to storage rooms containing explosive or refrigerated materials, or liquefied toxic gases. Depending on an evaluation of the consequences, the doors to electrical/motor control rooms should be locked, and valves in natural-gas supplies should be locked open. Also, depending on their critical nature on process control, block valves at pressure, flow, level, and analytical instruments should be locked open. The evaluation would determine the possible negative effects of locking valves on the safety of processes that would be affected by inability to quickly change the position of such valves or to access switchgear.

The process-control systems on a plant should be well-isolated from outside interference, such as might result from “cyber-hacking” into the system. Ideally, there would be no possibility of control of a process from outside the plant, and only indications of process conditions could be transmitted outside the plant. The site’s Management of Change procedure should apply to significant changes to control systems, including alarm and interlock settings. A previous standard on cyber security is being updated and revised [Reference 2].

Facility Characterization for the Security of Hazardous MaterialsIt is most important that every hazardous material on-site be well-protected from intentional release, whether by merely opening a valve or by causing rupture of a container. The risk associated with release would depend on the type of hazard – fire, flash fire, explosion, or toxicity – and the quantity that could be released. Thus, an injury-causing fire hazard usually would involve thousands of gallons of a flammable liquid, or hundreds of pounds of a liquefied flammable gas. A hazardous flash fire could result from a release of a few gallons of flammable vapor or a few pounds of a flammable gas. An explosion hazard usually would involve a few dozen cubic feet of a mixture of flammable gas or vapor and air, a few gallons of a reactive mixture, or a few pounds of a solid explosive. A toxicity hazard might involve release of a few pounds of a low-toxicity gas, vapor, or dust or a few grams of a high-toxicity material. Thus, a first step in characterizing the vulnerability of a chemical plant would be to list the flammable, toxic, reactive, and explosive materials and the quantities that are typically on-site. The next step would be to determine how well-protected the containers and containment systems of such materials are from “mischief” or malicious intent. An evaluation of site security would provide an estimate of the “ease of access” to containers or locations of hazardous materials. This would involve the physical security of the site, as would be provided by perimeter fencing, well-controlled gates, and monitoring of the areas along the fence. Site security is particularly difficult when a plant is located on a river or in a coastal area, since there may be floodplain, high-tide, or easement restrictions concerning installation of fencing along a shoreline.

Another type of site vulnerability could involve the theft of materials, and this could range from precious metals that might be used as catalysts, to chemicals that could be used to manufacture explosives or toxic materials, including toxins for the environment. Thus, such materials should be included in the listing of “assets” that might be subjected to a threat from inside or outside the site boundaries.

During periods when road or railway gates are open, entry through the gates should be controlled by guards or other personnel who have authority to stop unauthorized access. It is important that guards have continuous radio communication with site management and/or a continuously-attended station, to warn of an impending dangerous security violation. In relatively rare situations, it may be advisable to station armed guards at or near entry points into the plant, depending on the surrounding security or political environment.

Risk Assessment for Hazardous MaterialsAn important part of a Security Vulnerability study is an assessment of risk, in terms of hazard, exposure to threat, and the consequences of an incident occurrence. Thus, the listing of the flammable, reactive, and explosive materials and the typical inventory should include the locations where such materials are within the plant. For example, storage locations along or near the site boundary usually would be at much greater risk than locations well inside the plant. However, the consequences of threat occurrence might be more severe for a location inside the plant (due to population densities). Therefore, a risk assessment would include the following:

a. Identity and character of the hazardous material, including flammability, explosibility, reactivity, pyrophoricity, and toxicity, with consideration of materials that would be inherently safer;

b. Typical or maximum quantity/inventory of the hazardous material, with consideration of reduced quantities because of volatility, employee population near storage locations, and wind direction;

c. The existing storage conditions and material state, such as indoor, outdoor, or underground location, water-spray protection, protection of liquefied-gas tanks, and dike protection for liquids, with consideration of improved storage and protection;

d. Storage or use location of the hazardous material, including distance to the site boundary, and limitations on day-tank and drum storage in operating areas, with considerations of storage re-location; and

e. Existing protection against malicious threats, including site-entry requirements, procedures for telephoned or email threats, and cyber hacking, with consideration of improved methods of protection against such threats.

For the use of persons who are responsible for minimizing security threats, it would be helpful to identify the locations of hazardous-materials storage and use. However, the distribution of such a map should be limited and closely-controlled, to prevent its misuse.

Countermeasures against Threats to Hazardous MaterialsThe objectives of countermeasures are to identify possible source(s) of the attack and to prevent or deter a malicious attack on the site’s assets, to detect an attack if it were to occur, to identify the source of the attack and/or immobilize or delay the escape of the attacker until the appropriate authorities can arrive and intervene.

Hazardous-materials “assets” can be protected by “pro-active”, “passive”, and “active” methods. Methods for “pro-active” protection would include the use of less-hazardous materials, smaller quantities of hazardous materials, “fail-safe” design of processes, and emergency systems such as shutdown interlocks and overpressure protection.

Among the “passive” methods are fencing around individual containers of flammable and toxic materials, with locked access gates. In some cases, concrete barriers [walls and/or shells] or underground storage might be needed to protect large tanks of hazardous materials – such as chlorine – from attack by rifle fire or other munitions at long range. Where roadways or railways pass near containers of hazardous materials, reinforced-concrete bollards, or crash-resistant barricades might be required. Passive methods also include locks on drain valves at tanks [and dikes] and/or pipe caps on drains.

“Active” methods include closed-circuit television with motion detection, frequent patrols of the fenceline, visible passes [with photographs] worn by all personnel within the site boundaries, flammable-gas and flammable-vapor detection and alarm systems, and toxic-gas detection and alarm systems. This also would include searches of all personnel entering the site, with metal detectors and/or “pat-down”, and thorough searches of all passenger vehicles and small trucks entering the site. Active methods also include thorough background checks or “vetting” of contractors’ employees and all service employees.

Countermeasures against vulnerability threats also includes the appropriate responses to malicious releases of hazardous materials. The site should have an alarm system that warns the site occupants that an emergency situation has developed, and all personnel should be well-trained in the appropriate responses to such an alarm. The site’s emergency-response team should be equipped and trained to respond to releases of flammable liquids and gases and to releases of toxic materials, and this would include the rescue of persons who are not accounted-for at assembly points. Members of the local fire and police departments and ambulance services should be made aware of the site’s hazardous materials, so that they would be prepared to assist the site in responding to likely or possible hazardous-release scenarios.

An important vulnerability hazard is the entry of large delivery trucks into the site. Delivery trucks should be required to stop outside the site boundary until a thorough check can be made concerning the origin of the truck, verification of all of the contents of the truck against purchases of the materials, and the proper identification of the driver. The travel of the truck into the plant ideally should be physically limited – by fences or other barricades – to a route directly from the plant gate to the delivery point, such as a warehouse or an unloading dock, to prevent entry into processing areas. Similar precautions should be taken for “empty” bulk trucks and rail cars that enter the plant to receive the site’s products. It may be advisable to install derailers outside the site boundary, to prevent unauthorized entry to the site.

Facility Characterization for the Security of Other AssetsThere may be other vulnerability threats to a chemical plant. They could include electrical-power supplies and other utilities such as natural gas, fire-protection systems, process-control systems, and potable-water, process-water, and cooling-water supplies. Chemical processes – and particularly chemical reactions – should be acceptably “immune” to loss of utilities, as determined by an appropriate Process Hazards Analysis and “fail-safe” control systems. Stand-by power systems may be needed for some safety-critical items such as reactor agitators and cooling-water pumps.

Risk Assessment for Process-Control SystemsThe site’s control of process hazards – as evaluated by Process Hazards Analysis [PHA] – should include protection against deliberate impairment of process-control systems. The PHA should identify “safety-critical” devices and systems, and the consequences of failures (deliberate impairments) of such devices and systems. This would include electronic controllers, the sensors that provide input to control systems, and the process-control elements such as valves, pumps, switches, fans and blowers, and other powered devices. The PHA should show how the safety-critical devices and systems have real-time protection against deliberate impairment, as contrasted with periodic and relatively-infrequent inspections and tests.

Countermeasures against Threats to Process-Control SystemsSafety-critical safety devices and systems should be protected against deliberate impairment by one or more layers of security. In addition to site security, process-area security should be provided by sign-in of entrants including contractors, service providers, and visitors. Service providers and visitors should be escorted into process areas, and employees should be vigilant concerning unusual, out-of-scope, and hazardous activities of contractors. Further, individual components of process-control and emergency systems may need to be protected by locks, mechanical guards, or other devices that would prevent or deter impairment or prevent access. This would include locked-open shutoff valves in utilities supplies and fire-protection systems; locked doors to instrument, analytical, and electronics rooms; locked-closed bypass valves around process-control valves; locked-open valves in pressure-control piping; restricted access to explosion vents and rupture disks, locked-closed or capped drain valves in process piping and at storage tanks; and locked doors to storage rooms containing explosive or refrigerated materials, or liquefied toxic gases. Depending on an evaluation of the consequences, the doors to electrical/motor control rooms should be locked, and valves in natural-gas supplies should be locked open. Also, depending on their critical nature on process control, block valves at pressure, flow, level, and analytical instruments should be locked open. The evaluation would determine the possible negative effects of locking valves on the safety of processes that would be affected by inability to quickly change the position of such valves or to access switchgear.

The process-control systems on a plant should be well-isolated from outside interference, such as might result from “cyber-hacking” into the system. Ideally, there would be no possibility of control of a process from outside the plant, and only indications of process conditions could be transmitted outside the plant. The site’s Management of Change procedure should apply to significant changes to control systems, including alarm and interlock settings. A previous standard on cyber security is being updated and revised [Reference 2].

To contact us:

PS -

US

- WP

- 045

-01

CHILWORTH TECHNOLOGY, INC.Chilworth Technology, a DEKRA company, helps its clients achieve enabling and sustainable Process Safety Management programs, Process Safety Proficiency (competency, know-how, and experience), and a culture that encourages excellence in process safety. Our full range of services includes:

Process Safety Management (PSM) Programs• Design and creation of relevant PSM programs• Support the implementation, monitoring, and sustainability of PSM programs• Audit existing PSM programs, comparing with best practices around the world • Correct and improve deficient programs

Process Safety Information (Laboratory Testing)• Flammability/combustibility properties of dusts, gases, vapors, mists, and hybrid atmospheres• Chemical reaction hazards and chemical process optimization (reaction and adiabatic calorimetry RC1, ARC, VSP, Dewar)• Thermal instability (DSC, DTA, and powder specific tests)• Energetic materials, explosives, propellants, pyrotechnics to DOT, UN, etc. protocols• Regulatory testing: REACH, UN, CLP, ADR, OSHA, DOT• Electrostatic testing for powders, liquids, process equipment, liners, shoes, FIBCs

Specialist Consulting (technical/engineering)• Dust, gas, and vapor flash fire and explosion hazards• Electrostatic hazards, problems, and applications• Reactive chemical, self-heating, and thermal instability hazards• Hazardous area classification• Mechanical equipment ignition risk assessment• Transport & classification of dangerous goods

Chilworth serves clients throughout the agrochemical, chemical, engineering, food processing, government, insurance/le-gal, metals, oil/gas, pharmaceutical, plastics, rubber and other industries. Chilworth has offices throughout North America, Europe, and Asia. For more information about Chilworth, visit www.chilworth.com.

Hazards Control & Assess-CHEMICAL PLANT VULNERABILITY

Richard W. Prugh

Richard W. Prugh, M.S.Ch.E., CSP, PE (Engineering and Fire Protection), Mr. Prugh is the Principal Process Safety Specialist at Chilworth and provides process safety engineering expertise to clients at large and small plants, to improve the safety of manufacturing and operations for multiple industries. During his career with the Du Pont Company, he was involved in instrument engineering, explosion-hazards testing, explosives manufacturing and testing, pilot-plant supervision, organic-chemicals research, safety and fire protection audits, and process-safety consulting. Since 1985, he has provided process safety services to chemical and petrochemical plants in thirty-two states and in twenty foreign countries. He is the author of “Guidelines for Vapor Release Mitigation” and 25 presentations to Loss Prevention Symposia, and he prepared the “Toxicity” section for the 8th edition of “Perry’s Chemical Engineers’ Handbook” and the “Safety” sections for three encyclopedias. His experience involved overseeing the safety analyses of nerve-gas destruction plants and auditing the safety status of a dozen off-shore installations, including evaluation of management and employee safety culture.

CHEMICAL PLANT VULNERABILITYCONSIDERATION OF “PROACTIVE” METHODS WHEN PROTECTING HAZARDOUS-MATERIALS ASSETSRichard W. Prugh, PE, CSP, Principal Process Safety Engineer

Introduction For several decades, there have been increasing corporate “self-preservation” efforts – such as Process Hazards Analysis, and self-audits – to prevent injuries and property loss from incidents in chemical plants that involve releases of hazardous materials and events such as runaway reactions. There also have been externally-imposed requirements for protection of employees [OSHA PSM] and for the protection of the public and the environment [EPA RMP]. It is now becoming more apparent that similar efforts are needed to protect chemical plants and their employees from more-insidious internal threats [sabotage] and external threats [terrorism]. This webinar will present guidelines for reducing the vulnerability of such threats to site employees, to the plant infra-structure, and to plant equipment. With decreased on-site vulnerability, the surrounding public and the environment also would be better-protected.

Of particular importance are the protection of “safety-critical” process-control devices, protection of pressurized containers of hazardous materials, and engineering and administrative measures to prevent unauthorized changes to programmable electronic systems [cyber security]. The following discussion follows the outline for Security Vulnerability Analysis that is presented in the publication of the Center for Chemical Process Safety [Reference 1].

> France : info-fr@chilworthglobal.com

> Netherlands : info-nl@chilworthglobal.com

> India : info-in@chilworthglobal.com

> Italy : info-it@chilworthglobal.com

> Germany : exam-info@dekra.com

> Spain : info-es@chilworthglobal.com

> UK : info-uk@chilworthglobal.com

> USA : safety-usa@chilworthglobal.com

> China : info-cn@chilworthglobal.com

> Wallonia : info-be@chilworthglobal.com

Security-Vulnerability AuditsOne or more individuals should perform an audit of the existing security features of a site. This would include a study of the precautions that are taken for individuals and vehicles entering the plant, a tour around the inside and outside of the site boundary, study of line-of-sights from outside the boundary toward storage tanks of hazardous materials, and an expert review of PHAs of processes, to verify the absence of vulnerability to loss of utilities and to inadvertent or deliberate process upsets.

References1. Center for Chemical Process Safety [AIChE], “Guidelines for Analyzing and Managing the Security

Vulnerabilities of Fixed Chemical Sites” (2003).

2. International Society of Automation [ISA], “Industrial Automation and Control Systems (AICS) Security”, ISA/IEC 62443; formerly ISA99 (2015; some sections are under development).