Recent Developments towards Enhancing Process Safety: Inherent Safety and Cognitive Engineering

Safety is one of the critical operability issues and a prerequisite foundation for the prosperity of any process. It needs to be thoroughly respected, planned and maintained during all phases of product and process development, operation and even during the dismantling and salvaging of processes at the end of their life. Considering safety issues during the synthesis and design of processes is especially important, since their implementation at this early step is the most efficient and the least costly. With respect to different strategies, sequential and simultaneous ones can be applied, the former being prevalent in engineering practice. However, considering safety issues simultaneously during the synthesizing and designing processes could lead to significantly safer designs. Safety can be improved during the design phase by applying various direct and indirect measures. An example of direct measures would be performing synthesis of a process scheme simultaneously with a risk analysis in order to foster the inherent safety of the design. Simultaneous consideration of other operability issues like availability, reliability and controllability would also be appreciated, since this would indirectly increase the safety of the plant. The following mixed-integer program (S-MINLP) is therefore suggested for performing synthesis of safer and more operable process flowsheets: maxz=cTy+fxs.thx=0gx≤0By+Cx≤bS-MINLPRiskxy≤0Operxyi≤0x∈X=x∈Rn:xLO≤xUPy∈Y=01m Any inherent safety increase directly contributes to an increase in process safety. Relying solely on a control system is quite problematic, since every control system has its gaps during any deviation event. Moreover, the significant rate (by some estimates, over 80%) of accidents is a consequence of human error, regardless of any cutting-edge control system. Therefore, minimizing inherent risk is one of the substantial aspects of the process planning. The main factors related to inherent safety are the amount and type of the various substances present in the equipment, and the quality (reliability) of the equipment used. Decisions about these factors are usually made at an early stage of planning; therefore, inherent safety should be assessed simultaneously with the taking of those decisions, since later changes might be difficult or impossible to implement. In the case of a small-scale Heat Exchanger Network (Nemet et al., 2017), a significantly safer design was obtained while keeping economic performance at a similar level (the risk was halved, while the Net Present Value expense was negligible). This was made possible by the selection of compact heat exchangers that contain lower amounts of substances and, hence, less risk for the same amount of heat exchange. When the approach was applied to a larger scale integration of different plants via a central utility system (Total Site), improved safety was obtained only by making a significant compromise in the economic performance (obtaining a design that was twice as safe led to a 23% increase in TAC). A similar conclusion was reached after synthesis of a methanol production process (30% better risk performance was achieved at the cost of a 27% profit decrease). It is interesting to note that the safer design was obtained at the cost of lower overall process conversion, because the lower recycle rate leads to smaller process units containing lower quantities of the risky substances. There are certainly varied challenges to be considered in the future, e.g. those related to other trade-offs, besides that of economics vs. safety. Moreover, the challenge of selecting numerous pieces of equipment might be too high, since risk assessment of all of them may not be possible. Note also that inherent safety can be limited to each individual unit separately or to the process as a whole. Limiting it to individual units would lead to processes with a higher number of smaller sized units, while limiting it to processes would favor flowsheets with fewer numbers of units, each carrying higher risk. Furthermore, the economy of scale directs the economics-safety trade-off towards larger, hence more risky, processes, while on the other hand, the risk can be decreased for smaller processes with compact, high fidelity equipment. The inherent risk assessment could also serve for the selection of safer raw materials, technologies and products in order to upgrade production sustainability. Chemical process industries routinely handle hazardous materials that are associated with inherent risk. Abnormalities may lead to incidents with varying consequences – from near-misses, to catastrophic accidents. Various layers of protection are usually deployed to reduce the likelihood of abnormal conditions, or to reduce the severity of their consequences. Even among the various layers of protection deployed in the plant, the role of humans through timely and correct action is critical to ensure proper functioning. Conversely, human error can lead to system failures. Moreover, such dependence on humans to ‘actively’ ensure safety is pervasive. Perhaps because of the belief that human error is inevitable and unpredictable, or that advances in automation will diminish the need for human intervention, the domain of human error has received limited attention. However, various studies across numerous domains, including the chemical industry, have established that human error accounts for over 70% of all accidents today. Human errors can be grouped into various categories, one important category being cognitive errors, i.e., failures in problem solving. Cognitive errors, especially those made during abnormal situations, can be classified into errors in interpretation (incorrect problem identification), decision making (incorrect selection of task to compensate for the problem), or task planning (incorrect formulation of the sequence of actions based on problem constraints). All of these modes require the operator to utilize a mental model of the plant behavior (which is time-varying) and its state (also dynamic). Any mismatch between the plant's condition and the operator's conception is the precursor to cognitive error. Hence, inference of such cognitive mismatches would engender a strategy to prevent human error. Our research has sought to utilize cognitive sensors such as eye trackers to reveal the current focus of attention and the cognitive strategies among control room operators as they operate a (simulated) plant. Modern day, commercial, off-the-shelf eye trackers provide a non-invasive, moment-by-moment assessment of thought processes with millisecond scale temporal resolution, while the operator is seated comfortably in front of a DCS monitor. Our experimental studies with large cohorts of human subjects clearly demonstrate that both the operator's eye gaze and the extent of pupil dilation can offer rich insights into an operator's cognition while dealing with abnormal situations. Specifically, one study found that the gaze distribution of participants on different variables during simulated abnormal situations is related to their performance in handling the situation: participants whose gaze remained longer on uncorrelated variables predominantly failed in handling the situation. Pupillometry has been used to analyze the workload of participants during abnormal scenarios and has established that pupil diameter is a good indicator of cognitive workload during the execution of tasks. The workload of participants who failed in handling an abnormal scenario remained high towards the end, and so did the corresponding pupillary dilation. On the other hand, participants who successfully completed the tasks exhibited consistently decreasing pupil diameter after the first set of corrective actions. In another study, gaze entropy was used to quantify the level of situation awareness of a participant while handling abnormal situations and found that participants with adequate situation awareness looked at only the few variables responsible for the abnormal scenario, which resulted in lower gaze entropy. Lack of situational awareness resulted in the gaze lighting on a relatively large number of variables and thus in a larger value of gaze entropy. Cognitive sensors such as eye trackers have the potential to be used for real-time performance assessment of plant operators; for assessing operator knowledge during training and for developing more user-friendly Human-Machine Interfaces (HMI), as well as for yielding direct insight into how information from various decision support systems, such as advanced control, alarm management, process monitoring and root-cause analysis, are utilized by the operator.