Risk-Based Decision Making for the Management of Change in

Nov 20, 2017 - The approaches for change management usually entail a risk-based decision-making strategy, to verify if the modification of the process...
1 downloads 7 Views 3MB Size
Article Cite This: Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

pubs.acs.org/IECR

Risk-Based Decision Making for the Management of Change in Process Plants: Benefits of Integrating Probabilistic and Phenomenological Analysis Micaela Demichela,*,† Gabriele Baldissone,† and Gianfranco Camuncoli‡ †

Politecnico di Torino, Department of Applied Science and Technology, Corso Duca degli Abruzzi, 24, 1029 Torino, Italy ARIA s.r.l., Corso Mediterraneo, 140, 10129 Torino, Italy



ABSTRACT: Management of changes in the work environment is recognized to be a fundamental part of the safety management, in particular for process plants. The approaches for change management usually entail a risk-based decision-making strategy, to verify if the modification of the process, equipment, or procedure can increase the prior level of risk. Usually the risk assessment in process plants is conducted through the quantitative risk assessment traditional techniques, based on consolidated techniques and widely accepted (as hazard and operability analysis, fault trees, etc.). However, they are static, hardly taking into account time-dependent events, and are carried out separately from the consequence analysis. In recent years, some dynamic risk assessment methodologies have been proposed, supported by process simulation. This paper shows an application of the methodology called integrated dynamic decision analysis, highlighting the benefits of integrating the logical-probabilistic modeling and the phenomenological behavior of a system for the risk-based decision making in case of plant modification. The case study refers to a production plant of formaldehyde, where the reactor cooling system, based on melted salts, had to be switched to a water-based system. With the new plant arrangement, the analysis of the risks in terms of extra management costs, showed a reduction in risks of about 83% for dangerous occurrences, against a risk of plant in emergency for low temperatures, affecting the productivity, increased by 16%. But, mostly important, the analysis allowed for the identification of the more critical sequences of events the system could undergo in terms of probabilities, consequences, and risk, returning an integrated model of the revamped system to be used for the process management, the training of operators, and the technological transfer within the organization. Lawley,8 further developed and applied by other authors9,10 and explained by several guidelines.11 As reported by Dunjó et al.12 across the years HazOp was modified to extend its applicability from continuous plants, for which it was originally conceived, to other plants (e.g., discontinuous plants13,14) and applications (e.g., procedures,15,16 maintenance, and energy saving,17 etc.). (2) Assessment of the probability of occurrence of the identified unwanted events. Fault trees (FT) and event trees (ET) are the most used technique.18 Both FT and ET can be used to evaluate the unwanted event probability, starting from the primary events probability, as in the recent development of Contini et al.19 (3) Analysis of the consequences for the identified scenarios. Several methodologies and approaches are available; the choice depends on the desired accuracy for the results and/or on the initial knowledge of the system under study or of the related environment. Therefore, the chosen methodology can be simple, as the adoption of a severity index, or more complex as the gas dispersion simulation, ranging from

1. INTRODUCTION Management of changes in the work environment is recognized to be a fundamental part of the safety management, in particular for process plants, as recalled and discussed in Gerbec.1 The Seveso directive in Europe2 introduced the management of change process as a legal obligation for process industries, and the same happened for foreign countries like, for example, the USA, with specific regulations and guidelines (40 CFR Part 68.D,3 PSM Standard,4 CCPS PSM elements5). Legislations usually provide only the principles to be followed, while guidelines and textbooks can give an in-depth guidance for the implementation of a procedure for management of changes.6,7 The different proposed approaches have in common a riskbased decision making strategy, since it has to be verified (quantitatively or not) if a process, equipment or procedure change can introduce risks, or at least that they are correctly managed. Focusing on process plants, risk assessment is usually carried out through the consolidated quantitative risk assessment (QRA) approach, made of four steps: (1) Hazard identification. Hazard and operability analysis (HazOp) is one of the most used techniques for hazard identification; it was introduced by © XXXX American Chemical Society

Received: Revised: Accepted: Published: A

August 2, 2017 November 20, 2017 November 20, 2017 November 20, 2017 DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

Figure 1. Graphical representation of the interaction between logical−probabilistic model and phenomenological model.

Gaussian modeling20,21 to CFD, both for toxic releases22 and flammable gas.23 (4) Risk estimation and comparison with the tolerability criteria, and risk-based decision making. Even if the above-described methodologies are consolidated and widely accepted, they suffer of the limitation of being static, thus they can hardly take into account time-dependent events. Therefore, different dynamic risk assessment methodologies were proposed recently. The dynamic analysis can be related to the probability assessment phase, analyzing how the probability of occurrence of subsequent events is affected by the occurrence of previous events. Swaminathan and Smidts24 proposed the use of event sequence diagrams to allow the dynamic simulation; Bucci et al.25 suggested the Markov modeling to build the dynamic Event Tree or Fault Tree; Č epin and Mavko26 proposed the dynamic Fault Tree; and Kalantarnia et al.27 adopted the Bayesian theory in the dynamic risk assessment. In other cases, dynamic analysis is interpreted as the adoption of a process simulator that allows gaining an insight of the evolution of the process condition in time, thus identifying critical transient conditions. A recent review of these approaches can be found in Villa et al.28 and Raoni et al.29 Several tools were developed to generate dynamic event tree, in particular for the nuclear domain (e.g., ADAPT and MCDET), listed in the survey of dynamic methodologies for probabilistic safety assessment of nuclear power plants,30 and RAVEN, developed by Idaho National Laboratory,31 but their integration with deterministic consequence analysis is still an open issue, not yet mature.32 In more recent years a progress has to be recognized, at least in the nuclear domain, where an integration of deterministic and probabilistic modeling has been developed (e.g., linking ADAPT to nuclear power plant simulator as RELAP and MELCOR codes or the RAVEN code) that has been linked to RELAP and MAAP codes. Within others, the Integrated Dynamic Decision Analysis (IDDA), devised by Galvagni,33,34 applied in Piccinini and Demichela35 to a simple case study of an overflowing tank, and in Turja and Demichela36 and Demichela and Camuncoli37 to the risk-based design on an allyl-chloride production plant, and to more complex case studies in Leva et al.38 and Demichela et

al.39 for the evaluation of safety integrity levels or Baldissone et al.40,41 for the risk-based decision-making among competing VOC treatment technologies allows carrying out the risk analysis in a dynamic way, taking into account process time dependent occurrences. IDDA method is based on a logical-probabilistic modeling of the system, integrated with its phenomenological modeling. A scheme of the interaction between logical−probabilistic and phenomenological model is shown in Figure 1. The logical-probabilistic model, based on the general logic theory, is built according to its own syntactic system to shape an enhanced event tree structure, through: (1) the functional analysis of the system and the construction of a list of levels, through questions and affirmations on the functionality of each element. In this way, each level constitutes the elementary matter of the logical model and a node in an event tree (e.g., Figure 2 represents the level number 121, related to the status of a flow rate sensor, named FM02). (2) The construction of a “reticulum” indicating the addresses (subsequent levels) to be

Figure 2. Graphical representation of the logical analyses structure. B

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

Figure 3. Process flow diagram.

Figure 4. Feed section.

allow modifying the run time of the model, fitting it to the current knowledge status. In Figure 2, an example of constraint is shown: in the case of a negative outcome of the reference level (the failure of the flow sensor), it forces the outcome of the level 132, addressing the protection loop FSH01 to the negative one. In fact, in case the sensor should fail, it could not be available neither for the protective device FSH01, that thus will not intervene in the case of very high flow rate. A good starting point for the development of the logicalprobabilistic model can be a functional analysis of the system,

visited, depending on the response in each level. A comment string allows the user to read the logical development of a sequence. Figure 2 shows that the level to be visited in case of correct functioning of the sensor FM02 is level 122 (addressing the status of the flow controller FC02) and in case of fault is level 125 (addressing the status of the complete control loop). (3) The assignation to each level of a probability value, representing the expected degree of occurrence of a failure or an unwanted event (0.0152 in Figure 2), and of an uncertainty ratio, representing the distribution of the probability. (4) The definition of the logical and probabilistic constraints, which C

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

The methanol is extracted from the tank by a pump and sent to the boiler; the flow is dosed depending on the level of the liquid in the boiler. In the boiler, the methanol is vaporized at around 70 °C, through the condensation of low-pressure steam; the flow of required vaporized methanol is controlled through the steam flow rate. A high flow rate switch (FSH01) protects this section: in case of high flow rate, it put the plant in emergency state. After the boiler, the methanol is heated in a heater to around 190 °C. For the methanol partial oxidation, that takes place in the reactor, fresh air is required: it is compressed at the same pressure of the recirculation gases (see Reaction and Separation Section for details). In the case of an unexpected stop of the compressor, the safety system HS01 is activated and the plant is put in emergency. If the airflow decreases more than the 70% of the nominal value, an alarm is activated (FAL02). The compressed air is mixed with the recirculation gases, and a second compressor brings the whole gas flow to the working pressure of around 1.25 ata. The unexpected stop of the compressor activates the safety system HS02, and the plant undergoes an emergency stop. An alarm (FAL03) is activated if the gas flow decreases more than the 85% of the nominal value. After the compression, the gas and the methanol vapors are mixed and enter the heat exchanger REC2, in the heat recovery section. 2.2. Heat Recovery Section. Figure 5 shows a diagram of the heat recovery section.

exploiting also, where available, the information contained in the analysis already carried on with traditional methodologies. The elaboration of the logical−probabilistic model, described in the input file through the IDDA software, returns all the possible sequences of events that the system could undergo, depending on the knowledge disclosed in the input model, together with their probabilities of occurrence. Together with the logical modeling, a phenomenological model has to be prepared in order to describe the physical behavior of the system. The phenomenological model could influence the updating of the logical model generating a better description of the real behavior of the system (i.e., indicating if, after the failure of a particular equipment, the other components are able to compensate its dearth and complete the operation, or if cumulative effects can appear and diverge the system from its normal behavior). The phenomenological model can provide a direct estimation of the consequences for each single sequence in order to obtain a risk estimation, the evaluation of the overall risk of the system, and the expected value of the consequence. The latter is calculated as a weighted average of the consequences, according to their probability. The plant adopted as a case study for the demonstration of I.D.D.A. methodology is devoted to the production of formaldehyde through partial oxidation of methanol.42 The company managers had the intention to modify the reactor cooling system, based on molten salts, because of their disadvantages: delays at startup and shutdown and potential toxicity for workers and environment. The proposed solution, based on the substitution of the molten salts with water, would have introduced a higher complexity in the plant and consequently increased maintenance costs, which the plant managers wanted to verify before authorizing the modification. The plant is described in section 2, while sections 3 and 4 contain the descriptions of the logical-probabilistic model and of the phenomenological one, respectively. In the end, in section 5 the results of the joint analysis are discussed, comparing them with those obtained through the traditional risk assessment of the plant, and thus highlighting the benefit of the integrated approach for the risk-based decision making for the management of change in process plants.

2. CASE STUDY DESCRIPTION The plant under study produces around 10000 kg/h of 30% formaldehyde solution, operating the partial oxidation of methanol with air. Figure 3 represents the scheme of the plant with the modified heat recovery system, based on water. Three main sections can be identified: (1) feed section, (2) heat recovery section, and (3) reaction and separation section. The following paragraphs detail the functions and the protection systems of these plant sections. 2.1. Feed Section. Figure 4 shows a diagram of the feed section. The liquid methanol is stored in a tank pressurized with nitrogen. Low pressure in the tank is prevented through an alarm (PAL01) and a switch (PSL01) that intervene when a decrease in pressure of 2000 Pa and 5000 Pa, respectively, occurs. Furthermore, a safety valve (PSV01) can recover the atmospheric pressure, allowing the air entrance in case of further pressure decrease. The functioning of the safety valve is detected by a sensor, which also activates the emergency state.

Figure 5. Heat recovery section.

The heat recovery section consists of three series of heat exchangers (REC1, REC2, and REC3) that progressively cool down the output product of the reactor. In addition, the intermediate heat exchanger REC2 increases the temperature of the input flow before the reactor. In fact, before entering the reactor, the input fresh gases should reach a temperature of 220 °C: thus, in (REC2), the product exiting from the reactor exchanges its heat directly with the inlet gases, bringing their temperature to the reaction temperature. Heat exchangers REC1 and REC3 recover the heat from the output product too, but they exploit it for boiling and cooling the water, respectively. The reactants gas temperature in REC2 is controlled through the temperature of the product gas exiting from REC1. D

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

Figure 6. Reaction and separation section.

high temperature propagation could reduce the absorption in the column downstream. In case the pressure of the steam in the shell side should increase, the rupture disk D5 intervenes; its activation is detected by a sensor, that put the plant in emergency state. After the reaction, the product is sent again to the heat recovery section, where its temperature is decreased. In the end, the cooled product passes in the absorber, where the formaldehyde is absorbed in water. The absorber is a packaged tower where the water enters at the top and the gases flow counter current. The 70% of the exhaust gas from the absorber is recirculated; the remaining 30% is discharged to a combustor for the VOC removal. The concentration of the formaldehyde in the output liquid phase is controlled by the input water flow: since it is strongly affected by the temperature, the parameters of the input water flow must be strictly monitored. Therefore, the water temperature is controlled by TAH10 or TAL10, which are activated in case of increases or decreases of the water temperature of 10 °C. Other two alarms are present for high and low absorbing water flow rate: FAH10 intervenes when the flow rate is 120% of the nominal value, and FAL10 intervenes at 80% of the nominal value. The temperature is monitored also inside the column: a variation of ±10 °C activates TAH11 or TAL11 alarms. Finally, if the temperature of the exhaust gas exceeds the nominal value of 5 °C, the alarm TAH13 is activated. At the bottom of the column, alarms LAH12 and LAL12 monitor the liquid level. In a cautionary way, in this paper it is assumed that in case of alarm the operator puts the plant in emergency state.

After REC3, the product reaches the absorption temperature (around 67 °C). 2.3. Reaction and Separation Section. Figure 6 shows a diagram of the reaction and separation section. In the reactor, the methanol is converted in formaldehyde. CH3OH +

r1 1 O2 → CH 2O + H 2O 2

A secondary reaction also occurs, which competes with the first one, reducing the yields in formaldehyde: it completes the oxidation to carbon monoxide. The yields are controlled through temperatures. CH 2O +

r2 1 O2 → CO + H 2O 2

The reactor is built as a shell and tube heat exchanger, and the chemical reaction takes place in the tube, thanks to an iron and molybdenum oxide catalyst.42 The gases enter the reactor at around 220 °C and exit at around 290 °C. The heat produced in the reactor by the exothermic oxidation reaction is partially removed through the generation of steam. The temperature in the reactor is controlled by the conditions of the steam produced, through a pressure controller. On the reactor input line, two concentration alarms are present: CAH05 alerts in case of high concentrations of oxygen and CAH06 signals high concentrations of methanol. The reactor is protected against excessively high or low temperatures: beyond 335 °C, the alarm TAH07 is activated, while temperatures higher than 345 °C trigger TAHH07; below 315 °C, the alarm TAL07 is activated, and below 305 °C, TALL07 is activated to avoid production problems. Exceeding the threshold temperatures could damage the catalyst, and the E

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

the formation of a flammable atmosphere, and (3) the reactor overheating. Under the “Productivity affecting occurrences” label, the following events were included: (1) the shutdown of the reactor and (2) an improper absorption of formaldehyde.

3. LOGICAL AND PROBABILISTIC ANALYSIS OF THE PLANT The logical and probabilistic model of the system has been developed according to the procedure described in section 1, modeling how the plant reacts to the failure of the equipment and control systems and to possible operational errors, and then modeling the activation of alarms or safety devices, and their effect on the process in case of correct activation or missing protection. The functional analysis built to support the construction of the logical probabilistic model is summarized in Table 1.

4. PHENOMENOLOGICAL MODEL The model of the plant is based on the mass and energy balance and on the transfer equations at the working conditions of the different components of the plant. In this way, it is possible to evaluate the trend in time of the process variables along the plant, also in case of failure. The whole model was subdivided in three parts, corresponding to the main plant sections: (1) feed section, (2) heat recovery section, and (3) reaction and separation section. The model is described in detail in the Appendix A. The equations describing the phenomenological model were implemented and solved with Matlab. The phenomenological model was interfaced with the logical probabilistic model: a file containing the status of the devices and equipment for each sequence, obtained by IDDA, was inserted in Matlab, which ran the phenomenological model corresponding to each sequence of events. Matlab returned: (1) one file with the simulation of the process behavior for each sequence and (2) one file with the value of the consequences, that was then used by IDDA to calculate the risk. For this case study, the risk is considered in terms of the extra costs required to reactivate the plant, bring back the operation to the normal conditions, cover the material losses due to the unwanted event. These costs were provided by the plant management and are listed in Table 2. The above-described results were generated for each sequence. Sequence number 11595087, where the methanol pump failure occurs, is shown as example (Table 3): its

Table 1. Functional Analysis function 1. Feed section 1.1. CH3OH availability 1.2. N2 availability 1.3. CH3OH feed system 1.4. CH3OH boiler 1.5. CH3OH heater 1.6. Air compressor 1.7. Gas compressor 2. Heat recovery section 2.1. Heat exchanger REC1 2.2. Heat exchanger REC2 2.3. Heat exchanger REC3 3. Reaction and separation section 3.1. Reactor 3.2. Absorber 3.3. Recirculation control 4. Alarm and protective devices 4.1. Alarm 4.2. Active protective devices 4.3. Passive protective devices

Table 2. Elementary Costs Used for Risk Estimation The reliability data and the probability of the different events were extrapolated from Mannan18 and the Centre for Chemical Process Safety,43 or from the plant management. A Bayesian approach is at the basis of the probability calculation along the event trees and its logical and probabilistic constraints, as in Zubair et al.44 The uncertainty on the failure rates was evaluated according to Philipson.45 The failure rates, obtained from the literature sources, are considered as the mean value of a chi-square distribution with 2 degrees of freedom. Once a distribution was determined, in the input file, probability of occurrence and uncertainty ratio were used to characterize each level. The uncertainty ratio is defined as the ratio between the 95 and 5 percentiles of the probability distribution. All the possible sequences of events occurring in the plant, according to the level of knowledge disclosed in the model, were then developed. Each sequence was associated with its probability of occurrence and its uncertainty. The identified consequences were grouped in the following families: (1) plant correctly operating, (2) plant in emergency state, (3) process safety occurrences, and (4) productivity affecting occurrences. Several potential hazardous events were included in the group “process safety occurrences”: (1) depressurization of the methanol tank, (2) an air entrance in the methanol tank, with

operation restore nitrogen supply restore methanol boiler restore methanol heater restore control of recirculation restore air compressor restore gas compressor restore heat exchangers in the heat recovery section restore control temperature system in the reactor restore reactor cooling system restore absorber restore water flow control in absorber input emergency stop product out of specific discharge higher quantity of VOCs manage a reactor high temperature manage tank collapse manage flammable atmosphere in the tank F

estimated costs (€) water-based system

estimated costs (€) molted salts system

2000 10000 10000 2000

2000 10000 10000 2000

2000 2000 10000

2000 2000 10000

2000

2000

10000

50000

20000 2000

20000 2000

100000 200000 1030

200000 200000 1030

200000

200000

250000 250000

250000 250000

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research Table 3. Sample Sequence 11595087 event tree sequence number 11595087 sequence probability: 5.2925 × 10−6 level

probability

cumulative

description

1 50 100 190 70 71 72 73 77 78 74 75 79 84 83 85 86 80 720 721 722 725 81 730 731 735 76 470 471 472 475 1000 1004

1−1.00 × 10−2 1−1.00 × 10−2 6.40 × 10−3

9.90 × 10−1 9.80 × 10−1 6.27 × 10−3 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 0.006273 6.23 × 10−3 6.23 × 10−3 1.87 × 10−4 0.0001869 0.0001869 1.87 × 10−4 5.61 × 10−6 5.61 × 10−6 5.61 × 10−6 5.46 × 10−6 5.46 × 10−6 5.29 × 10−6 5.29 × 10−6 5.29 × 10−6 5.29 × 10−6

Is sufficient methanol present? Yes Is the N2 flow sufficient? Yes Methanol pump? Fault The methanol flow is present? No PSL01 need to work? No PAL01 need to work? No PSV01 need to work? No FSH01 need to work? No HS01 need to work? No HS02 need to work? No FLA03 need to work? No FLA02 need to work? No CAH06 need to work? No TAH13 need to work? No TAH11/TAL11 need to work? No TAH10/TAL10 need to work? No LAH12/LAL12 need to work? No TAH07/TAL07 need to work? Yes TM07? OK TAH07/TAL07? OK Operator acts on TAH07/TAL07? No TAH07/TAL07 system? No TAHH07/TALL07 need to work? Yes TAHH07/TALL07? OK Operator acts on TAHH07/TALL07? No TAHH07/TALL07 system? No CAH05 need to work? Yes CM05? OK CAH05? OK Operator acts on CAH05? Yes CAH05 system? OK - Emergency Plant is emergency state? Yes Plant works correctly? No

1−6.60 × 10−3 1−1.00 × 10−4 3.00 × 10−2

1−1.00 × 10−4 3.00 × 10−2

1−2.68 × 10−2 1−1.00 × 10−4 1−3.00 × 10−2

probability of occurrence is 5.29 × 10−6; the related behavior of the inlet section variables is shown in Figure 7, and the behavior of the reactor variables, with the activation of the alarms, is shown in Figure 8. The consequence associated with this sequence is 110000 € of extra costs, and thus the risk value is 0.58 €. Analogous information is available for all the sequences the system could undergo, dependently on the level of knowledge disclosed in the input file.

could be interested by potential dangerous situations is 5.85 × 10−5; and the probability of productivity problems is 1.10 × 10−3. The probability of air pollution is around 0.015: in this case, the sequences of events causing a higher concentration of VOC in the exhaust gas, not removable for the treatment system, were taken into account. However, this event was not further analyzed because of its low potential impact on the costs. This paper shows the results related to the sequences characterized by a single fault, corresponding to 1986 sequences with a global probability of occurrence of 0.863. Table 5 summarizes the risk analysis results for the abovedescribed sequences. The sequences bringing to a safety issue show a probability of occurrence of 4.6 × 10−5, with a mean extra maintenance cost of 211300 € and a consequent risk value of 9.8 €. Figure 9 shows the probability distribution for the sequences bringing to safety issues. Three of them are critical from the point of view of the likelihood: (1) the cooling water in REC1 is not available and the alarms system are not effective, because of the failure of the temperature meter TM07, that serves the alarms TAH07 and TAHH07, (2) the cooling water in REC1 is not available and the alarms system are not effective because of the missing intervention of the operator on alarms TAH07 and

5. RESULTS The logical−probabilistic model was run to a cutoff value of 3 × 10−13 and in this way 13320902 sequences of events were obtained with a residual probability equal to 2.63 × 10−6. The cut off value, that is the probability below which a sequence is neglected, was chosen to minimize the residual probability based on the available computational resource. In Table 4, the results of the logical−probabilistic model are shown, together with their uncertainties: (1) an overall probability of 0.6 for the plant correctly operating was found, (2) the plant in emergency state has a probability of 0.38; this value is particularly high because, conservatively, any alarm requiring an operator intervention has been assumed equivalent to the emergency state, and (3) the probability that the plant G

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

Figure 7. Power consumed in compression section in case of pump failure (sample sequence 11595087).

Figure 8. Process variable downstream of the reactor (sample sequence 11595087).

TAHH07, and (3) the cooling water in the reactor is not available and the alarms and protective devices are not effective. The sequences bringing to productivity problems have a probability of occurrence of 8.85 × 10−4, with a mean extra maintenance cost of 202000 € and a risk value of 179 €. Figure 10 shows their probability distribution; 4 sequences were identified as more critical from the likelihood point of view. All of them relate to the fault of the water flow control system in the absorber and the malfunction of the alarms system; they just differ for the failed component.

In the end, the emergency condition has a probability of 0.252, with a mean cost of 104600 €, and a risk value of 26300 €. Figure 11 shows the probability distribution for the sequence; also in this case, 4 sequences of events are connoted by higher probabilities, and namely, (1) the gas compressor fails and the alarm system works correctly, (2) the air compressor fails and the alarm system works correctly, (3) high water flow in the absorber, due to control system failure, and the alarm system works correctly, and (4) low water flow in the absorber, due to control system failure, and the alarm system works correctly. H

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

new setup of the plant, allowing a detailed comparison with the current plant operation and maintenance conditions. This complete overview was made possible by the adoption of the integrated analysis of the probabilistic behavior of the plant and its phenomenological behavior, obtained through the IDDA methodology. 5.1. Comparison with the Present Situation. The data available for the plant in the actual configuration were retrieved from the risk assessment already available in the plant, carried out with the traditional QRA, and in particular with the recursive operability analysis and the fault tree for probability quantification. The economic data of the extra-maintenance costs are shown in Table 2, in fact the two plant configurations mainly differ for the cost and time at startup and shutdown, and for the costs related to the molten salts substitution. Table 6 shows the comparison that pushed the plant managers to start the fund raising for the implementation of the process change.

Table 4. Logical−probabilistic Model Results outcome plant correct operation plant in emergency dangerous situation in the plant problem on the quality of product

probability

number of sequences

probability uncertainty (minimum/maximum value)

0.604

29199

0.538/0.677

0.380

13099982

0.318/0.454

5.85 × 10−5

46573

2.62 × 10−5/1.31 × 10−4

0.0011

92022

0.00055/0.0021

Table 5. Risk Analysis Results outcome plant correct operation plant in emergency dangerous situation in the plant problem on the quality of product

probability

mean consequences (€)

risk (€)

0.5973

number of sequences 143

0.252

104600

26300

1158

4.6 × 10−5

211300

9.8

261

8.85 × 10−4

202000

179

357

6. CONCLUSIONS The management of change, in particular in hazardous process plants, requires performing a risk analysis in order to demonstrate that the expected changes will not increase the existent level of risk and that the risk in the new arrangement will be correctly identified and managed. Integrating the logical-probabilistic modeling and the phenomenological modeling into risk assessment, in this case through the integrated dynamic decision analysis (IDDA), helps the user to decide the best design and operational solution based on a complete and consistent set of data. It allows considering also the time-dependencies in the process variables development, in time and along the plant, and allows one to make decisions on a whole picture of the system

Taking into account also the uncertainties, the other 11 events can have probabilities comparable with the more critical ones: all of them are related to different control system failures, in different equipment, with the consequent correct intervention of the protective devices and alarms systems. The results obtained gave the plant managers a complete overview of the expected values of the extra maintenance costs, and of the risk and critical process variable behaviors for the

Figure 9. Probability distribution for the sequences of events, modeled with the phenomenological model, contain the dangerous situation. I

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research

Figure 10. Probability distribution for the sequences of events, modeled with the phenomenological model, contain the productivity problem.

Figure 11. Probability distribution for the sequences of events, modeled with the phenomenological model, contain the emergency condition.

behavior, not only limited to critical negative outcomes (the socalled top events of the traditional risk based approach), and on the risk related to each sequence.

The approach proposed in this case study allowed for the reduction of uncertainty both in the analysis and in the decision phase, because the results of the analysis were based on the J

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research Table 6. Comparison between the Present Situation and the Modified Plant Figures outcome

probability

plant correct operation plant in emergency very low temperature dangerous situation in the plant potentially explosive atmosphere in the tank problem on the quality of product

mean consequences (€)

traditional QRA

IDDA

traditional QRA

IDDA

traditional QRA

0.5973 0.252 7.7 × 10−4 4.6 × 10−5 2.5 × 10−6 8.85 × 10−4

− − 3.8 × 10−4 − 1.2 × 10−5 −

− 104600 110000 211300 200800 202000

− − 250000 − 250000 −

− 26300 110 9.8 0.5 179

− − 95 − 3 −

⎡⎛ ⎞γ − 1/ γ ⎤ P γ ̇ × Z × R × T1 × F × ⎢⎜ 2 ⎟ − 1⎥ Wad = ⎢⎣⎝ P1 ⎠ ⎥⎦ γ−1

phenomenological model, that represents the expected behavior of the plant. Clearly, the quality of the results still depends on the level of detail of the model and thus on the level of knowledge disclosed by the plant managers and risk analysts. The adoption of the IDDA methodology allowed identifying the sequences of events more critical in terms of consequences and risk. Furthermore, the company management obtained a logical−probabilistic and phenomenological model of its revamped system, to be used for the process management, the training of operators, and the technological transfer within the organization.



(6)

with the approximation of ideal gases, Z = 1. The power needed for the compression is evaluated through eq 7: W=

The first equipment modelled is the methanol tank; through the mass balance, the level of liquid methanol, the pressure and the composition of the gas over the liquid are evaluated. The level of liquid methanol in the tank is modelled through eq 1: 3

dt

= ρC H OH,l × Stank 3

(7)

⎛ P ⎞γ − 1/ γ T2 = T1 × ⎜ 2 ⎟ ⎝ P1 ⎠

A.1. Feed Section

ρCH OH,l ×

Wad η

And the temperature at the discharge is given by eq 8:

APPENDIX A: PHENOMENOLOGICAL MODEL

dVl,tank

risk (€)

IDDA

(8)

With reference to the pump, the pumping work is estimated, according to Green and Perry48 with eq 9:

dLtank × = − ṁ CH3OH dt

Hpump = (h2 − h1) +

2 2 − u1,l (u 2,l ) (P2 − P1) + g × ρCH OH 2×g 3

(9)

(1)

Using the head of the pump, it is possible to evaluate its work for the pump, as shown in eq 10:

The meaning and the units of the variables can be found in the Notes section. The gas volume inside the tank is thus assessed through eq 2:

Wpump = g × ρCH OH,l × Hpump × Q pump 3

dVg,tank dt

+

dVl,tank dt

=0

In the methanol boiler, the methanol liquid is vaporized. For this equipment, the mass and energy balance and the heat transfer are used to evaluate the amount of steam required and the flow rate of vaporized methanol, eq 11:

(2)

A nitrogen flow is used to pressurise the tank. Thus, according to eq 3, the nitrogen flow rate is dVg,tank dt

× (1 − xCH3OH,T) = Q N2

⎧ Ḣ boiler = Fsṫ ·λst ⎪ ⎪ ⎪ ̇ ⎨ FCH3OH, v ⎪ Ḣ boiler ⎪ = cp (T2CH3OH − T1CH3OH) + λCH3OH ⎪ CH3OH,l ⎩

(3)

The composition of the vapour phase is estimated considering that the vapour methanol is in equilibrium with the liquid, and thus, the concentration can be evaluated with Raoult’s law:47 xCH3OH,T × Ptank = PvCH OH 3

(11)

Also for the methanol heater, the energy and mass balance and heat transfer equations are used to evaluate the output methanol conditions and the steam flow rate. The heat exchanger is constituted by a shell and a tube: the methanol vapours flow tube side, while the steam condensate shell side. Concerning tube side, the mass and heat balance are given by the following equations (eq 12 and 13):

(4)

In this way, the nitrogen fraction (x N2, T ) is x N2, T = 1 − xCH3OH, T

(10)

(5)

In the feed section, the two gas compressors and the pump of liquid methanol are present. The work necessary for adiabatic compression is evaluated according to Green and Perry48 with eq 6:

ρCH OH, v × u = cost 3

K

(12) DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research St ,heater × ρCH OH, v × c p 3

CH3OH, v

×

∂TCH3OH, v

= St ,heater × ρCH OH, v × u × c p 3

Table A1. Kinetic Constant Value

∂t CH3OH, v

×

∂TCH3OH, v ∂z

∂Ḣ heater − ∂z (13)

Regarding shell side, the temperature is assumed constant at the condensation temperature and the energy balance equation is (eq 14): ̇ ∂Fst,heater ∂Ḣ − heater × nt ,heater = × λst,heater (14) ∂z ∂z Also the heat transfer equation is used (eq 15): ∂Ḣ heater π = × dt ,heater × Uheater × (TCH3OH, v − Tst,heater) ∂z 2

symbol

value

unit

E1 E2 EA A1 A2 AA

79496 66944 8368 6250 5.6 27

J/mol J/mol J/mol mol/(m3 s atm0.5) mol/(m3 s atm0.5) atm−0.5

the water flow rate and the temperature of the gas at the different position in each section. In case the exchange is between two gases, the shell side is assumed in counter current flow with respect to the tube side. For the mass balance the following equations are used (eq 16):

(15)

⎧ ρ ·ut ,rec = cost ⎪ t ,rec ⎨ ⎪ ⎩ ρs,rec ·us,rec = cost

The heat transfer coefficients are evaluated according to Serth.49 A.2. Heat Recovery Section

The same approach was used in the modelling of the exchangers in the heat recovery sections, in order to assess

(16)

For the heat balance the following equations are used (eq 17):

⎧ ∂Tt ,rec ∂Tt ,rec ⎪ St ,rec × ρt ,rec × cp × = St ,rec × ρt ,rec × u t ,rec × cp × t ,rec g ,rec dt dz ⎪ π ⎪ − × d t ,rec × Urec × (Tt ,rec − Ts,rec) ⎪ 2 ⎨ ∂Ts,rec ∂Ts,rec ⎪ = −Ss,rec × ρs,rec × us,rec × cp × ⎪ Ss,rec × ρs,rec × cp s,rec × s,rec dt dz ⎪ π + × d t ,rec × n t ,rec × Urec × (Tt ,rec − Ts,rec) ⎪ ⎩ 2

⎛ Ei ⎞ ⎟⎟ ki = Ai × exp⎜⎜ − ⎝ R × Tg ⎠

The heat transfer coefficients are evaluated according to Serth49 or Kern.50 A.3. Reaction and Separation Section

CH 2O +

rCH3OH 1 O2 ⎯⎯⎯⎯⎯⎯→ CH 2O + H 2O 2

rCO 1 O2 ⎯→ ⎯ CO + H 2O 2

While, the mass balance for the different components (i) is (eq 21):

The first reaction is the methanol partial oxidation to formaldehyde and the second is the formaldehyde complete oxidation. The second reaction is the most important unwanted reaction occurring in the reactor. The kinetic equations used for this work are valid in a temperature range from 250°C to 400°C,51 an interval compatible with the reaction temperatures. rCH3OH =

rCO =

dC i dC i =u× − dt dz

∑ ri(T , C)

(21)

The temperature and the steam flow rate are evaluated for each tube (eq 22), through the reaction data, the heat transfer, and the heat balance. ρg × c p × ε × g

1/2 k1 × pCH3OH

∂Tg ∂t

= ρg × c p × u × ε × g



1/2 1 + kA × pCH3OH

4 × ε × Jg,s − dt

∂Tg ∂z

− av × Jg,w

∑ rTi(T , C)

(22)

The last equipment modelled is the absorber, where the formaldehyde contained in the gas is absorbed by means of liquid water. The mass transfer from the gas phase to the liquid phase is evaluated with eq 23:

1/2 k 2 × pCH2O

1 + C1/2 CH2O

(19)

Table A1 shows the constants used for the pre-exponential constant, Ai, and the activation energy, Ei. Using the kinetic equations (eq 18 and 19) and the mass balance, the composition of the gas can be evaluated. The global mass balance is given in eq 20: ρg × u = cost (20)

Coming to the reactor, the following reactions are taken into account: CH3OH +

(17)

(18)

Where as a general formulation: L

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Industrial & Engineering Chemistry Research ⎧ ∂y ⎪ ρ × Sabs × (ε − hT , l) × CH2O g ⎪ ∂t ∂YCH2O ⎪ − Sabs × a × JM ,CH O ⎪ = Fġ ′ × 2 ∂z ⎪ M × ⎪ CH 2O ⎨ ∂xCH2O ⎪ ⎪ ρl × Sabs × hT ,l × ∂t ⎪ ⎪ = F ̇ ′ × ∂XCH2O + S × a × J l abs M ,CH 2O ⎪ ∂z ⎪ × MCH2O ⎩



ACKNOWLEDGMENTS The research described in this paper was undertaken within the scope of EU seventh FP project TOSCA under Grant FP7NMP-2012-SMALL-6-310201. A seminal description of the case study was presented to a seminar.46

■ a av A c cp d E Ḟ g h hT H Ḣ J JM k L ṁ M n p P Pv Q r

(23)

2

The flow of inert gas (Fġ ′) remains constant along the absorber (eq 25): 2

(25)

Similarly, the liquid fraction of formaldehyde in the inert flow can be calculated according to eq 26: xCH2O XCH2O = (1 − xCH2O) (26) The flow of inert liquid (Fl̇ ′) remains constant along the absorber (eq 27): Fl̇ ′ = Fl̇ ·(1 − xCH2O)

(27)

Mass fluxes between the two phases are evaluated according to Geankoplis.52 The heat transfer is evaluated by eq 28: ⎧ ∂Tg ⎪ Sabs × (ε − hLT) × ρg × c p × g ∂t ⎪ ∂Tg ⎪ ̇ ⎪ = Fg × c pg × ∂z + Sabs × U × a ⎪ × (Tg − Tl) ⎪ ⎨ ⎪ ∂Tl ⎪ Sabs × hLT × ρl × c pl × ∂t ⎪ ∂T ⎪ = Fl̇ × c p × l − Sabs × U × a l ∂z ⎪ ⎪ × − ( ) T T g l ⎩

rT R S T t u U V x X y Y w W z Z γ ε η λ ρ

(28)

The heat transfer coefficient between the two phases were evaluated through the Chilton-Colburn Analogy.53



NOTATION

Process Variables

The gas fraction of formaldehyde in the inert flow is calculated according to eq 24: yCH O 2 YCH2O = (1 − yCH O ) (24)

Fġ ′ = Fġ (1 − yCH O )

Article

AUTHOR INFORMATION

Corresponding Author

interfacial area between two phases per volume of packed section, m2/m3 catalyst surface area, m2/m3 pre-exponential constant, mol/(m3 s atm0.5) concentration of a component, mol/m3 specific heat at constant pressure, kJ/(kg K) diameter, m activation energy (J/mol) mass flow rate, kg/s standard gravity, m/s2 level, m holdup total head of a pump, m heat exchanged, kJ/s heat flux, J/(m2 s) mass flow between gas and liquid phase, kmol/(m2 s) kinetic parameter, mol/(m3 s atm0.5); level, m flow rate, kg/h molecular mass, kg/kmol number partial pressure, atm absolute pressure, Pa vapor pressure, Pa volume flow rate, m3/s production (consumption) rate per unit reactor volume, mol/(m3 s) heat production per unit reactor volume, J/(m3 s) universal gas constant, J/(kg K) section, m2 temperature, K time, s liquid, gas, or vapor velocity, m/s global heat transfer coefficient, kW/(K m2) volume, m3 molar fraction mass fraction with respect to the inert flow volume fraction volume fraction with respect to inert flow mass fraction work, W axial coordinate, m compressibility factor heat capacity ratio catalyst or packaging bed void fraction efficiency latent heat of condensation, kJ/kg density, kg/m3

Super- and Subscripts

*E-mail: [email protected].

′ 1 2 abs ad

ORCID

Micaela Demichela: 0000-0001-5247-7634 Notes

The authors declare no competing financial interest. M

inert flow inlet discharge absorber adiabatic DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research boiler c CH3OH heater g i l N2 pump rec s st t T tank v w



iterative risk-based approach and case study. Safety Science 2017, 100, 195−202. (16) Gerbec, M.; Baldissone, G.; Demichela, M. Design of procedures for rare, new or complex processes: Part 2-Comparative risk assessment and CEA of the case study. Safety Science 2017, 100, 203−215. (17) Darabnia, B.; Demichela, M. Maintenance an opportunity for energy saving. ICheaP11−11th International Conference on Chemical & Process, Milan, Italy, June 2−6, 2013; pp 259−264. (18) Mannan, S. Lee’s Loss Prevention in the Process Industries; Elsevier: Oxford, 2005. (19) Contini, P. M., Contini, S., Copelli, S., Rota, R., Demichela, M. From HazOp study to automatic construction of cause consequence diagrams for frequency calculation of hazardous plant states. Safety and Reliability of Complex Engineered Systems: Proceedings of the 25th European Safety and Reliability Conference, ESREL 2015, 2015; pp 347− 355. (20) Center for Chemical Process Safety. Guidelines for Chemical Process Quantitative Risk Analysis; Center for Chemical Process Safety/ AIChE: New York, 2000. (21) Korsakissok, I.; Mallet, V. Comparative Study of Gaussian Dispersion Formulas within the Polyphemus Platform: Evaluation with Prairie Grass and Kincaid Experiments. Journal of Applied Meteorology and Climatology 2009, 48, 2459−2473. (22) Pontiggia, M.; et al. Consequences Assessment of an Accidental Toxic Gas Release Through a CFD Tool: Effect of the Terrain and Major Obstacles. Chemical Engineering Transaction 2012, 26, 537−542. (23) Venetsanos, A. G.; Papanikolaou, E.; Bartzis, J. G. The ADREAHF CFD code for consequence assessment of hydrogen applications. Int. J. Hydrogen Energy 2010, 35 (8), 3908−3918. (24) Swaminathan, S.; Smidts, C. S. The Event Sequence Diagram framework for dynamic Probabilistic Risk Assessment. Reliability Engineering & System Safety 1999, 63 (1), 73−90. (25) Bucci, P.; Kirschenbaum, J.; Mangan, L. A.; Aldemir, T.; Smith, C.; Wood, T. Construction of event-tree/fault-tree models from a Markov approach to dynamic system reliability. Reliability Engineering & System Safety 2008, 93 (11), 1616−1627. (26) Č epin, M.; Mavko, B. A dynamic fault tree. Reliability Engineering & System Safety 2002, 75 (1), 83−91. (27) Kalantarnia, M.; Khan, F.; Hawboldt, K. Dynamic risk assessment using failure assessment and Bayesian theory. J. Loss Prev. Process Ind. 2009, 22, 600−606. (28) Villa, V.; Paltrinieri, N.; Khan, F.; Cozzani, V. Towards dynamic risk analysis: A review of the risk assessment approach and its limitations in the chemical process industry. Safety Science 2016, 89, 77−93. (29) Raoni, R.; Secchi, A. R.; Demichela, M. Employing process simulation for hazardous process deviation identification and analysis. Safety Science 2018, 101, 209−219. (30) Aldemir, T. A survey of dynamic methodologies for probabilistic safety assessment of nuclear power plants. Ann. Nucl. Energy 2013, 52, 113−124. (31) Alfonsi, A.; Rabiti, C.; Mandelli, D.; Cogliati, J. J.; Kinoshita, R. A.; Naviglio, A. Dynamic Event Tree Analysis through RAVEN. ANS PSA 2013 International Topical Meeting on Probabilistic Safety Assessment and Analysis, Columbia, SC, September 22−26, 2013; American Nuclear Society: LaGrange Park, IL, 2013. (32) Zio, E. Integrated deterministic and probabilistic safety assessment: Concepts, challenges, research directions. Nucl. Eng. Des. 2014, 280, 413−419. (33) Clementel, S.; Galvagni, R. The use of the event tree in the design of nuclear power plants. Environ. Int. 1984, 10 (5), 377−382. (34) Galvagni, R.; Clementel, S. Risk analysis as an instrument of design. In Safety Design Criteria for Industrial Plants; CRC Press: Boca Raton, 1989. (35) Piccinini, N.; Demichela, M. Risk based decision-making in plant design. Can. J. Chem. Eng. 2008, 86 (3), 316−322.

at the boiler catalyst methanol in the heater gas reactant, component liquid nitrogen at the pump recovery section shell steam tube at temperature in the tank vapor wall

REFERENCES

(1) Gerbec, M. Safety change management: A new method for integrated management of organizational and technical changes. Safety Science 2017, 100, 225−234. (2) Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 on the control of major-accident hazards involving dangerous substances, amending and subsequently repealing Council Directive 96/82/EC. http://eur-lex.europa.eu/legal-content/ EN/TXT/?uri=CELEX:32012L0018. (3) 40 CFR Part 68, Subpart D − Program 3 Prevention Program. http://www.ecfr.gov/cgi-bin/text-idx?SID= 24363918a1da6e6c82f419fa327e6979&mc=true&node=sp40.16.68. d&rgn=div6. (4) Process safety management of highly hazardous chemicals. Occupational Safety and Health Standards, 1910.119. https://www. osha.gov/pls/oshaweb/owadisp.show_document?p_table= STANDARDS&p_id=9760. (5) Guidelines for Risk Based Process Safety; Wiley: Hoboken, NJ, 2007. (6) Learning from Case Histories, 3rd ed.; Sanders, R. E., Ed.; Elsevier Butterworth−Heinemann, 2005. (7) HSE: Plant Modification/Change Procedures. http://www.hse. gov.uk/comah/sragtech/techmeasplantmod.htm. (8) Lawley, H. G. Operability studies and hazard analysis. Chemical Engineering Progress 1974, 70 (4), 45−56. (9) Application of hazard evaluation techniques to the design of potentially hazardous industrial chemical processes; Kavianian, H. R., Rao, J. K., Brown, G. V., Eds.: U.S. Department of Health and Human Services, Public Health Service, Centers for Disease Control, National Institute for Occupational Safety and Health, Division of Training and Manpower Development: Cincinnati, 1992. (10) HAZOP and HAZAN: Identifying and Assessing Process Industry Hazards; Kletz, T., Ed.; CRC Press: Rugby, 1999. (11) Crawley, F.; Preston, M.; Tyler, B. HAZOP Guidelines: Guideto Best Practice (Guidelines to Best Practice for the Process and Chemical Industries); European Process SafetyCentre/Institution of Chemical Engineers: Rugby, 2000. (12) Dunjó, J.; Fthenakis, V.; Vílchez, J. A.; Arnaldos, J. Hazard and operability (HAZOP) analysis. A literature review. J. Hazard. Mater. 2010, 173, 19−32. (13) Bosca, S.; Fissore, D.; Demichela, M. Risk-Based Design of a Freeze-Drying Cycle for Pharmaceuticals. Ind. Eng. Chem. Res. 2015, 54 (51), 12928−12936. (14) Bosca, S.; Fissore, D.; Demichela, M. Reliability Assessment in a Freeze-Drying Process. Ind. Eng. Chem. Res. 2017, 56 (23), 6685− 6694. (15) Gerbec, M.; Balfe, N.; Leva, M. C.; Prast, S.; Demichela, M. Design of procedures for rare, new or complex processes: Part 1-An N

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX

Article

Industrial & Engineering Chemistry Research (36) Turja, A.; Demichela, M. Risk based design of allyl chloride production plant. Chemical Engineering Transactions 2011, 24, 1087− 1092. (37) Demichela, M.; Camuncoli, G. Risk based decision making. Discussion on two methodological milestones. J. Loss Prev. Process Ind. 2014, 28, 101−108. (38) Leva, M. C.; Pirani, R.; De Michela, M.; Clancy, P. Human factors issues and the risk of high voltage equipment: Are standards sufficient to ensure safety by design? Chemical Engineering Transactions 2012, 26, 273−278. (39) Demichela, M.; Pirani, R.; Leva, M. C. Human factor analysis embedded in risk assessment of industrial machines: Effects on the safety integrity level. International Journal of Performability Engineering 2014, 10 (5), 487−496. (40) Baldissone, G.; Fissore, D.; Demichela, M. Catalytic aftertreatment of lean VOC-air streams: Process intensification vs. plant reliability. Process Saf. Environ. Prot. 2016, 100, 208−219. (41) Baldissone, G.; Demichela, M.; Fissore, D. Lean VOC-air mixtures catalytic treatment: Cost-benefits analysis of competing technologies. Environments 2017, 4(3), 4610.3390/environments4030046. (42) Reuss, G., Disteldorf, W., Gamer, A. O., Hilt, A. Formaldehyde. In Ullmann’s Encyclopedia of Industrial Chemistry. Wiley-VCH, 2000; pp 735−768. (43) Center for Chemical Process Safety Guidelines for Process Equipment Reliability Data - With Data Tables; Center for Chemical Process Safety/AIChE, New York, 1989. (44) Zubair, M.; Zhang, Z.; Khan, S. U. D. Calculation and updating of reliability parameters in probabilistic safety assessment. J. Fusion Energy 2011, 30 (1), 13−15. (45) Philipson, L. L. A simple method for obtaining approximate system failure rate uncertainty distributions. Reliability Engineering & System Safety 1989, 25 (4), 371−382. (46) Baldissone, G.; Demichela, M.; Camuncoli, G.; Comberti, L. Formaldehyde production plant modification: Risk based decision making. Chemical Engineering Transactions 2017, 57, 703−708. (47) Stichlmair, J. Distillation, 1. Fundamentals. In Fundamentals. Ullmann’s Encyclopedia of Industrial Chemistry. s.l.; Wiley-VCH, 2002; pp 425−454. (48) Green, D. W.; Perry, R. H. Perry’s Chemical Engineers’ Handbook; McGraw-Hill: New York, 2008. (49) Serth, S. W. Process Heat Transfer Principles and Applications; Elsevier: Oxford, 2007. (50) Kern, D. Q. Process Heat Transfer; McGraw-Hill International Book Company: New York, 1965. (51) Iordanidis, A. A.; van Sint Annaland, M.; Kronberg, A. E.; Kuipers, J. A. M. A critical comparison between the wave model and the standard dispersion model. Chem. Eng. Sci. 2003, 58, 2785−2795. (52) Geankoplis, C. J. Transport Processes and Unit Operations; Prentice-Hall: Englewood Cliffs, 1993. (53) Chilton, T. H.; Colburn, A. P. Mass Transfer (Absorption) Coefficients Prediction from Data on Heat Transfer and Fluid Friction. Ind. Eng. Chem. 1934, 26 (11), 1183−1187.

O

DOI: 10.1021/acs.iecr.7b03059 Ind. Eng. Chem. Res. XXXX, XXX, XXX−XXX