DOI: 10.3303/CET2290114 Paper Received: 6 February 2022; Revised: 17 March 2022; Accepted: 27 April 2022 Please cite this article as: Vaudrey H., François J.-M., 2022, Small Data Also Matter in Process Safety, Chemical Engineering Transactions, 90, 679-684 DOI:10.3303/CET2290114 CHEMICAL ENGINEERING TRANSACTIONS VOL. 90, 2022 A publication of The Italian Association of Chemical Engineering Online at www.cetjournal.it Guest Editors: Aleš Bernatík, Bruno Fabiano Copyright © 2022, AIDIC Servizi S.r.l. ISBN 978-88-95608-88-4; ISSN 2283-9216 Small Data Also Matter in Process Safety Hervé Vaudrey*, Joseph-Marc François DEKRA Process Safety, 22 avenue Lionel Terray, 69330 Jonage, France herve.vaudrey@dekra.com The wave of big data is fundamentally transforming many activities and companies. The field of process safety is not spared, with many applications that seem very promising to detect weak signals from industrial processes and in particular mining the ocean of data generated in real-time by the various instrumented systems which would be predictive of future deviations that could lead to a major accident. The purpose of this paper is to remind readers that in process safety the devil is often in the detail, and we must be careful regarding little rather than big data, the needle in the haystack, which is often the one that is necessary to make the right decision to make the operation safe. Through case studies of accidents that we have investigated in various sectors of the process industry, we will illustrate situations where the absence of some basic data, sometimes even a single essential data missing or misinterpreted by lack of competence or the lack of recognition of weak signals or patterns, led to explosions and process accidents. 1. Introduction The wave of big data offers considerable promises to the process industry also in the prevention of process safety incidents. Research and literature in that field is increasing and many companies are investing in applications and data-scientists to mine their data with the objective to detect patterns and trends predictive of future incidents (Wiley, 2015). Not all companies from the process industry currently have the means to embark on this adventure, though, as they might not even yet have what can be properly categorized as big data but rather at best small data in various databases and files. 2. Big, small and tiny data in process safety Big data are usually defined as a massive amount of diverse digital data originating from various sources (sensors, cameras, GPS, …) and that requires specialized data infrastructure for reasonable treatment. Even if there might not be a universal definition of big data, it is usually considered in opposition to small data or tiny data. Table 1 below attempts to illustrate some characteristics of those big, small and tiny data categories. In the process industry, the bulk of relevant big data is likely to come from the real-time data of various control systems that operate a plant. Conversely, the register of a daily manual sampling chemical analysis for quality control would rather fall into the small data category. And there are also many tiny or single data that may not even be captured but that are likely to uncover the origins of latent failures or even trends (Lindstrom, 2016). The literature on Big Data applications in process safety is still quite limited. In recent years, there has been a considerable increase in publications and conferences aimed at exploring this vast area, particularly under the impetus of the Chemical Center for Process Safety (CCPS). The resulting field, which is currently forming, is not totally new. For many years, the gradual rise of process automation has opened a whole range of possibilities for the process control and the detection of drifts that can lead to accidents. Numerous signals and measurement points have become available in digital form allowing numerous mathematical treatments to establish models, correlations, reconcile mass balance or predict other parameters that are not measured. 679 In a related field, statistical process control, by adding data processing modules, allows to detect progressive deviations at normal operating points and to make decisions to correct these drifts. In the same vein, models based on neural networks (Watanabe & al., 1989) or fuzzy logic (Markowski, 2009) have added smart software layers to control systems that provide additional support during decision-making. Table 1: Big, small and tiny data characteristics Big Data Small Data Tiny Data Data lake Series of points Low number of points Terabytes Gigabytes, Megabytes Discrete data Cloud, various large databases Local server/PC, database Not always stored Thousands of variables Hundreds of variables Low number of variables Unstructured, diverse Flat files Not always stored Not always ready for analysis Ready for analysis Not always recognized No intended purpose Intended purpose for data collection Not collected Big Data applications are in that sense a continuation of those applications in a slightly larger way. They not only include flat files of data but more broadly any type of digital data, structured or not such as texts, images, sounds, videos, datasets, etc. The promise is great and one can imagine many applications in the field of process safety. One of the particularly interesting areas relates to the premature detection of process drifts, such as the early detection of the pattern of a reaction thermal runaway in a phase where the temperature variations are not significant. However, it is probably illusory to imagine that algorithms can replace all systems and layers of protection that prevent industrial accidents and completely replace human decisions. If we look at major industrial accidents of the process industry of the last twenty years such as Texas City (Isiadinso, 2015), one can wonder if systems based on Big Data would have prevented them. In the field of process safety, it is particularly important not to focus solely on instrumentation and more generally not to jump on all data that allows for data analysis. Many important information for the safety of a process are not necessarily instrumented and a lot of process data are not necessarily important for safety. Several process safety accidents had their root cause in changes that were not identified and then assessed properly, ignoring the possibility that they could lead to a catastrophic event. While some changes such as those that are not a replacement-in-kind are obvious, some changes are subtler. The very topic of identifying subtle changes is in itself still largely not fully addressed in the process industry. A classical such example is rerouting a piece of pipeline at a different elevation which can modify pressure drops and create the conditions for a backflow to a process vessel. In the next sections of this article, several examples of process accidents aim to illustrate this point and to show how the absence of very simple basic data or previously innocuous changes has led to accidents. 3. Examples of accidents linked to tiny data 3.1 Misunderstanding of the flashpoint data This accident occurred in the chemical industry in 2012 in a 6m3 stainless steel mixer. The original process consisted of loading 2000 litres of methyl-ethyl-ketone in the mixer and to heat it to 60°C. Once the temperature is reached, polyester resin sheets are added via the manhole and the mixer is agitated during a defined period of time. It was observed that the methyl-ethyl-ketone vapours escaping from the manhole were causing nuisances and exposure of the operators to solvent vapours, so a process modification was designed, and it was decided to load the polyester sheets at ambient temperature and start the heating phase afterwards. A pilot experiment was conducted successfully, and it was decided to run the process in this modified manner. During the first batch of the revised process an explosion occurred burning the operator severely during the loading of the polyester sheets. The investigation team concluded that the explosion originated from an electrostatic brush discharge from the resin sheets, charged when they were unpacked. The revised process at ambient temperature had the consequence to create a permanent explosive gas atmosphere inside the mixer as the flammability data of methyl-ethyl-ketone are illustrated on Table 2. Between -9°C, the flashpoint (also in that case the lower flammability temperature) and 25°C, the upper flammability limit, the atmosphere is flammable at the equilibrium and a simple ignition source of a few milliJoules, such as a brush discharge from charged insulating material, would then be sufficient to ignite this atmosphere and create the explosion. 680 In this example, only a very small amount of data was necessary to prevent the incident from occurring and the issue is more around having the right knowledge to interpret them. The site HSE engineer where this incident occurred said : “We thought we were doing the right thing when we decided to work at a lower temperature”. Table 2: Flammability data of methyl-ethyl-ketone Data Value Flashpoint - 9°C Lower Flammability Limit 1.8% Upper Flammability Limit 11.5% Lower Flammability Temperature -9°C Upper Flammability Temperature 25°C Minimum Ignition Energy 0.53 mJ 3.2 Ignition of sulphur dust during the cleaning of a silo This accident occurred in 2018 during the manual cleaning of a dust sulphur silo. An operator was tasked to remove layers of dust sulphur accumulated on the walls of the silo. The silo itself was made of two main parts: a shell with brick layers and concrete in the upper part and of a metallic cone in the bottom part as illustrated on Figure 1. Figure 1: View from the sulphur silo manway The vessel had been emptied to the maximum extent for the operation. The operator entered the vessel through the manway with a rope access, the appropriate personal protective equipments and hydrogen sulphide monitoring to start the cleaning operation. He was supervised by one of his colleagues standing at the exterior of the vessel. A vacuum dust collector was used to clean and minimise the sulphur dust cloud that would form at the bottom of the silo. The accident happened as the operator reached and started to clean the metallic cone of the silo. He was using a bronze shovel to scrap the walls of the vessel (Figure 2) and right after a shovel hit an ignition occurred leading to a small flash fire with a subsequent fire. Figure 2: Shovel used for the cleaning operation made of stainless steel and of a bronze plate at the extremity 681 The fire got noticed by the second operator located nearby the manway. The operator was then alerted and he started to run towards the silo’s exit. The operator got his cornea burnt due to the combustion heat despite his fast escape from the silo and a tap water source located nearby the silo’s manway. He also described that his disposable gown started to take fire while exiting the silo. The fire got finally extinguished with the use of water and fire extinguishers. The investigation team concluded that the fire originated from a thermite reaction from an impact from the bronze shovel - which contains aluminium - on the rusty surface of the steel of the metallic cone at the bottom of the silo. This type of ignition is rather unusual especially from tools made of materials such as bronze which are wrongly reputed non-sparking (Shekhar, H.,2004). In this example once again, it is not about quantity of data but rather having the right process safety knowledge. 3.3 Ignition during the loading of a powder This accident occurred in the French pharmaceutical industry in the 1990s. The process had been operating for 15 years without any incident. On the day of the accident, the operator was pouring a fine pharmaceutical dust into a 3 m3 hopper. The hopper was fitted with a grid to prevent foreign bodies to enter the process (Figure 3). After loading 11 bags out of 12, a heap of powder accumulated on the grid and the operator pushed it through with his gloved hand. A violent explosion occurred just a few seconds after creating a lot of blast damages in the building. Fortunately, the operator had already turned back when the explosion happened, so he only suffered minor burns and was released from hospital a few days after the event. Figure 3: The grid on the chute of the hopper The investigation team concluded that the explosion originated from an electrostatic spark discharge from the isolated grid. After the incident, laboratory analysis showed that the powder was extremely sensitive to electrostatic ignition with a minimum ignition energy (MIE) below 3 mJ and very insulating (Resistivity 1013 Ω.m ; Relaxation time 4 h) at the same time. As the grid was simply in loose contact with the hopper and not grounded to the structure by a robust connection, it is very likely that, on that particular day, some of this insulating powder, isolated electrically the grid from the structure and created the perfect conditions for a spark discharge to occur igniting this very sensitive powder. This incident also exemplifies the crucial need of wide safety knowledge rather than quantity of data. 3.4 Self-ignition of big-bags This accident occurred in the French agrochemical industry in the late 1990s. Several big-bags containing a Mancozeb-based formula were produced at the plant. A truck was loaded with those big-bags to distribute them at the packaging centre distant from 200km from the manufacturing plant. During the journey on the highway, the truck driver noticed smoke at the back of his truck and stopped to investigate. He decided to drive to destination and called the site to inform about the situation. The smoke was a bit more intense and when he finally arrived, the emergency team was there and dropped all the shipment in a water pond which allowed to stop the phenomenon. In parallel, the manufacturing plant had several big-bags freshly produced during the morning campaign self-ignited on the storage area. All of those also had to be drowned to prevent an escalation. Ultimately the incident had only some minor consequences mainly limited to loss of production. The investigation team concluded that the origin of the self-ignition of those big bags was linked to a change in the sourcing of one of the raw materials of the Mancozeb-based formula present at only 0.5% w/w which was sufficient to lower the self-ignition mechanism. Various thermal stability studies performed on the previous and on this new formula demonstrated that the latter was prone to self-ignition at ambient temperature in a few 682 hours. This minor change from the sourcing of an ingredient like for like and on specification but simply from a different supplier was not identified as a possible source of incident. This example illustrates how a tiny data, unlikely to be captured by a machine-learning model due to the fact that the number of training points cannot be sufficient to build any model, can have a huge safety impact. 3.5 Wrong alloy corrosion This accident occurred in the UK Oil and Gas industry in 2015. A large shell/tube heat exchanger ruptured during a hydraulic test. Fortunately, no one was injured, and the consequences were mainly financial due to an extended shutdown of the plant for the repair of the exchanger. The period of inspection had been extended by four years following various studies including risk-based inspection and careful consideration of historical inspection reports which were showing very good integrity data of the tubes. The investigation team concluded that the origin of this incident was the wrong transmission of the type of material for the tubes of the exchanger. They found out that during the last overhaul tubes originally specified in the alloy Incoloy 825 were replaced with tubes in Incoloy 800. The latter material is a Nickel-Iron-Chromium alloy which contains no molybdenum unlike Incoloy 825. The tubes in Incoloy 800 experienced pitting and under deposit corrosion which led to a strong reduction in their thickness and their failure during the hydraulic test. Figure 4: Technical data for the heat exchanger showing Incoloy 800 (un-noticed) The mistake went unnoticed during several years by the operating company and the contractors inspecting this exchanger, although the information was clearly present on the technical drawings and documentations of the exchanger (Figure 4). Most likely, everyone believed that any Incoloy grade would fit the purpose and did not realise that 800 instead of 825 can make a big difference. This error may have been detected by an automatic system (eg image recognition) or some extra administrative controls and quality checks but that does not pertain to big data applications and may be more to subtle changes detection. 3.6 Many other examples of weak signals The examples of accidents briefly explained above are just a little number of industrial situations where the prevention is not linked to the absence of the application of an algorithm on a large number of data but more on the lack of understanding or knowledge of a very limited subset of tiny data which are key for the safety of the operations. There are many other examples of process safety accidents where subtle changes, discrete warning signs and weak signals have not been captured and recognized. An extensive list in various elements of process safety activities is given in Recognizing Catastrophic Incident Warning Signs in the Process Industries (CCPS, 2012) such as: • Poor training on hazards of the process operation and the materials involved • Weak process hazard analysis practices • Critical safety systems not tested • Chronic problems with the work permit system Those weak signals are often leading indicators or even pathogenic factors that can be predictive of future process safety accidents. With the miniaturization and the constant decrease of the production costs of communicating digital technologies (Wifi, RFID, GPS, ...) now accessible in large numbers, one can expect an increase in the capability to detect anomalies of operation of industrial processes. One can imagine for example a chemical plant containing toxic products riddled with hundreds of low-cost gas detectors that would detect very early small leaks before they grow to lead to a more severe loss of containment. 683 4. Conclusions The promise of big data applications in process safety is immense but still in its infancy. At the same time, it is important to keep in mind, though, that in process safety the devil is in the detail and that weak signals, small data or even tiny data need to be considered with rigour and attention. Several examples of process safety accidents which relate to the latter category have been given in this article to illustrate this point. In most of them the prevention of their occurrence would have been difficult to capture with an algorithm as they relate more to the lack of understanding or fundamental knowledge of single data critical for the safety of the operations. Only complementary approaches including diversity and defence in depth would have helped to prevent those process safety incidents. Before embarking on the big data adventure in process safety, approaches based on leading indicators of process safety performance, including competency, need also to be explored further. Integrating expertise in process safety and lessons learned from past incidents in the programming of big data applications is most likely one of the main challenges that the process industry is facing. Acknowledgments We acknowledge the various colleagues of the DEKRA Process Safety group for their invaluable contribution for this article. References Isiadinso, Chinedu. (2015). BP Texas City Refinery Disaster - Accident & Prevention Report. 10.13140/RG.2.1.2317.4569. Lindstrom M., Small data: the tiny clues that uncover huge trends, St Martins, 2016, ISBN 978-1-250-08068-4 Markowski, A. S., Mannan, M. S., & Bigoszewska, A. (2009). Fuzzy logic for process safety analysis. Journal of loss prevention in the process industries, 22(6), 695-702. Recognizing Catastrophic Incident Warning Signs in the Process Industries, CCPS, Wiley 2012, ISBN: 978-0- 470-76774-0 Shekhar, H. (2004). Nonsparking tools: A misnomer. Process safety progress, 23(1), 62-64. Strozzi, F., Zaldívar, J. M., Kronberg, A. E., & Westerterp, K. R. (1999). On‐Line runaway detection in batch reactors using chaos theory techniques. AIChE Journal, 45(11), 2429-2443. Watanabe, K. , Matsuura, I. , Abe, M. , Kubota, M. and Himmelblau, D. M. (1989), Incipient fault diagnosis of chemical processes via artificial neural networks. AIChE J., 35: 1803-1812. doi:10.1002/aic.690351106 Willey Ronald J., (2015), Big data is it a big deal?, Process Safety Progress, Volume 34, Issue 3, Page 211 doi.org/10.1002/prs.11761 684 https://doi.org/10.1002/aic.690351106 lp-2022-abstract-038.pdf Small Data Also Matter in Process Safety