A fundamental goal of every effective process safety program is to prevent the release of and exposure to hazardous materials. When loss of containment (LOC) occurs, the consequences can be severe: toxic exposures, fires, explosions, and other hazardous events, resulting in serious injuries, environmental damage, and potentially catastrophic facility losses.
Below are two examples of what can happen when containment is lost (toxic release, flammable release):
Keep It in the Pipes is a simple but powerful mindset. If the hazardous material stays inside the pipes, vessels, and equipment where it belongs, many of the worst process safety incidents never happen.
Here are six key pillars that support a strong “Keep It in the Pipes” program:
I – Engineering Design (Inherently Safer Design)
The strongest defense against LOC starts at the very beginning — with good engineering design to ensure intended safe and reliable operations.
Also, as process safety pioneer Trevor Kletz famously reminded us:
“What you don’t have can’t leak.”
The most effective way to prevent hazardous releases is to remove or significantly reduce the hazard rather than trying to control it after it is present. This is the core idea behind Inherently Safer Design (ISD) principles, which should be considered early and throughout the design process:
- Substitution — Replace a hazardous material with a less hazardous alternative whenever feasible.
- Minimization — Reduce the quantity of hazardous materials stored or processed (smaller inventories mean smaller potential releases).
- Moderation — Use less severe process conditions (lower pressures, lower temperatures, or diluted concentrations) to reduce the severity of a potential release.
- Simplification — Design simpler processes and equipment that are less prone to human error or mechanical failure.
Facilities that apply ISD principles thoughtfully from the conceptual design stage onward are inherently more resistant to LOC. Good engineering design is not just about making a product and meeting codes and other requirements — it is also about fundamentally reducing the hazard at its source when possible and providing appropriate safeguards when it’s not.
II – Risk Management
“What you don’t manage will leak.”
This simple statement from our paper honoring Trevor Kletz (see references below) captures the heart of why risk management is essential. No matter how well a facility is initially designed, hazards not identified or not managed well day-to-day will often eventually find a way out, potentially leading to severe consequences.
Risk management serves as the foundation for developing and maintaining effective process safety systems. It is the disciplined, ongoing process that enables us to:
- Systematically identify hazards through high-quality PHA
- Evaluate realistic loss of containment scenarios
- Determine the required layers of protection (safeguards)
- Ensure those safeguards — including procedures and training, instrumentation and alarms, safety instrumented systems (interlocks), and pressure relief devices — are properly designed, independent, and sustained over time, noting that sometimes safeguard activation can lead to different types of LOC events that should also be evaluated in the PHA
Risk management is not a one-time activity performed only during design or startup. It is a continuous cycle that must persist throughout the entire life of the facility. When risk management weakens or becomes inconsistent, small gaps in safeguards begin to form, allowing even well-designed systems to fail, potentially catastrophically.
III – Mechanical Integrity
Even the best engineering design and risk assessments are useless if the equipment itself can’t contain the hazardous material. Mechanical Integrity (MI) is the pillar that keeps the pipes, vessels, pumps, valves, and seals intact over time.
Many LOC events trace directly back to equipment failure — often from corrosion, erosion, fatigue, improper materials, or lack of timely inspection and repair. A strong MI program identifies the equipment to include in the program, based on hazards, manufacturer guidance, and RAGAGEP, and develops specific maintenance procedures and training, equipment inspection and testing, and quality assurance practices, including:
- Risk-based inspection and testing — prioritizing equipment based on consequence of failure and likelihood of degradation
- Preventive and predictive maintenance — moving beyond reactive fixes to scheduled, condition-based programs
- Material verification and corrosion management — ensuring the right materials are used and monitoring for degradation mechanisms (especially important in aging facilities)
- Inspection of critical safety equipment — pressure vessels, piping, relief devices, pumps, and instrumentation
- Management of aging infrastructure — recognizing that equipment does not last forever and planning for replacement or major repairs
- Vessel integrity tests on startup — particularly critical for batch and semi-batch operations. Before introducing hazardous materials, vessels and associated piping should be pressure-tested or integrity-checked to confirm no leaks, proper assembly, and that all blinds, plugs, or temporary modifications have been removed. This final verification step catches installation errors or degradation that may have occurred since the last shutdown.
The program must ensure that all preventive maintenance inspection and test tasks are performed on a prescribed schedule with aggressive and timely actions to correct any deficiencies, such as out-of-calibration instruments or failed equipment per the manufacturers’ recommendations, local operating and maintenance history for the equipment, and/or associated RAGAGEPs. This is especially true for facilities with aging equipment or changing process conditions.
Appropriate MI metrics should be collected and analyzed with delayed or overdue tests and inspections or other activities serving as clear red flags of potential problems.
Mechanical integrity is not just a maintenance department responsibility — it requires strong collaboration between operations, engineering, and maintenance, supported by clear standards, trained personnel, and rigorous documentation.
IV – Operational Discipline
Even the best engineering design, risk management, and mechanical integrity programs can fail if people do not consistently follow the established process safety systems. This is where Operational Discipline (OD) becomes critical. OD is the consistent, reliable execution of process safety systems, procedures, and safe work practices — doing the right things, the right way, every time, by everyone.
It has both organizational and personal dimensions:
- Organizational Operational Discipline involves leadership setting clear expectations, providing adequate resources, establishing strong accountability, and fostering a culture where following process safety requirements is the norm, not the exception. It includes effective training programs, clear procedures, and visible leadership commitment.
- Personal Operational Discipline is the individual commitment of every operator, engineer, maintainer, and supervisor to follow procedures, respect safeguards, complete tasks correctly, and speak up when something doesn’t look right. Personnel ensure they have the knowledge to do the job right and awareness to recognize and respond to unusual conditions or deviations that might occur.
Many releases are not caused by a single dramatic failure — they result from small, repeated deviations from established safe practices, including MI activities, sometimes leading to normalization of these deviations raising the risk of LOC and other hazardous events. When organizational systems are weak or when individuals take shortcuts, bypass procedures, or become complacent, the multiple layers of protection begin to degrade. Over time, these human errors create pathways for hazardous materials to escape.
Following well-designed process safety systems as required helps minimize the chance of mistakes and human error that can lead to releases. Strong OD turns good intentions and good designs into reliable, day-to-day performance. It bridges the gap between “what should happen” on paper and “what actually happens” in the control room, in the field, and during maintenance activities.
V – Sensitivity to Operations
Even with strong design, risk management, mechanical integrity, and operational discipline in place, small warning signs can still appear. Sensitivity to Operations is the ability to notice, investigate, and respond to those subtle signals before they escalate into a loss of containment event. A small drip today could be an important warning sign of a larger event later.
This is where the “Sherlock Holmes” mindset becomes essential. As discussed in the blog post “The ChE as Sherlock Holmes: Solving Mysteries in Process Operations”, effective process safety professionals develop a sharp, detective-like awareness. They treat anything unusual as a potential mystery worth solving:
- A small drip, pool of liquid on the floor, or a visible vapor stream
- A slightly off-trend temperature, pressure, or flow reading
- A process safety metric that suddenly worsens
- An unexpected alarm spike or near-miss
- A strange lab result or product quality deviation
- An unusual maintenance finding during routine work
Instead of dismissing these as “normal variation,” the Sherlock approach asks: “What exactly changed? When did it start? What else might be connected? Why is this happening?”
This heightened sensitivity to operations turns passive monitoring into active prevention. It means investigating even minor anomalies — a small leak, an abnormal vibration, or a declining leading indicator — with the same rigor one would apply to a major incident.
Good sensitivity to operations is closely linked to strong feedback and learning systems (the topic of an upcoming post). Appropriate metrics for spills and other releases should be developed, monitored, and trended. Metrics and data only have value when someone is paying close attention and willing to act on what they reveal. Organizations with high sensitivity to operations catch problems early, investigate root causes thoroughly, and implement lasting fixes — greatly reducing the likelihood of a significant loss of containment.
In short, sensitivity to operations is the vigilant watchfulness that keeps hazards “in the pipes” by responding to small clues before they become big problems.
VI – Management of Change
Hazards can be changed both obviously and subtly, and sometimes only under special or unusual conditions. This is why Management of Change (MOC) is one of the most critical and often under-appreciated pillars of any “Keep It in the Pipes” program.
As explored in the post “Adaptum aut pereo: Adapt or Perish”, the Latin phrase “Adaptum aut pereo” (Adapt or Perish) serves as a stark warning for process safety. Organizations that fail to rigorously manage change risk the same fate as the dinosaurs — sudden and catastrophic loss of safe operations.
Every change must be rigorously evaluated — not just the obvious ones.
- Obvious changes: New equipment, major process modifications, chemical substitutions, or capacity increases.
- Subtle changes: Small procedural tweaks, gradual shifts in operating conditions, minor equipment alterations, or “like-for-like” replacements that may introduce different material properties or performance characteristics.
- Changes that only appear under special situations: Modifications that may be safe during normal steady-state operation but create serious risks during startup, shutdown, maintenance, emergency conditions, or other non-routine operations.
A robust MOC process demands that we ask critical questions for every proposed change:
- What is the technical basis and potential safety impact — both in normal operation and under abnormal or transient conditions?
- How might this change affect hazards and existing safeguards — obviously or subtly?
- Have we conducted an appropriate hazard review that specifically considers startup, shutdown, and other non-routine scenarios?
- Are procedures, training, documentation, and roles/responsibilities updated?
- Is a Pre-Startup Safety Review (PSSR) required before returning the equipment or process to operation? The PSSR is the final safety checkpoint to verify that the change has been properly designed, installed, and that all affected personnel are trained and ready.
- How will we verify the change has been fully implemented and is working as intended under all expected conditions?
Failing to manage change rigorously — especially subtle, temporary, or conditional changes — is one of the fastest ways for a facility to lose containment. The Williams Olefins explosion and the historic Flixborough disaster in 1974 both demonstrated how seemingly minor or temporary changes, when not properly reviewed across all operating modes (including startup), can lead to devastating releases. Some major incidents have occurred even years after a change has been made once a different operating condition or mode occurs, making thorough analysis of a change sometimes complex but necessary.
“Adaptum aut pereo” is not just a catchy phrase. It is a survival imperative. Organizations that treat MOC as a bureaucratic checkbox — skipping thorough evaluation or a proper PSSR — are choosing the path of the dinosaurs. Those that embrace MOC as a living, rigorous system — applied consistently to all types of change, including those that only reveal their risks during startup or other special situations — give themselves the best chance to keep hazardous materials safely in the pipes for decades to come.
The Benefits of “Keep It In the Pipes”
When these six pillars work together effectively, organizations achieve:
- Significantly fewer LOC events
- Reduced risk of fires, explosions, and toxic releases
- Lower operating costs from fewer unplanned shutdowns and repairs
- Stronger safety culture and operational discipline
- Improved long-term reliability and business continuity
Call to Action
Consider reviewing your own programs again through the “Keep It in the Pipes” lens. Where are the biggest gaps today? Pick one area and drive meaningful improvement this year as needed. Share your thoughts and experiences in the comments below.
References
Klein, J.A. and Vaughen, B.K., Process Safety: Key Concepts and Practical Approaches, CRC Press, 2017
Klein, J.A., “Effectively Use Metrics as Part of Process Safety Feedback and Learning Systems,” Process Safety Progress, September 2022
Klein, J.A. and Dean, S., “Implement a Program to Reduce Hazardous Loss of Containment Incidents,” Chemical Engineering Progress, June 2020
Klein, J.A., “The ChE as Sherlock Holmes: Investigating Process Incidents,” Chemical Engineering Progress, October 2016
Vaughen, B.K. and Klein, J.A., “What You Don’t Manage Will Leak: A Tribute to Trevor Kletz,” Process Safety and Environmental Protection, 2012
Vaughen, B.K. and Klein, J.A., “Improving Operational Discipline to Help Prevent Loss of Containment Incidents,” Process Safety Progress, 2011
Dharmavaram, S. and Klein, J.A., “Using Hazards Assessment to Prevent Loss of Containment,” Process Safety Progress, December 2010