HISSM final cover

Published February 2015

"...easy to read, has plenty of case studies to illustrate the issues being discussed and includes personal experiences. It is this personal element in the book that makes it so accessible. Rating: 4 Stars"-The Chemical Engineer

"Excellent! This book covers a range of topics, and each of them are in an easy to digest format. I would recommend this book to all engineers and operational staff working in hazardous industries. They will definitely learn something and that learning could be vital, although I hope they never know it!" - Amazon review (5 stars)

This book is about the engineering management of hazardous industries, such as oil and gas production, hydrocarbon refining, nuclear power and the manufacture of chemicals and pharmaceuticals. Its scope includes:

  • An overview of design standards and processes for high integrity systems.
  • An overview of safety management processes as applied to hazardous industries.
  • Best practices in design, operations, maintenance and regulation.

ISBN 9780128019962

For more details go to


(1) Any 'common cause' between the BP Texas City refinery accident of 2005 and the BP Deepwater Horizon/Macondo accident of 2011 was not immediately apparent. However, the CSB's 2016 report showed that risk management improvements which were supposed to be implemented after the Texas City accident across all BP sites had not in fact been implemented for the Macondo project.

(2) The 1957 Kyshtym accident was a fascinating case study that I would have liked to include in the book, but I ran out of time. An article I subsequently wrote about this accident can be found here.

(3) Chapter 12 included discussion of the 1998 Equilon Anacortes coking plant accident which killed six workers. I've updated my account of this accident in a presentation that can be found here.

(4) Chapter 11 contained extensive discussion about the 1980 Saudia 163 disaster which killed 301 people after the aircraft had landed successfully with an onboard fire. The Saudi accident report blamed the captain for neither halting the aircraft quickly nor ordering evacuation. This strange accident seemed difficult to understand. New information, from someone close to the original investigation, demonstrates that fire-induced partial hydraulic failure (which affected the wheel brakes) combined with errors by the flight engineer (which meant the fuselage remained pressurised so the doors could not be opened) were the causes of the accident. A detailed re-assessment of the Saudia 163 accident is presented here.

Engineering SafeNuclear power

   Published 1987                            Published 1989

Used copies are sometimes available on Amazon.

'Engineering Safety Assessment' download pdf

 Ch 1: Introduction, Contents, Preface, Symbols used 

Ch 2: Basic probability theory for risk assessment

Ch 3 part 1: Systems reliability - time-independent systems

Ch 3 part 2: Systems reliability - time-dependent systems, etc

Ch 4: Pressure vessel integrity (fracture mechanics and NDT) 

Ch 5 part 1: Major accident hazards - accident classification

Ch 5 part 2: Fundamentals of explosion analysis

Ch 5 part 3: Dispersal of airborne material, and toxicity

Ch 5 part 4: Radiation and radioactivity

Ch 6: Probabilistic Risk Assessment (PRA)

Appendices and Index

A 1987 review of Engineering Safety Assessment is available here. "....the book is likely to provide a compact and valued guide even to experienced risk assessors..."

'Elements of Nuclear Power' 3rd Ed download pdf

Donald Bennet passed away 7th February 2013. His obituary can be found here.

Contents, Preface, Symbols and Introduction

Ch 1: Atomic and nuclear physics - a qualitative description

Ch 2: Neutrons and their interaction with matter (DJB)

Ch 3: The chain reaction and principles of nuclear reactors (DJB)

Ch 4: The theory of nuclear reactors - homogeneous thermal reactors (DJB)

Ch 5: The theory of nuclear reactors - further topics (DJB)

Ch 6: Heat transfer and fluid flow in nuclear reactors (DJB)

Ch 7: Thermodynamic aspects of nuclear power plant (DJB)

Ch 8: The operating characteristics of nuclear reactors

Ch 9: Radiation hazards and shielding (DJB)

Ch 10: Materials for nuclear reactors (DJB)

Ch 11: Safety and hazards in nuclear power

Ch 12: Nuclear fuel processing

Further reading, Appendices 1&2, and Index

Appendix 3: Computational methods in nuclear engineering

Downloads about Nuclear Power

These are pdf's of Powerpoint presentations that address basic (but important) aspects of nuclear power

1. Nuclear reactor stability and controllability

2. Nuclear radiation health effects

3. An overview of available nuclear power station designs 2012

Downloads: Safety Management and High-integrity C&I

A. Safety Management and Analysis

  1. Some key events in safety and its regulation since 1950 A timeline showing major accidents, major legislation changes, and key reports relating to major industrial hazards 
  2. Key elements of an HSE management system
  3. Sources of changes to safety cases Changes which may affect or undermine a plant's safety justification/safety case
  4. Processes for safe maintenance A summary of the processes that have to be in place to carry out maintenance work safely
  5. Isolation for safe maintenence - key elements
  6. The Engineering Change process An overview of what the process should look like
  7. The flow of design and maintenance work in typical large plant
  8. Connecting the safety case to system maintenance How safety documentation should connect to routine maintenance activities
  9. Operate Overhaul Lifecycle
  10. Safety case management of high-hazard plant How the safety case, the safety management systems, and safety analysis should fit together
  11. New plant risk assessment process
  12. Qualitative techniques for safety analysis An overview of important analysis techniques for hazardous plant
  13. Quantitative techniques for safety analysis An overview of quantitative analysis tools and techniques for hazardous plant
  14. Unrevealed faults and frequency of testing - book extract
  15. QRA - a  nuclear industry viewpoint - a Journal paper
  16. Temporary modifications and overrides Temporary modificf ations can have serious safety implications
  17. ABB wallchart about SIL assessment methodology A great summary wallchart from ABB.
  18. Incident investigation - root cause analysis An overview flowchart for incident investigation. 
  19. Emergency planning - Basics What are the key requirements of an emergency plan?
  20. Titanic and SOLAS This is an excellent graphic produced by the International Maritime Organisation which illustrates safety improvements made since the Titanic disaster in 1912.
  21. Post-Piper Alpha timeline is a superb graphic produced by Oil & Gas UK which shows the record of key safety improvements, incidents and accidents between the Piper Alpha explosion in 1988 and 2013. 
  22. Managing Ageing Plant was a report published in 2010 by the UK Health and Safety Executive, for which I was a joint author. A report containing more detail, Plant Ageing Study Phase 1 Report, was also published. The co-authors were my then-colleagues in ESR Technology. The two reports were aimed at operators and managers of all ageing hazardous plant. 
  23. A Management Overview of Safety Management Processes is a 20-page note summarising (and including) several of the single-page graphics presented above, which is intended to be generic for nuclear, oil and gas, petrochemical and other High-Hazard Industries. 
  24. How lethal are explosions and toxic escapes? is a 1977 article by VC Marshall which looks at actual mortality data (not modelling) to produce actuarial expectations for the lethality of industrial accidents. (This article doesn't seem to be available online so this is a scan of my 30-year-old paper copy. Sorry about the quality.) 
  25. Nuclear and non-nuclear accidents is a 1987 article that tries to compare the severity of accidents in a variety of ways.
  26. Offshore 101 has been produced by Shell Alaska and is available at Here are three sections (out of nine): Oil and Gas offshore exploration, Oil and gas offshore production, and Transporting O&G

B. High Integrity C&I

  1. Nuclear C&I architecture - an overview
  2. This 11-page note describes the basis for the design of nuclear power station C&I systems.
  3. Common-mode failure in high-integrity C&I systems  A review of the causes of, and defences against CMF
  4. Key threats and issues for high-integrity C&I (2012 Journal paper)
  5. The C&I lifecycle
  6. The software V model
  7. Software reliability - six reasons why it is a tricky issue 
  8. Elements of a high-integrity software project The components of setting up a high-integrity software project
  9. Technology and vendor decisions for high-integrity protection logic Key issues for deciding which system to select
  10. Communication firewalls in nuclear power station systems
  11. Principal nuclear C&I design standards An overview of relevant IEC and IAEA standards
  12. IEC 61508 - techniques and measures for high-integrity C&I
  13. FPGA technology FPGAs are becoming more common in protection systems
  14. FPGA design & validation
  15. Comparing FPGAs to microprocessors
  16. Key attributes of different types of logic element for high-integrity applications. The decision to select microprocessors, FPGAs, or hard-wired logic elements is extremely important - what are the selection criteria? 
  17. Key elements for managing ageing C&I The information and processes required to manage old equipment
  18. Suggested key performance indicators (KPIs) for ageing C&I
  19. Procurement aspects for EC&I Procurement departments have a key role in managing ageing equipment
  20. Layers of protection
  21. Nuclear C&I Backfit Projects - six things that can go wrong
  22. Nuclear I&C Backfit Projects - issues and key project risks
  23. Nuclear Plant Information Security - A Management Overview is a six-page note that is intended as a 'jargon-buster' for people who are new to the issues of IT security at nuclear plants 
  24. SRD R196 "Defences against common-mode failures in redundancy systems - A guide for management, designers and operators", published in 1981, was an important report in the development of safety systems and should be compulsory reading for all systems engineers. It was published by the UK Atomic Energy Authority and it had an important influence on the C&I architecture for nuclear power stations such as Heysham 2, Torness, and Sizewell B in the UK. It was a precursor of international standards such as IEC 61508. Unfortunately it was published in the pre-internet era and it does not appear on Google - so here it is. (Someone should set up an internet archive of old SRD reports!
  25. Modern High-Integrity C&I for Nuclear Applications, a presentation given to the Nuclear Institute, March 2014 
  26. A brief background on the history of CMF limits in civil Reactor Protection Systems, a short note on the somewhat arbitrary and haphazard way CMF limits for C&I failure rates have been applied in nuclear reactor design and licensing.