Publication & Downloads


Published February 2015

“…easy to read, has plenty of case studies to illustrate the issues being discussed and includes personal experiences. It is this personal element in the book that makes it so accessible. Rating: 4 Stars”-The Chemical Engineer

“Excellent! This book covers a range of topics, and each of them is in an easy to digest format. I would recommend this book to all engineers and operational staff working in hazardous industries. They will definitely learn something and that learning could be vital, although I hope they never know it!” – Amazon review (5 stars)

This book is about the engineering management of hazardous industries, such as oil and gas production, hydrocarbon refining, nuclear power and the manufacture of chemicals and pharmaceuticals. Its scope includes:

  • An overview of design standards and processes for high integrity systems.
  • An overview of safety management processes as applied to hazardous industries.
  • Best practices in design, operations, maintenance and regulation.

ISBN 9780128019962


(1) Any ‘common cause’ between the BP Texas City refinery accident of 2005 and the BP Deepwater Horizon/Macondo accident of 2011 was not immediately apparent. However, the CSB’s 2016 report showed that risk management improvements that were supposed to be implemented after the Texas City accident across all BP sites had not in fact been implemented for the Macondo project.

(2) The 1957 Kyshtym accident was a fascinating case study that I would have liked to include in the book, but I ran out of time. An article I subsequently wrote about this accident can be found here.

(3) Chapter 12 included a discussion of the 1998 Equilon Anacortes coking plant accident which killed six workers. I’ve updated my account of this accident in a presentation that can be found here.

(4) Chapter 11 contained extensive discussion about the 1980 Saudia 163 disaster which killed 301 people after the aircraft had landed successfully with an onboard fire. The Saudi accident report blamed the captain for neither halting the aircraft quickly nor ordering evacuation. This strange accident seemed difficult to understand. New information, from someone close to the original investigation, demonstrates that fire-induced partial hydraulic failure (which affected the wheel brakes) combined with errors by the flight engineer (which meant the fuselage remained pressurised so the doors could not be opened) were the causes of the accident. A detailed re-assessment of the Saudia 163 accident is presented here.

Used copies are sometimes available on Amazon.

Published 1987   

 Published 1989

'Engineering Safety Assessment' download pdf

Downloads about Nuclear Power

These are pdf’s of Powerpoint presentations that address basic (but important) aspects of nuclear powerv

Downloads: Safety Management and High-integrity C&I

A. Safety Management and Analysis

  1. Some key events in safety and its regulation since 1950 A timeline showing major accidents, major legislation changes, and key reports relating to major industrial hazards 
  2. Key elements of an HSE management system
  3. Sources of changes to safety cases Changes that may affect or undermine a plant’s safety justification/safety case
  4. Processes for safe maintenance A summary of the processes that have to be in place to carry out maintenance work safely
  5. Isolation for safe maintenence – key elements
  6. The Engineering Change process An overview of what the process should look like
  7. The flow of design and maintenance work in typical large plant
  8. Connecting the safety case to system maintenance How safety documentation should connect to routine maintenance activities
  9. Operate Overhaul Lifecycle
  10. Safety case management of high-hazard plant How the safety case, the safety management systems, and safety analysis should fit together
  11. New plant risk assessment process
  12. Qualitative techniques for safety analysis An overview of important analysis techniques for hazardous plant
  13. Quantitative techniques for safety analysis An overview of quantitative analysis tools and techniques for hazardous plant
  14. Unrevealed faults and frequency of testing – book extract
  15. QRA – a  nuclear industry viewpoint – a Journal paper
  16. Temporary modifications and overrides Temporary modificf ations can have serious safety implications
  17. ABB wallchart about SIL assessment methodology A great summary wallchart from ABB.
  18. Incident investigation – root cause analysis An overview flowchart for incident investigation. 
  19. Emergency planning – Basics What are the key requirements of an emergency plan?
  20. Titanic and SOLAS This is an excellent graphic produced by the International Maritime Organisation which illustrates safety improvements made since the Titanic disaster in 1912.
  21. Post-Piper Alpha timeline is a superb graphic produced by Oil & Gas UK which shows the record of key safety improvements, incidents and accidents between the Piper Alpha explosion in 1988 and 2013. 
  22. Managing Ageing Plant was a report published in 2010 by the UK Health and Safety Executive, for which I was a joint author. A report containing more detail, Plant Ageing Study Phase 1 Report, was also published. The co-authors were my then-colleagues in ESR Technology. The two reports were aimed at operators and managers of all ageing hazardous plants.
  23. A Management Overview of Safety Management Processes is a 20-page note summarising (and including) several of the single-page graphics presented above, which are intended to be generic for nuclear, oil and gas, petrochemical and other High-Hazard Industries. 
  24. How lethal are explosions and toxic escapes? is a 1977 article by VC Marshall which looks at actual mortality data (not modelling) to produce actuarial expectations for the lethality of industrial accidents. (This article doesn’t seem to be available online so this is a scan of my 30-year-old paper copy. Sorry about the quality.) 
  25. Nuclear and non-nuclear accidents is a 1987 article that tries to compare the severity of accidents in a variety of ways.
  26. Offshore 101 has been produced by Shell Alaska and is available at Here are three sections (out of nine): Oil and Gas offshore explorationOil and gas offshore production, and Transporting O&G

B. High Integrity C&I

1. Nuclear C&I architecture – an overview
This 11-page note describes the basis for the design of nuclear power station C&I systems.

2. Common-mode failure in high-integrity C&I systems  A review of the causes of, and defences against CMF

7. Elements of a high-integrity software project The components of setting up a high-integrity software project

8. Technology and vendor decisions for high-integrity protection logic Key issues for deciding which system to select

10. Principal nuclear C&I design standards An overview of relevant IEC and IAEA standards communication firewalls in nuclear power station systems

12. FPGA technology FPGAs are becoming more common in protection systems

15. Key attributes of different types of logic element for high-integrity applications. The decision to select microprocessors, FPGAs, or hard-wired logic elements is extremely important – what are the selection criteria?

16. Key elements for managing ageing C&I The information and processes required to manage old equipment

22. Nuclear Plant Information Security – A Management Overview is a six-page note that is intended as a ‘jargon-buster’ for people who are new to the issues of IT security at nuclear plants 

23. SRD R196 “Defences against common-mode failures in redundancy systems – A guide for management, designers and operators”, published in 1981, was an important report in the development of safety systems and should be compulsory reading for all systems engineers. It was published by the UK Atomic Energy Authority and it had an important influence on the C&I architecture for nuclear power stations such as Heysham 2, Torness, and Sizewell B in the UK. It was a precursor of international standards such as IEC 61508. Unfortunately, it was published in the pre-internet era and it does not appear on Google – so here it is. (Someone should set up an internet archive of old SRD reports!) 

24. Modern High-Integrity C&I for Nuclear Applications, a presentation given to the Nuclear Institute, March 2014 

25. A brief background on the history of CMF limits in civil Reactor Protection Systems, a short note on the somewhat arbitrary and haphazard way CMF limits for C&I failure rates have been applied in nuclear reactor design and licensing.