It's not being very profound to say that we ought to learn from the experiences of others. When it comes to industrial safety, we should allow nothing to stand in our way of extracting all possible learnings from any mishaps that cause death and injury, or come close to doing so. Those learnings should then be disseminated as widely as possible, and picked up by all in industry who might gain from them. These processes - and three distinct processes are involved - should proceed as fast as possible.
You might say we should act as if our lives depend on it - because they just might.
The three processes are:
Of course, there is a vital fourth step:
However, the frequency and the repetitious character of major incidents in the process industries suggest that perhaps we are not as productive as we might be with regard to the first three steps. It may be that we are not being sufficiently active in these areas.
Almost all major incidents share causes and contributing factors with prior incidents. While identical incidents are rare, even rarer is the incident that has nothing in common with any previous one. Certainly, employers and employees do make use of lessons gained from others' mishaps, but they cannot do so if they never hear about them.
In 1998, a gas plant in Australia suffered a catastrophic failure. A large heat exchanger - a reboiler - exploded. Two employees were killed. The immediate cause was brittle fracture. The embrittlement resulted from the vessel being abnormally cold. The vessel fractured when it was subjected to thermal shock. This happened when the heating medium was re-introduced into the exchanger, after it had ceased flowing for about four hours.
The vessel had been kept at its normal operating pressure, so upon fracturing, it exploded.
The exchanger was a “hot service" unit that operated in the temperature range of 60°C to 230°C. It was never intended for this vessel and surrounding plant to encounter temperatures lower than ambient. This plant was not designed to safely sustain the low temperatures that developed, which may have been as low as minus 48°C.
The reasons behind the loss of heating medium are complicated and not relevant to this discussion.
What matters here is that the plant exhibited signs of abnormally low temperatures, but those working on the plant did not connect this with danger.
Ice had formed on the vessel's connections and pipework not covered with insulation. This was a clear indication that the internals were below zero°C. The operators and supervisors present recognised this cold as unusual. Other plant normally ran with ice on it, but not this plant. They had never seen this before.
Unaware of the extreme danger posed by the brittle vessel, the operators and supervisors dealt with other problems that the cold had caused, such as severe oil leaks from another exchanger due to distorted flanges. While they were very uncomfortable with the plant being cold, they did not associate it with danger. Whatever knowledge they had about cold embrittlement and thermal shock was incomplete and inaccurate.
Cold embrittlement is not a new phenomenon. It is known to the petrochemical industry. It was known to this company at the time of this incident. However, that knowledge did not extend to the critical operators and supervisors who had to deal with this cold plant. There is a good chance that if just one of these persons was aware that "cold means danger", appropriate action would have been taken to avoid the catastrophe. They were very experienced and quite capable of understanding the phenomenon.
Eight months earlier, a polyethylene reactor in Belgium suffered a fracture due to cold embrittlement. This failure was investigated and the first report was produced just 20 days after the event. The temperature at which the failure occurred was estimated to be a mere +6°C. There are no signs that this knowledge was widely broadcast to the petrochemical industry at large.
What if a report with the following headline had reached the workforce at the gas plant before their problem occurred?
Perhaps the operators and supervisors at the Australian plant might have learned that "cold means danger". Perhaps they would then have seen the extreme danger that faced them. Perhaps they would have taken appropriate actions to neutralise this danger and avoid the explosion.
Now let's shift to the carpeted offices of the company that owned and ran this gas plant. A court trial found the company guilty of failing to conduct any adequate hazard analysis of the plant. It was judged that if this had been done, the hazard of cold embrittlement would have been identified.
Six months before the catastrophe, a gas/oil separation plant in the USA suffered an explosion due to overpressurisation of a tank. Four employees were killed. The investigating authority found that the company had not conducted an effective hazard analysis, and that, had this been done, the hazard of overpressurisation would have been identified, and the explosion averted.
What if a report had reached the management or engineering department of the company running the Australian gas plant with the following headline?
Perhaps that would have caused the Australian company to revisit its own hazard analysis programs. Perhaps they would have seen that their gas plant had never been subjected to a proper hazard analysis. Perhaps they would have taken appropriate action and the catastrophe would have been averted.
The USA report was not published until two and a half years after the event. This was of no use to the people running the Australian plant. However, it would not have taken the American investigators long to determine that no formal hazard analysis had been done - these things leave significant paper trails. If only they had generated a preliminary report early in their investigation, for the sake of alerting all others to this failing.
Investigations into major incidents - whether or not they cause death and injury - should proceed as rapidly as possible.
When firm indications of causes or contributing factors surface (even if not proven), a report should be published for the purpose of alerting others in similar industries. This is the PUSH effort - once learnings are extracted from an incident, they must be pushed out into the world at large for all to use.
This push should be done as early as possible, and not impeded by any pending legal action. The alerting reports must be non-judgemental.
Once out in the global "pool" of knowledge the learnings have to be gathered by any companies and employees who could benefit from them. Companies must PULL the learnings into their organisation. This must be an active process. Companies and employees must be constantly searching for such learnings. When found, they must be passed on to all who might use them - from plant operators to senior executives.
The above case study identifies two examples by which effective knowledge transfer of safety learnings might have prevented tragedy. This suggests that we are not succeeding at knowledge transfer regarding technical failures. Distance is no hindrance. The Internet makes Australia, Belgium and the USA next-door neighbours.
Greater efforts must be made by companies, employees, regulators, investigators and unions to PUSH learnings out to the world, and PULL learnings into the corporate knowledge bank.
The trigger for writing this article was a recent inquiry in a chemical engineering forum on the Internet describing a problem of leaking gaskets on a reboiler at a refinery. It seems that temperature differentials were distorting flanges on the exchanger causing it to leak oil. The inquirer calmly wondered if anyone else had experienced similar difficulties. The Australian plant suffered just this problem and it killed two employees. It seems that effective knowledge transfer is just not happening.
John O'Meara - Melbourne,OZ
16 Dec 2001, Rev 1.2