An Elusive Utopia: Systems that Work

Similar documents
HIGH-IMPACT MAINTENANCE SAFETY

Process Safety Management Of Highly Hazardous Chemicals OSHA 29 CFR

IMPERIAL CHEMICAL INDUSTRIES LIMITED PETROCHEMICAL DIVISION. SAFETY NEWSLETTER No. 55

Management of Change (MOC) Could Have Prevented Death

Causes and Negligence71

Portable Oil Lube Air Compressors

A Health and Safety Tip Sheet for School Maintenance Staff. Did you know? Step 1. Identify job hazards. Step 2. Work towards solutions

Lab Cock. Contents. User s Manual (1) Be sure to read the following warranty clauses of our product 1. (2) General operating instructions 2

Arab Fertilizers Association Knowledge Sharing Template

Automatic Non-freeze Valve NF6

Compact Ball Valves ASAHI AV VALVES. Contents. User s Manual. (Page) (1) Be sure to read the following warranty clauses of our product 1

Shipyard welder ignites hydraulic fluid and is fatally burned

Maintenance and Troubleshooting of Pneumatic Conveying Systems for Sand in a Foundry

Impact on People. A minor injury with no permanent health damage

Welding, Cutting, and Brazing

Workshop Information IAEA Workshop

AIR COMPRESSOR OPERATING INSTRUCTION AND PARTS LIST

DC5A. Cyclone Separator Trap for Air. Copyright 2015 by TLV Co., Ltd. All rights reserved ISO 9001/ ISO MA-03 (DC5A) 19 June 2015

Needle valve. Contents. User s Manual. (1) Be sure to read the following warranty clauses of our product 1. (2) General operating instructions 2

Safety in Petroleum Industry

Draft. Not yet Approved

ACCU-PULSE Installation and Operation Instructions

HIGH-IMPACT. Leader s Guide

The following items represent the bulk of the exposure to falls on a construction site.

Pressure Relief Device Investigation Testing Lessons Learned

Permitted MSS Emissions Tracking, Recordkeeping, and Reporting. Presented by ACES April 24, 2008

MODEL 1329 Tank Gauge

Systems Theoretic Process Analysis (STPA)

The Relationship Between Automation Complexity and Operator Error

Specific gravity: Everything you ever wanted to know about volume, pressure and more

Wafer Check Valve. Contents. User s Manual. (1) Be sure to read the following description of our product warranty 1

I.CHEM.E. SYMPOSIUM SERIES NO. 110

The ABCs of Post-Earthquake Evacuation

CRYOGENIC EXPERTS, INC. World Wide Web Toll Free FOR CEXI Phone (805) Facsimile (805)

Personal Protective Equipment 29 CFR 1926

WHAT IS A RELEASE OF AMMONIA?

Lessons learned from LPG/LNG Accidents

Discharge Relief Valve Operation & Maint.

Piper Alpha Case Study: June Credited to ConocoPhillips Project Development

Drain Splash Back Burns Operator

Dealing with Electrical Hazards in the Workplace

Total s Golden rules

Communication Best Practice Lessons Learned

Nitrogen System Contamination

Raw Material Spill. Lessons Learned. Volume 05 Issue USW

Basic STPA Exercises. Dr. John Thomas

Incident Investigation AEGIS Insurance Services, Inc. All rights reserved.

MAINTENANCE MECHANIC RCF

No. 165 ALL CHANGE BUT DO SO WITH CARE

HEAT EXCHANGE AND TRANSFER, INC. 500 Superior Street Carnegie, PA (412) Fax: (412)

JUNE 2018 VOL.06 MONTHLY HEALTH & SAFETY NEWSLETTER

CONSIDERATIONS FOR THE USE OF SEA WATER IN FIREFIGHTING. Prepared and Presented by Lenny Naidoo (Chief Fire Officer), Engen Petroleum Company

3 GALLON, OILLESS PANCAKE COMPRESSOR INSTRUCTIONS. Item #31289

Incorrect Relief Valve Material Causes Release

IMPERIAL CHEMICAL INDUSTRIES LIMITED PETROCHEMICALS DIVISION. SAFETY NEWSLETTER No.96

AC1810 / AC1810-A TECHNICAL SPECIFICATIONS. Operating Pressure psi ( kgs/cm²) [AC1810] Displacement. Net Weight

Every things under control High-Integrity Pressure Protection System (HIPPS)

No. 137 PREPARATION FOR MAINTENANCE AND ENTRY

Safe management of industrial steam and hot water boilers A guide for owners, managers and supervisors of boilers, boiler houses and boiler plant

Construction OS&H Working at or below ground level

Annual Report on Liquefied Petroleum Gas (LPG) Related Accidents

Large Valve Causes Back Injury

LOOK. THINK. DO. Basic Workplace Safety and Health (WSH) Rules 6for Working at Heights. Secure safety harness when working at heights.

REL-510H WARNING NOTICE 12 TON SINGLE ACTING REMOTE HYDRAULIC CRIMPING HEAD

ANDERSON GREENWOOD SERIES 9000 POSRV INSTALLATION AND MAINTENANCE INSTRUCTIONS

Process Safety Management is the application of management principles and systems to the identification, understanding, and control of process

Operator Exposed to Chlorine Gas

PRAHER PLC-MP AQUASTAR MANAUL 2009

CONSTRUCTION SAFETY PROGRAM FOR. Golder Acoustics Inc.

SWIMMING POOL SAFETY GUIDE

AIR COMPRESSOR. Failure to follow all instructions as listed below may result in electrical shock, fire, and/or serious personal injury.

No. 117 IS THERE A SIMPLER SOLUTION?

SAFETY MANUAL FOR FLAMMABLE PRODUCT TRANSFER

ATTACHMENT B 72 HOUR FOLLOW-UP NOTIFICATION REPORT FORM CONTRA COSTA HEALTH SERVICES

Alkylphosphines. Storage and Handling Recommendations

You Just Experienced an Electrical Failure, What Should You Do Next? By Don Genutis Hampton Tedder Technical Services

R E D I C O N T R O L S

MAINTENANCE MECHANIC RCF

Release: 1. UEPOPL002A Licence to operate a reciprocating steam engine

C&O CANAL 100 RACE REPORT. sometimes you eat the bear, sometimes the bear eats you

SCENARIO 18 Leak on Intermodal Pressure Tank Container

The Apostle Paul- The Great Escape

Chemical Accident Prevention & Preparedness

File No WORLD TRADE CENTER TASK FORCE INTERVIEW FIREFIGHTER MICHAEL HAZEL. Interview Date: December 6, Transcribed by Nancy Francis

Striking an underground pipeline or underground electric line can lead to serious injury or death. If you hit either, call (800) , even if

Process Safety Value and Learnings Central Valley Chemical Safety Day March 20, 2014

Pixel Thermographics Ltd. Compressed Air Leak Detection Survey SAMPLE REPORT. Pixel Thermographics Ltd

Guidance HEALTH & SAFETY NEWS. Issue 1 Date: 23/09/13 Page: 1 of 5

LP-GAS BLEVES RESULT IN FIRE FIGHTER FATALITIES

Abstract. 1 Introduction

REL-46 WARNING NOTICE 15 TON SINGLE ACTING REMOTE HYDRAULIC CRIMPING HEAD. Compatible with RELIABLE R15 and P Style dies. REL-46 Manual

Instruction sheet for Hydraulic Cylinder

Control Performance: An Imperative for Safety

Foundations of Agriculture

Steam System Best Practices 14 Best Practices for Guide Lines for Boiler Plant Log Books

Confined Space Entry. My Experience so far.

[Sideways on left] Direct your letters to Washington it will be the safest as we will not be here long probably

Laboratory Safety Guideline Emergency Eyewash and Safety Showers

SAFETY TRAINING LEAFLET 06 CARBON DIOXIDE

SWIMMING POOL SAFETY GUIDE

Transcription:

An Elusive Utopia: Systems that Work Alice E. Fischer October, 2018 Elusive Utopia... 1/14

Systems Fail Two American DIsasters Poison Gas in Bhopal Elusive Utopia... 2/14

Systems Fail Systems Fail All kinds of systems fail: Bridges fall down Buildings collapse Dams break Nuclear reactors overheat Aircraft crash Spaceships explode... and computer systems malfunction. Elusive Utopia... 3/14

Systems Fail Why Systems Fail These disasters are diverse, but a small number of causes, in various combinations, account for all of them. Inadequate or incorrect statement of requirements. Defective design based on an inappropriate model Complexity and concurrency. Lack of redundancy. Defective parts and/or inappropriate parts. Safety equipment is turned off. Poor instructions; operator error. Change happens. Political, corporate, or financial pressure. Red tape and constraints on the bidding process. Elusive Utopia... 4/14

Two American DIsasters The Dome Collapse The collapse of the roof of the new auditorium. Long Island University, Post College, C.W. Post Dome Auditorium collapsed seven years after completion. Saturday, January 21, 1978 between 2:00 and 3:00 AM The center of the dome caved in under mounds of snow and ice. The $2 million auditorium, which had received several architectural awards, was completely destroyed. Nobody was hurt. Causes? The theory did not fit the application. Elusive Utopia... 5/14

Two American DIsasters It looked like a giant cracked eggshell Causes? The theory did not fit the application. This dome was a triodetic, reticulated structure, invented in the 1940 s and used in the United States since 1965. The load-bearing capacity was calculated according to a membrane-theory model for thin-shell domes. The membrane theory (load equally distributed on all parts) does not apply to a reticulated structure (load concentrated on the joints). The dome had been under-designed based on an inapplicable model that assumed a uniform load on all parts. A snow load of only one fourth required by the code, distributed over one third of the dome s surface, was bound to cause a collapse. The snow and wind load was concentrated on one side. Elusive Utopia... 6/14

Two American DIsasters The Aerial Walkway Collapse Atrium of Hyatt Regency Hotel, Kansas City, Missouri July 17, 1981, with 1600 people in the atrium, many dancing. Suspended walkways on the second and fourth floors were crowded with people, stomping to the music. They suddenly and simultaneously dropped onto the people at the bar, below. People screamed, glass flew, pipes were broken, water sprayed. 114 died, 200 were injured, many severely. The engineering firm was judged to be at fault. Causes? Change. Money. Elusive Utopia... 7/14

Two American DIsasters Plunge at the Hyatt The original design called for very long rods, from ceiling to second floor, to support the suspended walkways. The contractor suggested (and the engineer accepted) a change to two-part suspension to simplify construction. The new design had one rod from ceiling to 4th floor, another from 4th to 2nd floor. The lower rod was connected to the same beam as the upper rod, a few inches away. This kind of jointed rod has less load-bearing capacity than a single rod. Even the original design did not meet the city s building code, but it might have been adequate. The modified design certainly was not. There was no redundancy. When the first hanger failed, the rest followed immediately. Elusive Utopia... 8/14

Poison Gas in Bhopal Death in Bhopal Chemical plant in Bhopal vents tons of poison gas over city. Bhopal, India, factory of Union Carbide, India, Ltd. December 3, 1984. For two hours, a 100-ft tall factory smokestack spewed out a deadly cloud of methyl isocyanate. This gas attacks and destroys mucous membranes. The railway station manager lived long enough to warn other trains not to come into the city. Thousands of people fell dead in the streets, many more died slowly and painfully. Altogether, 18,000 to 20,000 deaths is a conservative estimate. Causes? Change, financial pressure, disabled safety systems, poor operator information. Elusive Utopia... 9/14

Poison Gas in Bhopal Death in Bhopal: Background A chemical plant had been built in heavily populated Bhopal. Originally, it produced pesticides by a relatively safe process. In 1978, the plant was converted to using a cheaper process that used methyl isocyanate (MIC). The MIC was stored in two large nitrogen-pressured tanks. Defective batches were stored in a third tank, prior to reprocessing or being destroyed. The local government objected to this change because of the potential danger. The state and national governments, however, supported the new plant and process. A corporate safety survey in 1982 warned of slipshod maintenance. Local managers assured headquarters that all problems had been corrected. Elusive Utopia... 10/14

Poison Gas in Bhopal Death in Bhopal: Safety Systems Originally, four safety systems were supposed to guard against disaster: A vent gas scrubber, which could destroy defective MIC gas. A cooling system for the storage tanks. A big torch to burn off escaping MIC vapor. A water spray for firefighting. The business lost money and started to practice deferred maintenance. The cooling system stopped working because workers siphoned off the refrigerant for use in other equipment. In October, 1984, the production reactor was turned off, and workers turned off the scrubber tower. This saved money, but the storage tanks still held 62 tons of MIC. Then they turned off the torch to replace a pipe. Elusive Utopia... 11/14

Poison Gas in Bhopal Death in Bhopal: Getting worse In November, the storage tanks started having trouble maintaining nitrogen pressure. Alkaline water from the scrubber began to leak into the storage tanks system and react with vapors to form a gunk that stuck to pipe walls. Workers repaired the nitrogen system on one tank, so they would be able to pump out the MIC. They left the second tank for later repair. On December 2, workers set out to clean part of the system. There was no maintenance supervisor, and the process used skipped an essential safety step. Drains clogged and the pool of wash water rose. Nothing came out of the bottom. Elusive Utopia... 12/14

Poison Gas in Bhopal Death in Bhopal: The Tragedy A worker noticed the problem but was told by a supervisor brought from another factory told him to keep going. The water rose 20 feet, to a pressure-relief system, then went down a pipe toward the other tank. A valve in that pipe was supposed to be closed. it wasn t. A hundred gallons of wash water flowed into the tank at about 10:00 p.m., starting a heat-producing reaction. By midnight, workers knew that MIC was leaking, somewhere. They could feel it. The operator noted the pressure was out of range and inspected the tank. He heard gas escaping and tried to bring the scrubber online. It didn t respond. No effective safety systems were left. The gas escaped. Elusive Utopia... 13/14

Poison Gas in Bhopal Bibliography James R. Chiles. Inviting Disaster, Lessons from the Edge of Technology Harper Business, 2002. N. Leveson and C. Turner An Investigation of the Therac-25 Accidents IEEE Computer volume 27 #7, July 1993. M. Levy and M. Salvadori Why Buildings Fall Down W.W.Norton & Company 1987. Elusive Utopia... 14/14

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback