From essays to dissertations, we have experts for all of your assignments!

dot
  • 1.provide your instructions
  • 2.choose an expert in your field
  • 3.track the order progress

Comparison_of_four_major_industrial_disasters_CHE300.pdf

Comparison of four major industrial disasters from the perspective of human error factor

Doru Costin Darabont*, Daniel Onut Badea , and Alina Trifu

National Research and Development Institute of Occupational Safety “Alexandru Darabont” –

INCDPM, B-dul Ghencea 35A, Bucharest, Romania

Abstract. This paper presents the preliminary findings of a project still in progress at INCDPM regarding” Knowledge transfer partnership and

research development in the assessment and prevention of occupational

risks which may conduct to disaster”. After studying the major industrial

disasters of our times, it become clear that even with technological

advancement, human error is still the major cause of accidents and

incidents. Analysis of human error and their role in accidents is an

important part of developing systematic methods for reliability in the

industry and risk prediction. To obtain data for predictive analysis is

necessary to analyse accidents and incidents to identify its causes in terms

of component failures and human errors. Therefore, a proper understanding

of human factors in the workplace is an important aspect in the prevention

of accidents, and human factors should be considered in any program to

prevent those that are caused by human error. The comparison between

four major industrial disasters (Chernobyl, Bhopal, Deepwater Horizon,

Alpha Piper) was made using Human Factors Analysis and Classification

System (HFACS), a modified version of "Swiss Cheese" model that

describes the levels at which active failures and latent failures/conditions

may occur within complex operations.

1 Introduction

During the industry history a series of devastating accidents with huge costs both

economical and in human lives have happened. Piper Alpha disaster (1988), Bhopal Gas

Plant disaster (1984), Chernobyl Nuclear Power Plant disaster (1986) and BP Deepwater

Horizon Oil Spill disaster (2010) are examples of such accidents. Although these accidents

happened in different places and time they all have in common, according to analyses and

official reports of accident investigations, the role played by human error in triggering the

disaster.

Analysis of human error and their role in accidents is an important part of developing

systematic methods for reliability in the industry and risk prediction. A predictive analysis

requires identifying the accident’s causes in terms of component failures and human errors.

Therefore, a proper understanding of human factors in the workplace is an important aspect

* Corresponding author: [email protected]

© The Authors, published by EDP Sciences. This is an open access article distributed under the terms of the Creative Commons Attribution License 4.0 (http://creativecommons.org/licenses/by/4.0/).

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

in the prevention of accidents. The comparison between four major industrial disasters

(Chernobyl, Bhopal, Deepwater Horizon, Alpha Piper) was made using Human Factors

Analysis and Classification System (HFACS), a modified version of "Swiss Cheese" model

that describes the levels at which active failures and latent failures/conditions may occur

within complex operations and based on official investigation reports.

1.1 Human error factor

The term “human factors” was defined by Gordon in 1998 [1] as the study of the

interactions between human and machine and also includes: management functions,

decision making, learning and communication, training, resource allocation and

organisational culture.

It has been widely acknowledged the role of human actions in major disasters, with

studies concluding that the two types of human error, “active errors” and “latent errors”, are

responsible for approximately 80 per cent of accidents [2]. The effects of active errors are almost immediate and are more likely to be caused by frontline operators (control room

crews, production operators etc.). The “latent errors” are caused by the less-visible

organisational issues (time pressure, understaffing, inadequate equipment and fatigue) that

accumulate over time.

1.2 Human Factors Analysis and Classification System (HFACS)

The methodology used in this paper is a broad human error framework called “The Human

Factors Analysis and Classification System” (HFACS) and it was created to understand the

underlying causal factors that lead to an accident without blaming the individuals involved.

The framework of the analysis uses four levels of deficiencies which lead to accident:

1) Unsafe acts, 2) Pre-conditions for unsafe acts, 3) Unsafe supervision and 4)

Organisational failures. Within each level of HFACS, causal categories were developed to

identify the active and latent failures that occur.

1. The Unsafe Acts level represents the unsafe acts of an operator leading to an

incident/accident and is divided into two categories – errors and violations. Errors are

unintentional behaviours, actions of the operator that fail to carry out the desired outcomes,

and violations (routine violations, exceptional violations) are a wilful disregard of the rules

and regulations.

2. The Preconditions for Unsafe Acts level and the first latent tier, is divided into three

categories: environmental factors, condition of operators and personnel factors.

Environmental factors (physical environment, technological environment) refer to the

physical and technological factors that affect practices, conditions and actions of individual

and which result in human error or an unsafe situation. Condition of operators (adverse

mental state, adverse physiological state, physical/mental limitations) refers to the adverse

mental state, adverse physiological state, and physical/mental limitations factors that affect

practices, conditions or actions of individuals and result in human error or an unsafe

situation. Personnel factors (crew resource management, personal readiness) refer to the

crew resource management and personal readiness factors that affect practices, conditions

or actions of individuals, and result in human error or an unsafe situation.

3. The Unsafe Supervision level deals with performances and decisions of supervisors

and managers that can affect the performance of operators in the frontline and is

categorized into four categories: inadequate supervision (includes those times when

supervision either fails to or provides inappropriate or improper guidance, oversight, and/or

training), plan inappropriate operation (involves those situations when supervisors fail to

evaluate the risk associated with a task, thereby placing employees at an unacceptable level

2

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

of risk; these include improper staffing, mission not in accordance with rules/regulations,

and inadequate opportunity for crew rest), fail to correct known problem (refers to those

instances where unacceptable conditions of equipment, training or behaviours are

identified, yet actions or conditions remain uncorrected, meaning supervisors fail to initiate

corrective actions or report such unsafe situations), supervisory violation (the wilful

disregard of the established rules and regulations by those in positions of leadership).

4. The Organisational Influences level, and the final latent tier, is divided into three

categories: resource management (includes top management decisions related to the

allocation of such resources as equipment, facilities, money, and personnel), organisational

climate (refers to those variables, such as the organizational structure, culture, and policies,

which affect worker performance), organizational process (refers to the decision-making

that governs the day-to-day operations of an organization, such as operations, procedures,

and oversight).

2 Major industrial disasters

2.1 Chernobyl

2.1.1 Short description of the accident

On April 26,1986, the Chernobyl Nuclear Power Plant in Ukraine exploded, creating what

was considered the worst nuclear disaster the world has ever seen. The Chernobyl plant

used four Soviet-designed RBMK-1000 nuclear reactors — a design that's now universally

recognized as inherently flawed. RBMK reactors were of a pressure tube design that used

an enriched U-235 uranium dioxide fuel to heat water, creating steam that drives the

reactors' turbines and generates electricity. The accident occurred during a test executed

before the unit shutdown for the planned maintenance. The test aimed to study the

possibility of utilization of the mechanical energy of a turbo-generator after cut-off of steam

supply, practically to check the possibility of powering the main reactor coolant pumps

from one of the turbo-generators for a few seconds while it was slowing down under its

inertia in the event of loss of offsite power, thereby providing additional time for

emergency takeover by the diesel generators. This test was performed neither under the

planned conditions nor in compliance with reactor operating procedures. In particular,

several safety systems were disabled [3]. According to the Soviet experts the prime cause of

the accident at the Chernobyl nuclear power plant was “…an extremely improbable

combination of violations of instructions and operating rules committed by the staff of the

unit”. This conclusion sets a full responsibility for the accident at the Chernobyl on its stuff.

2.1.2 Contributory factors of accident distributed according to HFACS’ levels

Organizational Influences

1. Training of personal was insufficient and totally inconsistent with absence of passive

safety features in the reactor design. Not knowing much about the behaviour of the reactor

core, they were unable to appreciate the implications of the decisions they were making,

and their situation was even more dangerous in that the test was being done at low power

and in violation of standing orders. 2. Safety procedures not in place. 3. The culture of

secrecy, imposed compartmentalization of knowledge: no single person was allowed to see

the big picture and to integrate all aspects of the safety of the operation. 4. Political issues.

The scientists and engineers worked under one guideline: to produce plutonium – as much

as possible and as quickly as possible.

3

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

Unsafe Supervision

1. The operating instructions, both the standing orders and the specific instructions for the

test, were incomplete and imprecise. 2. Bad communication not only between the operators,

but also with authorities and government.

Preconditions for Unsafe Acts

1. A flaw in the reactor design that makes the RBMK reactor core is unstable below 700

Megawatts-thermal, about a quarter of full power, meaning that at low power the reactor is

difficult to control and any tendency toward a runaway chain reaction is automatically and

rapidly amplified. 2. The insertion of the control rods is too slow, taking about 20 seconds

to full insertion while it takes less than 2 seconds in other reactors throughout the world.

This is much too slow to prevent runaway of the core while it is operating in the unstable

mode. 3. Lack of emergency control rods with fast insertion. The tips of control rods, when

inserted, first increase the reactivity. 4. No safeguards that controls the number of rods.

Unsafe Acts Operation

1. The number of reserve control rods in the reactor core was drop below permissible

levels, 2. The automatic controls for the reactor's power level were shut off, 3. Both the

main water-circulation pumps and the backup pumps were turned on at the same time,

forcing the coolant to flow too quickly, 4. Cutting off automatic blocking devices that

would have shut off the reactor when steam failed to reach the generator, 5. Switching off

systems that controlled water level and steam pressure, 6. Turning off “the most sacred

thing” – the emergency safety cooling system for the reactor.

2.2 Bhopal

2.2.1 Short description of the accident

Bhopal accident was the spillage of a very toxic substance – methyl isocyanate (MIC) – to

the atmosphere in large quantities from a pesticide plant. It led to the dead of more than

5000 people. The methyl isocyanate (MIC) was stored in three underground tanks made of

stainless steel that have to be kept refrigerated so that the temperature of content to be close

to 0°C. To prevent release of methyl isocyanate in the atmosphere, after the tank there was

a vent gas scrubber that would neutralize the MIC by spraying alkali. Also, then there was a

flare tower to burn the remaining gases going from the vent gas scrubber. The plant was

shut down for maintenance two months prior to the accident. Due to a series of errors, lack

of knowledge and delays in response of operators and supervisors 40 to 45 tonnes of MIC

escaped, part of which got decomposed into hydrogen cyanide.

At 2,30 in the morning MIC vapours started affecting people in the vicinity, and a large

number of people started running out of the houses. On the morning of 3 December, the

local hospital had about 12000 persons. Again on the night of 3/4 December, MIC from the

atmosphere recondensed and more people were affected. On the 4 December 1984 Hamidia

Hospital had to handle about 55000 people [4].

2.2.2 Contributory factors of accident distributed according to HFACS’ levels

Organizational Influences: 1. Carrying out plant modifications in hazardous facilities

without hazard and operability studies; 2. Storing 55 tonnes of MIC while usage daily was

5 tonnes; 3. Neglecting safety management at the unit; 4. No action on earlier accident

4

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

analysis reports; 5. Heavy reliance on inexperienced operators; 6. decision to reduce

operating and maintenance staff in control room/plant;

Unsafe Supervision: 1. using a non-trained superintendent for the plant; 2. failure to

recognize that the pressure rise was something abnormal; 3. failure to use the empty MIC

tank to release the pressure.

Preconditions for Unsafe Acts: 1. Refrigeration plant was not operational; 2. pressure

indicator and temperature indicator not working; 3. flare tower was disconnected; 4. vent

gas scrubber not in active mode; 5. plant modification; 6. use of iron pipelines for MIC; 7.

no indicator for monitoring position of valves in control room.

Unsafe Acts: 1. Repressurizing the tank when it failed to get pressurized once; 2. failure

of shift operator to communicate information on pressure increase to the next operator; 3. issuing orders for washing when methyl isocyanate tank failed to get pressurize; 4. not

following the safety precautions while washing MIC lines; 5. failure to recognize the

seriousness of the leak; 6. failure to inform Works Manager as soon as the leak started.

2.3 Deepwater Horizon

2.3.1 Short description of the accident

Deepwater Horizon was an ultra-deep water, dynamically positioned, semi-submersible

offshore drilling rig owned by Transocean and leased to British Petroleum. On 20 April 2010, while drilling at the Macondo Prospect, an uncontrollable blowout caused an

explosion on the rig that killed 11 crewmen and ignited a fireball visible from 64 km away.

The fire was inextinguishable and, two days later, on 22 April, the Horizon sank, leaving

the well gushing at the seabed and causing the largest oil spill in U.S. waters. Every one of

the Deepwater Horizon’s many defences failed—some were never engaged, some were

engaged too late, and some simply did not work as designed. The chain of events between

February and the disaster could have been interrupted at many points, but a lack of

preparation and experience and an unclear chain of command prevented key decisions at

every step [5].

2.3.2 Contributory factors of accident distributed according to HFACS’ levels

Organizational Influences: 1. Decision to proceed to temporary abandonment of the

exploratory well, 2. Changing key supervisory personnel on the Deepwater Horizon just

prior to critical temporary abandonment procedures, 3. Time pressure, 4. Communication

was poor among and between rig crew members who worked for multiple companies and

shore superiors and middle and top management, 5. Financial pressures to complete the

operation quickly, 6. Lack of sufficient training.

Unsafe Supervision: 1. Oversimplified instructions, 2. Last minute changes in procedures,

3. Last minute changes of personnel, 4. Insufficient experience

Preconditions for Unsafe Acts: 1. The Macondo prospect presented a number of technical

challenges from the start, such as deep water, high formation pressures and temperatures,

and the need to drill through multiple geologic zones. 2. Valve failure, allowing oil and gas

to travel up the pipe towards the surface. 3. Leak not spotted soon enough – whether a well

is under control or not, the crew at the surface should be able to detect a flow of oil and gas

towards the surface by looking for unexpected increases in pressure in the well. 4. No

battery for blowout preventer – the explosion destroyed the control lines the crew were

using to attempt to close safety valves in the blowout preventer.

Unsafe Acts or Operation: 1. Attempting to cement the multiple hydrocarbon and brine

zones encountered in the deepest part of the well in a single operational step, despite the

5

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

fact that these zones had markedly different fluid pressures. 2. Using the wrong cement

formula – The cement at the bottom of the borehole did not create a seal, and oil and gas

began to leak through it into the pipe leading to the surface. 3. Overwhelmed separator –

The crew had the option of diverting the mud and gas away from the rig, venting it safely

through pipes over the side. Instead, the flow was diverted to a device on board the rig

designed to separate small amounts of gas from a flow of mud. 4. Pressure test

misinterpreted – The crew carried out various pressure tests to determine whether the well

was sealed or not. The results of these tests were misinterpreted, so they thought the well

was under control. 5. Failure to observe and respond to critical indicators.

2.4 Piper Alpha

2.4.1 Short description of the accident

The Piper Alpha disaster happened on July 6, 1988. In the explosion and subsequent fire on

the oil platform, 167 workers died, while only 61 survived. The death toll was the highest

of any accident in the history of offshore operations. The Piper Alpha rig, started initially in

1976 with oil production, being converted to gas recovery in 1980. Unfortunately, this

repurposing was poorly made from the point of view of safety (for example, the gas

compression units were installed next to the central control room) and wherein lies one of

the causes of the disaster. The series of constructions, maintenance and upgrade works

diluted the safety features of the four modules of Piper Alpha which were initially separated

by firewalls with the most dangerous operations distant from the personnel areas. A lack of

communication between operators causes to operate a pump being under maintenance and

having a safety valve dismantled. As a result, an important gas leakage occurred. Although

six gas alarms were triggered the gas ignited before anyone could act. Further compromises

in the safety system were facilitated by further explosions resulting in the gas line melting,

which released 15-30 tonnes of gas every second into the fire. The fire was soon being fed

by oil from two separate rigs that shared a communal oil pipe. When the platform blew out

167 of 228 workers died. The platform was completely destroyed and it took almost three

weeks for the fire to be brought under control [6].

2.4.2 Contributory factors of accident distributed according to HFACS’ levels

Organizational Influences: 1. The decision of owners to keep the platform producing oil

and gas as it set about a series of construction, maintenance and upgrade works; 2. Lack of

training; safety procedures not in place; 3. Insufficient number of crew members.

Unsafe Supervision: 1. Communication breakdown for permit to work PTW; 2. Shift

change procedure not properly functioned.

Preconditions for Unsafe Acts: 1. Improper restructuring of platform – the gas compression

units were installed next to the central control room; 2. Improper installation of pressure

safety valves; 3. Undetected gas release

Unsafe Acts Operation: 1. Placing a vital document in the wrong place; 2.Restarting of a

pump in maintenance; 3.Command system failed in emergency.

3 Results and discussions

Table 1 presents a synthesis of the contributory factors of the above analysed accidents. The

results indicate that 50% of the contributing factors identified in each of the four accidents

reviewed are latent failure in level 2 and level 4. There are environmental factors,

6

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

conditions of the operator, personnel factors, resource/acquisition management,

organizational climate, and organizational process that shows that is possible for the

failures created at higher level to remain in the system for a considerable time without

being noticed, thereby creating conditions for accidents to occur during operations.

Table 1. Contributory factors of the analysed accidents

Level of HFACS Accidents

Piper Alpha Chernobyl Deepwater Bhopal

Level 4. Organizational

Influences 3 4 5 8

Level 3. Unsafe

Supervision 3 2 4 3

Level 2. Preconditions

for Unsafe Acts 3 4 4 7

Level 1. Unsafe Acts 3 6 5 6

4 Conclusions

After studying the major industrial disasters of our times, it become clear that even with

technological advancement, human error is still the major cause of accidents and incidents.

Analysis of human error and their role in accidents is an important part of developing

systematic methods for reliability in the industry and risk prediction. To obtain data for

predictive analysis is necessary to analyse accidents and incidents to identify its causes in

terms of component failures and human errors. Therefore, a proper understanding of human

factors in the workplace is an important aspect in the prevention of accidents, and human

factors should be considered in any program to prevent those that are caused by human

error.

Also, the comparison between four major industrial disasters made in this paper

indicates that 50% of the contributing factors identified in each of the four accidents

reviewed are latent failure in level 2 and level 4. There are environmental factors,

conditions of the operator, personnel factors, resource/acquisition management,

organizational climate, and organizational process that shows that is possible for the

failures created at higher level to remain in the system for a considerable time without

being noticed, thereby creating conditions for accidents to occur during operations and

supports the view that all human initiated disasters ultimately can be traced back to

deficiencies in the management of the systems at the corporate level. Yet in major accident

assessment and prevention, these deficiencies are often overlooked or very inadequately

addressed.

References

1. R. Gordon The contribution of human factors to accidents in the offshore oil industry, J Reliability Engineering and System Safety 61 (1998) 95-108

2. A. Aas, The human factors assessment and classification system (HFACS) for the oil & gas industry. Paper presented at the International Petroleum Technology Conference (2008).

3. INSAG-7 The Chernobyl Accident. A report by the International Nuclear Safety Advisory Group, International Atomic Energy Agency Vienna, 1992

4. Delhi Science Forum Report: Bhopal Gas Tragedy, J Social Scientist, 13, 32-53, (1985) 5. U.S. Chemical Safety and Hazard Investigation Board Investigation report vol 3, Drilling rig

explosion and fire at the Macondo well, Report no. 2010-10-i-os, (2016)

6. Departament of Energy, The public Inquiry into the Piper Alpha Disaster, vol 1, November 1990

7

MATEC Web of Conferences 305, 00017 (2020) https://doi.org/10.1051/matecconf/202030500017SESAM 2019

You can leave a response, or trackback from your own site.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes