MAKEUP OF AN ACCIDENT

We may all say accidents happen. However, their occurrence may not only take human lives, destroy millions of dollars in property and lost business, they may also cost us our jobs and reputations. The Bhopal, India, accident in 1984 released methyl isocyanate and caused over 2500 fatalities. A petroleum refinery blew up in Houston, Texas, in 1989, killing 23 workers and damaging property totaling U.S. $750 million, spewing debris from the explosion over an area of 9 km. Many thought that after the Three Mile Island nuclear accident in the United States in 1979 and the Chernobyl nuclear power plant disaster in Ukraine in 1986, we would finally get a handle on how to prevent accidents. Unfortunately, the Fukushima nuclear accident in 2011 proved otherwise (see Picture 2.1).

Accidents don’t just happen; they are a result of a long process, with many steps. Many times all of these steps have to be completed before an accident can occur. If you can prevent one or more of these accident steps from occurring, then you can either prevent the mishap or at least mitigate its effects. Part of system safety strategy is to intervene at various points along that accident time-line. The safety management system (SMS) is the management infrastructure that makes the system safety program sustainable and gives you the power to prevent accidents.

An accident is an unplanned process of events that leads to undesired injury, loss of life, and damage to the system or the environment. This means that death in war is no accident, but a jeep crashing on the way to battle is.

An incident or near miss is an almost accident. Three Mile Island was a radioac-tive near miss. No massive quantities of radioactivity were released to the environs, but they almost were. Figure 2.1 shows the events that lead to an accident.

PICTURE 2.1 (See color insert.) Fukushima nuclear accident. (Accessed from http://

commons.wikimedia.org/wiki/File:Fukushima_I_by_Digital_Globe_crop.jpg.)

Preliminary events can be anything that influences the initiating event. Examples of preliminary events could be long working hours for chemical plant operators or poor or incomplete pump maintenance. Preliminary events set the stage for a haz-ardous condition. If we can eliminate the preliminary events or hazhaz-ardous condition, then the accident cannot advance to the next step—initiating events. It is not unusual that there may be multiple preliminary events, and not just one.

The initiating event, sometimes called the trigger event, is the actual mechanism or condition that causes the accident to occur. It can be thought of as the spark that lights the fire. For example, a valve sticks open on a process feed line, an electrical short causes a spark at a fueling depot, a pressure regulator fails open in a cryogenic system, or a 220 V power feed is mated with a 110 V system.

Intermediate events can have two effects: They may propagate or ameliorate the accident. Functioning relief valves in a pressure system will ameliorate a system overpressurization. No pressure relief will propagate the hazardous condition and create an accident of system pressure rupture. Defensive driving on highways helps us protect ourselves from the other crazy driver or ameliorate the effects of his or her bad driving. Obviously, drunk driving does the opposite, propagating and intensify-ing an already dangerous situation.

Table 2.1 shows examples of how the elements of an accident fit together. Reading the table from left to right, you can see how an accident evolves. First, there is a haz-ardous condition—such as large quantities of flammable liquids. Then the initiating event occurs—for example, a valve sticks open. The effect of a valve-failed-open propagates a pressure rise in the system. Now, an in-line relief valve can mitigate the effects of the initial event. If not, an accident ensues—explosion. Chapter 11 discusses and details the events that lead to an accident. It also discusses James Reason’s famous Swiss cheese accident model.

Fuel pipeline

Spill (preliminary event)

Spark

(initiating event) Production line (intermediate event)

Explosion and fire (accident)

FIGURE 2.1 (See color insert.) Events that lead to an accident.

TABLE 2.1 Elements of an Accident Hazards Initiating Events Propagating Events Ameliorative Events Accident Consequences Significant inventories ofMachinery and equipment malfunctionsProcess parameter deviationsSafety system responses Flammable materialsPumps, valvesPressureRelief valvesFires Combustible materialsInstruments, sensorsTemperatureBackup utilitiesExplosions Unstable materialsFlow rateBackup componentsImpacts Toxic materialsConcentrationBackup systems Very hot/cold materialsPhase/state change Inert gases Highly reactiveContainment failuresContainment failuresMitigation system responsesDispersion of toxic materials ReagentsPipesPipesVentsHighly reactive materials ProductsVesselsVesselsDikes Intermediate productsStorage tanksStorage tanksFlares By-productsGasketsBaskets, bellows, etc.Sprinklers Input/output or ventingRelief valves Reaction rates especially sensitive toHuman errorsMaterial releasesControl responses, operator responses ImpuritiesOperationsCombustiblesPlanned

Process parametersMaintenanceExplosive materialsAd hoc TestingToxic materials Reactive materials Loss of utilitiesOperator errorsContingency operations ElectricityOmissionAlarms WaterCommissionEmergency procedures AirDiagnosisPersonnel safety equipment SteamDecision makingEvacuations Security External eventsExternal eventsExternal events FloodsDelayed warningEarly detection EarthquakesUnwarnedEarly warning High winds High-velocity impacts Vandalism Terrorism Method/information errorsMethod/information failureInformation flow As designedAmountRouting As communicatedUsefulnessMethods TimelinessTiming Source:Reproduced from Center for Chemical Process Safety, Guidelines for Hazard Evaluation Procedures, American Institute for Chemical Engineers, New York, 1985, pp. 1–3, Copyright 1985 by the American Institute for Chemical Engineers.