Driving Continuous Process Safety Improvement From Investigated Incidents
Description
Simply learning from process safety incidents has proven to be insufficient to drive performance improvements. To truly change, organizations must seek out & embed learnings in their programs & systems. This book picks up from previous CCPS books, Incidents That Define Process Safety and Investigating Process Safety Incidents.
This important book:
* Offers guidelines for improving process safety performance by embedding the lessons learned from publicly available investigations
* Recommends a continuous improvement learning model focused on organizational learning
* Provides examples for using the model's techniques to drive -continuous improvements
Contains an index of more than 400 investigated incidents and introduces the concept of Drilldown to help find lessons that might not have been mentioned before.
Written for safety professionals and process safety consultants, Driving Continuous Process Safety Improvement from Investigated Incidents is a hands-on guide for adopting a model for successfully driving the learnings from process safety incident investigations.
More details
Other editions
Additional editions
Person
The Center for Chemical Process Safety (CCPS), an industry technology alliance of the American Institute of Chemical Engineers, has been the world leader in developing and disseminating information on process safety management and technology since 1985. CCPS has published over 100 books in its process safety guidelines and process safety concepts series, and over 30 training modules through its Safety in Chemical Engineering Education (SAChE) series. CCPS is supported by the contributions and voluntary participation of more than 220 companies globally.
Content
Acronyms and Abbreviations xv
Acknowledgements xvii
Glossary xix
Foreword xxi
Executive Summary xxiii
Applicability of this Book xxvii
1 Introduction 1
1.1 The Focus of this Book 2
1.2 Why Should We Learn from Incidents? 4
1.2.1 The Theory of Root Cause Correction 6
1.2.2 Acting on Learning from High Potential Near-misses 7
1.2.3 Learning from Other Companies' (External) Incidents 8
1.2.4 Societal Expectations and the Business Case 8
1.3 References 10
2 Learning Opportunities 13
2.1 Think Broadly 13
2.1.1 Look Beyond the Specific Circumstances 13
2.1.2 Learn from Other Industries 15
2.1.3 Learn from Regulatory Standards and Beyond 17
2.2 Resources for Learning 18
2.2.1 Process Safety Boards 18
2.2.2 Databases 18
2.2.3 Publications 19
2.2.4 Events and Proceedings 21
2.2.5 Other Resources 22
2.3 References 22
3 Obstacles to Learning 27
3.1 The Impact of Individuals 28
3.2 The Impact of Company Culture 31
3.3 Obstacles Common to Individuals and Companies 34
3.4 Consequences of Not Learning from Incidents 35
3.5 References 36
4 Examples of Failure to Learn 39
4.1 Process Safety Culture 40
4.2 Facility Siting 42
4.3 Maintenance of Barriers/Barrier Integrity 44
4.4 Chemical Reactivity Hazards 48
4.5 Asphyxiation Hazards in Confined Spaces 49
4.6 Hot Work Hazards 50
4.7 References 51
5 Learning Models 55
5.1 Learning Model Requirements 55
5.2 Learning Models for Individuals 57
5.2.1 Multiple Intelligences and Learning Styles Model 57
5.2.2 Career Architect Model 58
5.2.3 Dynamic Learning 59
5.2.4 Ancient Sanskrit 59
5.2.5 Guiding Principles for Learning 60
5.3 Corporate Change Models 61
5.3.1 Lewin 61
5.3.2 McKinzie 7-S® 62
5.3.3 Kotter 63
5.3.4 ADKAR® 63
5.3.5 IOGP 64
5.4 The Recalling Experiences and Applied Learning (REAL) Model 65
5.5 References 67
6 Implementing the REAL Model 69
6.1 Focus 71
6.1.1 Identify High Potential Impact Learning Opportunities 71
6.1.2 76
6.2 Seek Learnings 79
6.3 Understand 80
6.4 Drilldown 80
6.5 Internalize 82
6.6 Prepare 83
6.7 Implement 85
6.8 Embed and Refresh 86
6.9 References 86
7 Keep Learnings Fresh 89
7.1 Musical Intelligence 91
7.2 Visual-Spatial Intelligence 93
7.3 Verbal-Linguistic Intelligence 95
7.4 Logical-Mathematical Intelligence 97
7.5 Kinesthetic Intelligence 98
7.6 Interpersonal Intelligence 99
7.7 Intrapersonal Intelligence 100
7.8 Naturalistic Intelligence 101
7.9 Summary 102
7.10 References 102
8 Landmark Incidents that Everyone Should Learn From 105
8.1 Flixborough, North Lincolnshire, UK, 1974 106
8.2 Bhopal, Madhya Pradesh, India, 1984 108
8.3 Piper Alpha, North Sea off Aberdeen, Scotland, 1988 110
8.4 Texas City, TX, USA, 2005 111
8.5 Buncefield, Hertfordshire, UK, 2005 113
8.6 West, TX, USA, 2013 113
8.7 NASA Space Shuttles Challenger, 1986, and Columbia, 2003 115
8.8 Fukushima Daiichi, Japan, 2011 117
8.9 Summary 118
8.10 References 118
9 REAL Model Scenario: Chemical Reactivity Hazards 121
9.1 Focus 121
9.2 Seek Learnings 122
9.3 Understand 124
9.4 Drilldown 125
9.5 Internalize 126
9.6 Prepare 127
9.7 Implement 128
9.8 Embed and Refresh 129
9.9 References 130
10 REAL Model Scenario: Leaking Hoses and Unexpected Impacts of Change 131
10.1 Focus 132
10.2 Seek Learnings 132
10.3 Understand 135
10.4 Drilldown 135
10.5 Internalize 137
10.6 Prepare 138
10.7 Implement 139
10.8 Embed and Refresh 140
10.9 References 141
11 REAL Model Scenario: Culture Regression 143
11.1 Focus 144
11.2 Seek Learnings 145
11.3 Understand 148
11.4 Drilldown 149
11.5 Internalize 149
11.6 Prepare 150
11.7 Implement 152
11.8 Embed and Refresh 153
11.9 References 154
12 REAL Model Scenario: Overfilling 155
12.1 Focus 156
12.2 Seek Learnings 157
12.3 Understand 159
12.4 Drilldown 160
12.5 Internalize 161
12.6 Prepare 164
12.7 Implement 166
12.8 Embed and Refresh 167
12.9 References 167
13 REAL Model Scenario: Internalizing a High-Profile Incident 169
13.1 Focus 169
13.2 Seek Learnings 170
13.3 Understand 173
13.4 Drilldown 174
13.5 Internalize 175
13.6 Prepare 175
13.7 Implement 176
13.8 Embed and Refresh 176
13.9 References 178
14 REAL Model Scenario: Population Encroachment 179
14.1 Focus 180
14.2 Seek Learnings 181
14.3 Understand 184
14.4 Drilldown 184
14.5 Internalize 185
14.6 Prepare 186
14.7 Implement 187
14.8 Embed and Refresh 188
14.9 References 189
15 Conclusion 191
15.1 References 194
Appendix: Index of Publicly Evaluated Incidents 195
A.1 Introduction 195
A.2 How to Use this Index 196
A.3 Index of Publicly Evaluated Incidents 197
A.4 Report References 211
A.5 References 236
Index 239
1
INTRODUCTION
"Learning is not compulsory... neither is survival."
-W. Edwards Deming, Engineer and Management Consultant
Nearly everything we do today, as we manage process safety to prevent losses of primary containment that result in fires, explosions, and toxic releases, we do because of conditions that led to past incidents. Our engineering forebears began building the modern practice of process safety at the beginning of the industrial revolution. Subsequent generations have steadily advanced process safety.
For example, when E.I. DuPont built a black powder works in Delaware, USA, in 1802, he took note of the explosions that had happened in other black powder works. To protect his workers, family, and property, his process buildings were constructed of thick stone, with blow-out walls aimed away from people and buildings (Klein 2009).
Similarly, Sir Humphrey Davy noted the large number of coal dust explosions in English mines in the early nineteenth century (Gibbs 2020). After talking to miners who survived such explosions, he designed an explosion-proof lamp based on principles still used today in flame arrestors and explosion-proof electrical boxes (Figure 1.1).
Figure 1.1 The Davy Lamp
In 1880, H.R. Worthington, A.L. Holley, and J.E. Sweet founded the American Society of Mechanical Engineers (ASME) to create uniform engineering standards that would ensure safety, reliability, and efficiency (ASME 2020).
Working on behalf of the chemical engineering profession, the American Institute of Chemical Engineers (AIChE) began to share findings and recommendations from process safety incidents via the Ammonia Plant Safety (Williams 2005) and Loss Prevention Symposia in the 1950s and 1960s (Freeman 2016). AIChE's Design Institute for Emergency Relief Systems (DIERS) began publishing guidelines for multiphase relief systems in the 1970s (AIChE 2020a).
Until the mid-1980s, institutional lessons learned came in the form of technology innovations, new or revised standards and codes, or back-up systems. This began to change with the formation of AIChE's Center for Chemical Process Safety (CCPS) in 1985. CCPS began the process of formally leveraging incident findings and successful practices into "Guidelines" and "Concepts" (Berger 2009). In 1988 CCPS codified the first Process Safety Management System (PSMS). The CCPS 12 Elements (CCPS 1989) provided the first organized common framework to comprehensively manage all the standards, technologies, and practices needed to control a company's process safety hazards. The original framework has evolved into today's 20 elements of Risk Based Process Safety (RBPS), which are organized in four pillars: Commit to Process Safety, Understand Hazards and Risk, Manage Risk, and Learn from Experience (CCPS 2007).
Regulations around the world also began to emerge in the 1980s, most notably the Sevesso Directive in the European Union, the Process Safety Management (PSM) regulation in the USA, and the Control of Major Accident Hazards (COMAH) in the UK. Most national and regional process safety regulations are based on one or a combination of these original regulations.
Unfortunately, incidents continue to happen despite 200 years of continuous development of technology, standards, publications, and management systems. They continue to happen despite the great number of recommendations from incident investigations conducted by every operating company in this industry. And nearly every incident that occurs in an industry, a company, or a plant has root causes that resemble the causes of previous incidents.
1.1 The Focus of this Book
CCPS (CCPS 2019a) and others have written guidelines addressing the general process of incident investigations. These books focus heavily on the process of investigation, the determination of root causes and causal factors, and the process of developing findings and recommendations. CCPS and others also have published books that describe past incidents to extract the lessons that could be learned from them (Gil 2008; CCPS 2019b; Kletz 2019; Hopkins 2008; Hopkins 2012). What's more, CCPS provides several publications addressing how to drive a culture of improvement in process safety (CCPS 2018; 2019c).
Just the same, incidents that look the same as previous incidents continue to occur-whether they happen at a site, or within a company, or replicate well publicized external incidents. Section 3.2 will discuss the numerous reasons companies fail to learn, including but not limited to:
- imbalance between production and safety
- corporate culture problems
- employment turnover
- financial or liability concerns
- lack of employee involvement
- lack of leadership ownership of process safety
- lack of sense of vulnerability
- knowledge remaining in silos
- normalization of deviance.
This book seeks to help companies overcome the reasons they fail to learn. It greatly expands on the process for:
- Seeking and obtaining key findings from external incidents.
- Translating findings into lessons learned. And especially
- Converting these lessons learned into institutional knowledge.
While the examples in this book focus on learning from incidents outside the company, the process described in this book can-and should-be applied to transform findings from internal incidents and near-misses into institutional knowledge.
Let's define some key terms for this book. Note that most of these terms can be found in the CCPS glossary, while a handful are specific to this book.
- Causal factor: A major unplanned, unintended contributor to an incident (a negative event or undesirable condition) that, if eliminated, would have either prevented the incident or reduced its severity or frequency.
- Root cause(s): A fundamental, underlying, system-related reason why an incident occurred that identifies a correctable failure(s) in management systems. There is typically more than one root cause for every process safety incident.
- Findings: The root causes and causal factors of the incident, as determined by the investigator.
- Near-miss: An event in which an accident (that is, property damage, environmental impact, or human loss) or an operational interruption could have plausibly resulted if circumstances had been slightly different.
- Lessons learned: The process of applying knowledge gained from past incidents in current practices.
- Institutional knowledge: The translation of the lessons learned by the experts into the company's standards and policies, its PSMS, its culture, and into the rigor and professionalism with which it manages process safety.
The difference between the latter two terms is critical in this book. Specifically, individuals do the primary learning, and then work with others in the organization to translate what they learned into improvements to 1) the corporate PSMS, 2) relevant standards and policies, and 3) designs and practices in company facilities. Only once these improvements are in place, are being followed, and are being managed on a reliable ongoing basis do lessons learned become institutional knowledge.
After making the case for continuous learning from incidents, we will evaluate ways that individuals and companies learn. We will then describe a recommended model for continuous corporate change driven from incidents, the Recalling Experiences and Applied Learning (REAL) Model. Next, we will provide a variety of scenarios that show companies in different industries applying this model to transform findings from incidents into institutional knowledge-and permanently retain that knowledge.
1.2 Why Should We Learn from Incidents?
In 1995 The Dow Chemical Company established a "Generational Goal" of reducing its process safety incidents by 90% between 1996 and 2005. Dow took many proactive steps including:
- implementing a rigorous process safety management system
- establishing centers of excellence
- defining key roles for leaders in driving process safety improvement
- learning from internal and external incidents.
Additional detail may be found in the reference (Champion 2017). Although Dow didn't quite meet its initial goal, the reduction in incidents was still quite significant. Inspired by the progress, Dow set a new goal: to reduce incidents by another 75% by 2015. However, by 2008 Dow realized that, for the past five years, their performance had effectively plateaued. Other members of the American Chemistry Council (ACC) had the same result, as shown by the dotted and dashed lines in Figure 1.2.
Figure 1.2 Incident Reduction Case Study (Champion 2017)
Dow analyzed the bottlenecks preventing further incident reduction and noted that many incidents had the same management system failures and causal factors: asset integrity and work practices related to corrosion under insulation (CUI). Dow sought out findings, recommendations, and best practices related to these factors from many internal and external sources. They translated what they learned into new standards, updated their PSMS, and drove...
