A CHANGE IN LEAK TESTING PROCEDURE CAUSES AN EXPLOSION

On December 10, 2023, at 3:38 p.m., two explosions and a fire occurred in a polymer reactor at a facility in Mt. Vernon, Indiana. Property damage was estimated at $3.5 million.
Three months prior to the incident, on September 18, the company had shut down its polybutylene terephthalate resin unit for scheduled maintenance. On the day of the incident, the maintenance work was nearing completion, and operators were preparing the unit’s reactor system for startup. At 3:38 p.m., a heat exchanger exploded, ejecting several equipment fragments, including one that landed approximately 505 feet away near the facility’s boundary along the Ohio River. A second explosion and flash fire soon followed, rupturing a reactor.
The company's investigation concluded that the initial explosion in the heat exchanger was caused by the rapid, energetic decomposition of unstable organic peroxide that had formed and accumulated inside the equipment. The second explosion and flash fire, which destroyed the reactor, was caused by heat from the first explosion igniting flammable tetrahydrofuran vapor inside the reactor.
The exchanger and reactor were interconnected, with no isolation between the two pressure vessels. The design of the reactor’s outlet piping retained liquid in the piping. Because the piping could not fully drain, it contained polybutylene terephthalate polymer, butanediol, and tetrahydrofuran when the unit was shut down on September 18, 2023.
On December 10, operators began pre-startup activities. At 3:16 a.m., hot oil was sent through the tracing used to heat the reactor’s outlet piping. As the piping heated, the residual hydrocarbon material also heated, evolving tetrahydrofuran vapor that flowed into the reactor and the heat exchanger. A 3-inch nozzle on the heat exchanger remained open to ambient air, allowing oxygen into the reactor system. The tetrahydrofuran vapor reacted with available oxygen to form an organic peroxide compound. The organic peroxide continued to form for another 12 hours, until it exploded in a rapid decomposition reaction at 3:38 p.m. The heat from the explosion ignited additional flammable tetrahydrofuran inside the reactor, triggering the second explosion and a flash fire.
The company's investigation found that the company’s historical practice of leaving residual hydrocarbon material in the reactor’s outlet piping during shutdown created hazards that were neither recognized nor controlled. The reaction of tetrahydrofuran with oxygen produced the explosive organic peroxide. Before the incident, personnel had assumed that the cooled, solidified material could remain in the reactor’s outlet piping because it was not hazardous, creating a false sense of safety.
The investigation also found that a change to the reactor’s leak-testing procedure contributed to the incident. Previously, the reactor was leak-tested online under vacuum. The company switched to using pressurized nitrogen and moved the test into the maintenance outage. A management of change review had been approved to allow a leak test of the reactor during pre-startup activities. However, the review did not assess how the leak test might adversely affect those activities.
When the hot oil heated the reactor’s outlet piping, the procedure required adding nitrogen to the reactor system. However, the nitrogen flow was omitted due to the modified leak test. The company’s investigation concluded that the risk of performing simultaneous tasks during startup had not been evaluated.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was heating the reactor’s outlet piping containing solidified polybutylene terephthalate polymer, butanediol, and tetrahydrofuran while a nozzle on an interconnected heat exchanger was open, allowing oxygen (air) to enter the equipment. These conditions generated tetrahydrofuran vapor, which reacted with oxygen to form an explosive organic peroxide, and also created a flammable atmosphere in the equipment, which then ignited and exploded after the organic peroxide energetically decomposed. The management of change review conducted for the reactor’s leak testing did not assess how the leak testing might affect the simultaneous pre-startup tasks, contributing to the incident. As a result, there was no nitrogen flow through the reactor system, allowing unstable peroxide to form and developing flammable conditions within the equipment.

Source: CSB.gov 

OPEN TOP TANKS CAN BE DANGEROUS!

On February 6, 2023, at 8:15 a.m., a release of a hot sodium hydroxide and water solution (“caustic slurry”) seriously injured two employees at an aluminum refinery in Louisiana

 On the morning of the incident, a team of operators was assigned to drain hot caustic slurry, at a temperature of approximately 195 degrees Fahrenheit (℉), from a tank with an open-top design. The operators closed the tank’s steam injection control valve before beginning the draining operation. During their initial attempt to drain the tank, the operators determined that the drain piping was blocked. They used compressed air to blow through the drain piping to clear the blockage. However, when they directed the air into the piping, caustic slurry erupted from the tank’s open top. The hot, corrosive liquid splashed onto two of the operators. After they washed off in a safety shower, the two operators were transported to a hospital, where they were admitted for treatment of their burn injuries. It was reported that approximately 80 gallons of caustic slurry had been released during the incident.
The company’s investigation revealed that bauxite ore had accumulated in the tank and blocked the drain piping. Additionally, although the steam control valve was closed, it was leaking, which resulted in the tank’s contents being heated beyond the target temperature of 180℉. The investigation also found that no isolation device was installed to prevent the air injected into the drain piping from entering the tank. Furthermore, it was noted that some operators were not wearing the required chemical suits while clearing the pipes. Among the injured operators, one wore the required chemical suit, goggles, and rubber gloves, while the other wore goggles and rubber gloves but not the chemical suit.

Probable Cause
Based on the comapny's investigation, the CSB determined that the probable cause of the incident was flowing compressed air into the bottom of an open-top caustic slurry tank. The air created a geyser-like eruption of hot (195℉) caustic slurry that sprayed onto two operators, resulting in serious burn injuries. The lack of an isolation device between the tank and the air injection location, as well as the lack of an effective procedure to clear the drain piping, contributed to the incident

Confined spaces can be buildings too....argon leak asphyxiates two

On January 30, 2023, at approximately 5:30 p.m., argon gas was released at the Propulsion Systems facility in Utah. Exposure to the argon gas fatally injured two employees, who asphyxiated.
The company treated carbon fiber blocks at the facility. As part of the treatment, a specialized vessel (autoclave) containing carbon fiber blocks was pressurized with argon gas. On the day of the incident, two employees were working to locate argon leaks and troubleshoot the vessel’s pressure control system. During this work, the autoclave did not contain carbon fiber blocks. Throughout the workday, the vessel was pressurized with argon gas several times, but the task was not completed by the end of the employees’ shift. The employees changed out of their work clothes and removed their personal oxygen monitors. However, before meeting with the oncoming shift workers, the two employees returned to the basement. The crew arriving for the next shift found their two coworkers unconscious in the basement’s stairway. Emergency responders transported the two employees to the hospital, where they were declared deceased.
The company’s investigation found that argon had leaked through the seals of the pressurized vessel while the basement’s ventilation system was off, which allowed the basement (about 4,500 cubic feet) to begin to fill with argon and create an oxygen-deficient atmosphere. The company’s investigation did not determine why the two employees returned to the basement at the end of their shift, however. After the incident, the company classified the basement as a confined space and installed an oxygen monitoring system. The company also implemented safeguards to prevent entry into the basement when the oxygen concentration is unsafe, the exhaust ventilation fan is off, or the vessel is pressurized.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was the release of argon gas from the autoclave into a confined area. The two workers were fatally injured when they entered this oxygen-deficient environment. The lack of effective engineering controls, such as forced air ventilation and continual oxygen monitoring, contributed to the severity of the incident.

 Source;CSB.gov 

INADEQUATE HAZARD IDENTIFICATION RESULTS IN AN INCIDENT

 On February 21, 2022, at 9:22 a.m., a large jet fire occurred at a refinery in Louisiana, after a vacuum ejector ruptured within a hydrocracker unit at the refinery. It was estimated that the fire caused approximately $54 million in property damage.

On the day of the incident, the refinery restarted the hydrocracker unit following a maintenance turnaround. The pre-startup work included flowing nitrogen through the equipment to remove air (oxygen) that entered when the equipment was opened for maintenance. The equipment for removing air included a vacuum ejector (Figure). A vacuum ejector is a stationary device that utilizes a high-velocity fluid, such as steam, to create a low-pressure area at a specified location. Even though the vacuum ejector was not operating, nitrogen still was flowed through it to remove air from the equipment.

 

 

After the operators completed the air removal step, the hydrogen and hydrocarbon flows were initiated, which increased the pressure inside the unit’s equipment. At 9:22 a.m., the vacuum ejector ruptured, releasing a flammable gas mixture mainly composed of methane and hydrogen that ignited, resulting in a large fire. Emergency responders closed Valve A (Figure 2) to stop the release of flammable gas and successfully extinguished the fire at 12:27 p.m., roughly three hours after it began. It was estimated that approximately 7,000 pounds of flammable gas were released.
The refinery's investigation determined that after the air removal step was completed, an operator closed Valve C, but Valve A remained open. During the startup, this valve alignment allowed process gas to enter and pressurize the vacuum ejector to approximately 1,465 pounds per square inch (psi). The pressure ruptured the vacuum ejector, which had a design pressure of 360 psi. Marathon concluded that the flammable gas was ignited by a spark created when the vacuum ejector ruptured or from static electricity.
The refinery's investigation identified that the startup procedure did not include the necessary actions to protect the vacuum ejector from high-pressure conditions after operators completed the air removal step. In addition, it was found that the process hazard analysis had not identified the potential for overpressurizing the vacuum ejector.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was not isolating the vacuum ejector from the high-pressure process gas before startup. As a result, the flammable process gas overpressurized and ruptured the vacuum ejector, resulting in a large fire. Marathon could have prevented the incident by eliminating the vacuum ejector from the process since it was no longer in use, thereby avoiding the rupture, the flammable gas release, and ultimately the fire. Alternatively, the company could have installed a blind or a blind flange at the high-pressure isolation valve (Valve A) after the air removal step and before startup, which would have protected the vacuum ejector and prevented the incident.

Source: CSB.gov 

On the day of the incident, a contract worker used steam to heat the contents of a railcar to facilitate its unloading into process equipment. After the railcar was unloaded, the worker needed to remove the steam and condensate hoses from the railcar . The contractor verified that the steam and condensate isolation valves were closed and that steam was no longer draining from the condensate drain valve. While removing the steam hose from under the railcar, the contractor was sprayed with steam and hot condensate. The contractor was transported and admitted to a hospital for treatment.

 

The company's investigation identified that the typical practice used at the facility to isolate and depressurize the steam hose was to close Valve A while having Valve B and Drain Valve 1 open to allow residual steam to flow out of the hose. However, Valve A was broken in the open position and could not be closed. Instead, the contract worker closed Valve B, left Drain Valve 1 closed, and opened Drain Valve 2 (visually obstructed in by the steam supply hose) to drain both the condensate hose and the steam hose. Because of how the heating coil was configured within the railcar, this configuration trapped condensate in the steam hose.
The company's investigation found that when workers first identified the broken valve (Valve A), they should have used stop work authority to prevent the unloading equipment from being used until the valve was repaired. The company’s investigation also concluded that its written operating procedure did not effectively describe the process of draining steam or hot condensate from the railcar. In addition, the procedure did not explain how to verify that there was no pressure on the steam or hot condensate hoses. No instruments (such as a pressure gauge) or other safeguards were available to warn workers that the steam hose contained a dangerous amount of condensate.
Probable Cause
Based on the company's investigation file, the CSB determined that the probable cause of the incident was disconnecting a hose from a railcar that contained steam and hot condensate. A broken isolation valve on the steam supply piping changed how the steam and condensate hoses were isolated and drained, contributing to the incident. The lack of instrumentation or other safeguards to warn employees that the loading hose held a dangerous amount of condensate contributed to the incident.

 Source:CSB.gov