INADEQUATE HAZARD IDENTIFICATION RESULTS IN AN INCIDENT

 On February 21, 2022, at 9:22 a.m., a large jet fire occurred at a refinery in Louisiana, after a vacuum ejector ruptured within a hydrocracker unit at the refinery. It was estimated that the fire caused approximately $54 million in property damage.

On the day of the incident, the refinery restarted the hydrocracker unit following a maintenance turnaround. The pre-startup work included flowing nitrogen through the equipment to remove air (oxygen) that entered when the equipment was opened for maintenance. The equipment for removing air included a vacuum ejector (Figure). A vacuum ejector is a stationary device that utilizes a high-velocity fluid, such as steam, to create a low-pressure area at a specified location. Even though the vacuum ejector was not operating, nitrogen still was flowed through it to remove air from the equipment.

 

 

After the operators completed the air removal step, the hydrogen and hydrocarbon flows were initiated, which increased the pressure inside the unit’s equipment. At 9:22 a.m., the vacuum ejector ruptured, releasing a flammable gas mixture mainly composed of methane and hydrogen that ignited, resulting in a large fire. Emergency responders closed Valve A (Figure 2) to stop the release of flammable gas and successfully extinguished the fire at 12:27 p.m., roughly three hours after it began. It was estimated that approximately 7,000 pounds of flammable gas were released.
The refinery's investigation determined that after the air removal step was completed, an operator closed Valve C, but Valve A remained open. During the startup, this valve alignment allowed process gas to enter and pressurize the vacuum ejector to approximately 1,465 pounds per square inch (psi). The pressure ruptured the vacuum ejector, which had a design pressure of 360 psi. Marathon concluded that the flammable gas was ignited by a spark created when the vacuum ejector ruptured or from static electricity.
The refinery's investigation identified that the startup procedure did not include the necessary actions to protect the vacuum ejector from high-pressure conditions after operators completed the air removal step. In addition, it was found that the process hazard analysis had not identified the potential for overpressurizing the vacuum ejector.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was not isolating the vacuum ejector from the high-pressure process gas before startup. As a result, the flammable process gas overpressurized and ruptured the vacuum ejector, resulting in a large fire. Marathon could have prevented the incident by eliminating the vacuum ejector from the process since it was no longer in use, thereby avoiding the rupture, the flammable gas release, and ultimately the fire. Alternatively, the company could have installed a blind or a blind flange at the high-pressure isolation valve (Valve A) after the air removal step and before startup, which would have protected the vacuum ejector and prevented the incident.

Source: CSB.gov 

On the day of the incident, a contract worker used steam to heat the contents of a railcar to facilitate its unloading into process equipment. After the railcar was unloaded, the worker needed to remove the steam and condensate hoses from the railcar . The contractor verified that the steam and condensate isolation valves were closed and that steam was no longer draining from the condensate drain valve. While removing the steam hose from under the railcar, the contractor was sprayed with steam and hot condensate. The contractor was transported and admitted to a hospital for treatment.

 

The company's investigation identified that the typical practice used at the facility to isolate and depressurize the steam hose was to close Valve A while having Valve B and Drain Valve 1 open to allow residual steam to flow out of the hose. However, Valve A was broken in the open position and could not be closed. Instead, the contract worker closed Valve B, left Drain Valve 1 closed, and opened Drain Valve 2 (visually obstructed in by the steam supply hose) to drain both the condensate hose and the steam hose. Because of how the heating coil was configured within the railcar, this configuration trapped condensate in the steam hose.
The company's investigation found that when workers first identified the broken valve (Valve A), they should have used stop work authority to prevent the unloading equipment from being used until the valve was repaired. The company’s investigation also concluded that its written operating procedure did not effectively describe the process of draining steam or hot condensate from the railcar. In addition, the procedure did not explain how to verify that there was no pressure on the steam or hot condensate hoses. No instruments (such as a pressure gauge) or other safeguards were available to warn workers that the steam hose contained a dangerous amount of condensate.
Probable Cause
Based on the company's investigation file, the CSB determined that the probable cause of the incident was disconnecting a hose from a railcar that contained steam and hot condensate. A broken isolation valve on the steam supply piping changed how the steam and condensate hoses were isolated and drained, contributing to the incident. The lack of instrumentation or other safeguards to warn employees that the loading hose held a dangerous amount of condensate contributed to the incident.

 Source:CSB.gov 

IMPROPER LOTO OF ISOLATION VALVE OF PUMP CAUSES AN INCIDENT

On December 20, 2021, at approximately 9:30 a.m., a release of molten polymer caught fire, seriously injuring an employee in a company in Virginia. In December 2021, the company planned to perform maintenance work on a rupture disc used to protect one of its molten polymer positive displacement pumps from potential high-pressure conditions. On December 18, an operator prepared the equipment for maintenance. The preparation involved turning the pump off, locking and tagging its electrical switch, and closing, tagging, and locking the pump’s inlet and outlet isolation valves. The keys for the three locks were put into a lock box.
On December 20, 2021, the day of the incident, a different company operator issued safe and hot work permits to two maintenance workers to perform the rupture disc maintenance. Each of the two maintenance workers applied their personal lock to the lock box. The work involved using a propane torch to heat the external surface of the equipment and melt the polymer inside so that the rupture disc could be removed. One of the maintenance employees removed the bolts from the rupture disc holder, while the second worker acted as a “standby” and observed the work. Both workers wore the standard personal protective equipment (PPE) used at the plant, plus a face shield and an aluminized jacket. When the maintenance worker used the propane torch before removing the last bolt, the rupture disc and the bolt were forcefully ejected, spraying the employee with hot (500 degrees Fahrenheit) molten polymer. The propane torch ignited the molten polymer, starting a fire.
The standby worker pulled the emergency alarm and used the plant radio system to call for help. Emergency responders extinguished the fire and transported the injured maintenance worker to a nearby hospital with a burn center. The worker was admitted for treatment of his injuries, which included third-degree burns. The most severe injuries were to the workers’ legs. The worker’s denim jeans did not offer the same level of protection as his aluminized jacket.The company reported that approximately 50 pounds of molten polymer were released. The polymer primarily consisted of nylon 6 and some caprolactam.
The company's investigation found that the pump’s outlet valve had been incorrectly locked in the open position when it should have been closed (Figure below). On the day of the incident, the employees saw that the inlet and outlet valves had been tagged and locked. However, they did not verify that the valves were closed.

 

 Simplified equipment drawing, highlighting the open outlet valve (left image)

In response to the incident, the company upgraded the PPE requirements to include aluminized clothing for line opening work on its molten polymer equipment.

Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was not effectively isolating and draining the piping before having workers disassemble the rupture disc. As a result, after most of the rupture disc’s flange bolts were removed, the pressurized piping caused molten polymer to spray out of the rupture disc’s holder. The molten polymer ignited, leading to a fire that seriously injured one employee. Not verifying that the equipment was effectively isolated contributed to the incident. If any employee or supervisor had verified that the locked valves were closed, the incident could have been prevented. Not wearing aluminized pants with the aluminized jacket contributed to the severity of the incident.

Source:CSB.gov 

IMPROPER CLEARING CAUSES A SERIOUS INJURY

 On March 22, 2021, at approximately 12:30 p.m., an explosion and fire occurred at a  Refinery in California. The explosion and fire seriously injured one contract worker.Leading up to the incident, the  refinery was shut down for turnaround maintenance. The planned maintenance work included removing a section of carbon steel piping in the Fluidized Catalytic Cracking (FCC) unit that typically contained gasoline. Two days before the incident, on March 20, 2021, 50 gallons of chemical cleaning water containing hydrocarbons were released when workers opened a flange to install a blind (metal plate) to isolate a section of 18-inch piping.
On March 22, 2021, the day of the incident, the 18-inch piping was isolated with the blind at one end and the other end transitioning to a section of 10-inch piping open to the atmosphere with drain piping between the blind and the open 10-inch end. To remove the piping, Phillips 66 tasked a crew of contract workers to cut the 18-inch piping at the location shown in Figure.

Before the cutting began, an operator performed flammable gas testing at the work area, showing no flammable gas was present. Operators also walked the job with the contractor’s supervisor. After this, the operators issued a work permit authorizing the contractors to use an electric angle grinder with a cutting wheel to cut the piping. The permit stated that the piping was isolated, vented, depressured, and chemically cleaned. Because the work area was elevated about 10 feet above ground, fire blankets were installed, creating an enclosure to contain sparks created during the pipe-cutting work.

As the lower portion (from the four to six o’clock position) of the piping was being cut, liquid flowed out, and the worker stopped cutting. The drain piping was unplugged using a wire, allowing the fluid to drain. The contractors contacted operations personnel to evaluate the piping. The operators rechecked the piping and confirmed that no flammable gas was present. One of the contract workers invoked his stop-work authority and refused to continue cutting on this piping because the liquid smelled like gasoline. One of the operators described the odor as pine and attributed it to the substance used during chemical cleaning. Ultimately, two operators and a contractor supervisor agreed that the liquid was primarily water. At approximately 12:30 p.m., two hours after the work was stopped, another contract worker was sent to finish cutting the pipe. When the worker started the angle grinder, an explosion and fire occurred. The contractor suffered serious burn injuries from the combustion event and was transported and admitted to a hospital for treatment.
The company's investigation determined that the piping contained flammable hydrocarbons because the plugged drain prevented the piping from being flushed and cleared as intended. The flammable gas testing performed at the work area did not identify the flammable vapor inside the piping. In addition, the company’s investigation concluded that when the contract worker used his stop-work authority and refused to cut the piping, his safety concerns should have been elevated to operations and maintenance supervisors for help ensuring the job was safe before resuming work – but they were not. The company estimated that less than half a gallon of gasoline was released.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was that the piping segment was not effectively flushed and drained before the contract workers were authorized to cut the piping. Not recognizing the presence of flammable gas contributed to the incident.

Source: CSB.gov

FAILURE OF A PIPE SUPPORT AND A CHECK VALVE CAUSES AN INCIDENT

On November 29, 2020, at approximately 6:42 p.m., a major fire occurred at a Chemical Company in USA, after sections of piping supplying water to a coal gasification unit failed, releasing flammable chemicals that ignited (autoignition).The company estimated the property damage to be $1.1 million.
At the time of the incident, the company was feeding oxygen and a slurry of coal and water to one of its coal gasifiers to generate product gases, primarily hydrogen and carbon monoxide. The gasifier operated at a pressure of approximately 1,000 pounds per square inch. Pressurized water was injected into the gasifier to cool the hot product gases

 

 Figure 1. Simplified diagram of the water supply system involved in the incident. (Credit: CSB)

At approximately 6:41 p.m., a pipe support failed near the water supply control valve at location #1, shown in Figure 1. This pipe support was welded to the water supply piping, and its failure opened a large hole in the piping, releasing most of the available water supply. Roughly one minute later, two of the four water supply pipes to the gasifier ruptured at location #2, shown in Figure 1, releasing hot, flammable product gases that autoignited, resulting in a fire around the gasifier. The company operators shut down the gasifier, which stopped the release of product gases, extinguishing the fire.
The company's investigation found that fatigue cracking at the pipe support weld caused the initial water supply piping failure. The piping support had severely corroded over time and was no longer supporting the pipe, as it had lost contact with the structure. The company’s last visual inspection of this piping system, which occurred in 2018, did not identify any problems with the pipe support.
With Water Supply 2 being released through the breached piping, Water Supply 1 should have been able to provide sufficient water flow to the gasifier. However, the check valve in the water supply piping had been stuck in the open position for an extended period prior to the incident and had not been inspected or otherwise tested. As a result, Water Supply 1 preferentially flowed through the open hole in the piping at location #1 (Figure 1).
Without a steady water supply to the gasifier, hot product gases exited into the water piping, creating localized high-pressure and high-temperature conditions that ruptured two of the four water supply piping connections to the gasifier. Hot, flammable product gases were released from these two ruptured pipe locations, resulting in the fire.
Before the incident, the company's process hazard analysis (PHA) had not accurately assessed the potential for loss of water flow to the gasifier. The company’s technical staff had mistakenly concluded that a loss of water flow would trigger a shutdown of the gasifier due to a low liquid level.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was the rupture of piping connected to the gasifier. The failure of the piping released hot, flammable material from the gasifier that ignited, resulting in the fire. The gasifier piping failure was caused by the loss of water flow through the piping, which occurred when a large hole developed in a different section of piping in the water system after a welded pipe support broke, and a check valve in the piping system did not close because it was stuck in the open position. The company's process safety management systems contributed to the incident. The company did not maintain the integrity of the piping support, which was severely corroded. Additionally, it was not testing the integrity of the check valve, which had been inoperable for an extended period before the incident. Furthermore, not accurately assessing the loss of water flow in its PHA contributed to a lack of effective safeguards to protect the gasifier’s piping.

Source:CSB.gov