AUTOMATION INCIDENTS IN PROCESS SAFETY

 "The factory of the future will have only two employees, a man and a dog. The man will be there to feed the dog. The dog will be there to keep the man from touching the equipment.» Warren G. Bennis, North American consultant,1996"

HCL LEAKS FROM FURNACE FOR 10 MINUTES In a chemical plant, 0.6 tons of hydrogen chloride (HCl) escaped during a 10-minute period from all furnaces and vents within the potassium sulphate workshop while cleaning the HCl circuits. An employee living adjacent to the site notified the guard house of the presence of a cloud originating from the plant. The emergency sprinkling system connected to the washer was turned on to stop these emissions. Poor calibration of one of the two devices used to measure gas pressure at the furnace outlet (not directly related to the ongoing works), causing the control valve on the gas evacuation circuit to close, was responsible for this incident: since gases were no longer being drawn, they escaped from the furnaces. The lack of an alarm on this control parameter slowed personnel response, and the absence of any means for comparing the 2 pressure measurements prevented the detection of sensor drift. To reduce the probability of repeat occurrence, an alarm was installed to detect deviations between the 2 pressure readings; also, a procedure laying out the most sensitive steps, in particular those requiring a supervisor's presence, was issued.

Source: Aria ACCIDENT ANALYSIS OF INDUSTRIAL AUTOMATION

AI in process safety

 https://www.iiot-world.com/smart-manufacturing/process-manufacturing/ai-in-process-safety-industrial-safety/

Combustible Dust: An Explosion Hazard

 

Any combustible material can burn rapidly when in a finely divided form. If such a dust is suspended in air in the right concentration, under certain conditions, it can become explosible. Even materials that do not burn in larger pieces (such as aluminum or iron), given the proper conditions, can be explosible in dust form.

The force from such an explosion can cause employee deaths, injuries, and destruction of entire buildings. For example, 3 workers were killed in a 2010 titanium dust explosion in West Virginia, and 14 workers were killed in a 2008 sugar dust explosion in Georgia. The U.S. Chemical Safety and Hazard Investigation Board (CSB) identified 281 combustible dust incidents between 1980 and 2005 that led to the deaths of 119 workers, injured 718, and extensively damaged numerous industrial facilities.

A wide variety of materials that can be explosible in dust form exist in many industries. Examples of these materials include: food (e.g., candy, sugar, spice, starch, flour, feed), grain, tobacco, plastics, wood, paper, pulp, rubber, pesticides, pharmaceuticals, dyes, coal, metals (e.g., aluminum, chromium, iron, magnesium, and zinc). These materials are used in a wide range of industries and processes, such as agriculture, chemical manufacturing, pharmaceutical production, furniture, textiles, fossil fuel power generation, recycling operations, and metal working and processing which includes additive manufacturing and 3D printing.

Source: https://www.osha.gov/combustible-dust 

LOOK ALIKES CAUSE AN INCIDENT

On May 20, 2025, at approximately 8:15 a.m., approximately 8,000 pounds of toxic chlorine were released, seriously injuring one employee at a facility in  Texas . The community was ordered to shelter in place, and estimated that the incident resulted in approximately $23 million in property damage.

On the day of the incident, it was planned to replace a rupture disc (RD-217N) in the chlorine liquefication unit. This safety device protected the E-209A heat exchanger 

 

The company gave two contract maintenance workers the work package and a permit to replace the RD-217N rupture disc. At approximately 8:10 a.m., one of the maintenance workers began disassembling the RD-217N rupture disc holder using a battery-powered impact wrench. In addition to the standard protective equipment, the maintenance worker wore an air-supplying respirator with a 30-minute air bottle. At 8:15 a.m., liquid chlorine at a pressure of 100 pounds per square inch began releasing from the partially disassembled RD-217N rupture disc holder. The maintenance workers evacuated from the area. Alarm horns in the unit were activated after chlorine gas detectors identified the release. Local officials issued a shelter-in-place order for the cities. At 9:03 a.m., emergency responders closed Valve 1 to stop the release.
During the response to the incident, one emergency responder’s 30-minute air supply depleted. He switched to a cartridge-style escape respirator to exit the area, but the respirator likely became saturated with chlorine, causing him to inhale the toxic vapor. Other emergency responders then transported him to a hospital, where he was admitted for treatment.
The company's investigation found that although the work planning documents showed that RD-217N was to be replaced, its operations team had mistakenly isolated, cleared, and tagged a different but nearly identical piping system—heat exchanger E-209B—to replace a different rupture disc, RD-217S. As a result, the operations team did not isolate, clear, or tag the E-209A heat exchanger and the piping associated with RD-217N. This equipment was operating when it issued the contract workers a permit to replace the RD-217N rupture disc. The unit operator who issued the permit and the maintenance workers did not perform a field walk-through of the job. In addition, the contract workers did not review or sign the equipment isolation plan or the tag that identified the rupture disc holder to be opened. Seeking to do so should have revealed that RD-217N was in operation and had not been prepared for replacement.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the chlorine release was the mistaken disassembly of a rupture disc holder in an operating chlorine system. A breakdown in the equipment opening and control of work programs contributed to the incident, including the absence of a pre-job site walkthrough that should have allowed plant operators and the maintenance crew to verify the rupture disc had been prepared for replacement.

Source:CSB.gov 

IMPROPER LOTO CAUSES AN INCIDENT

On February 1, 2025, around 1:36 p.m., an explosion and fire occurred at a refinery in California. It was estimated that the incident caused approximately $924 million in property damage.
On February 1, 2025, the refinery tasked contract workers with installing an isolation blind at Flange A  to prepare a catalytic feed hydrotreater unit (“unit”) for turnaround maintenance. A yellow tag was placed between Valve 2 and Valve 3 to indicate the location of the blind installation. After completing a field walkthrough to verify that the piping segment between Valve 1 and Valve 2 was empty, an operator issued a permit to the supervisor of the contractor work crew at 11:30 a.m.

When the work started, two contract workers were on a scaffold that provided access to the elevated equipment. In addition to their standard protective equipment, the two workers wore supplied-air respirators. Two standby workers from a different contract company were at ground level to monitor the breathing air equipment and observe the flange opening work. At approximately 1:25 p.m., the two contract workers began unbolting Flange B. At this time, neither the workers’ supervisor nor the operator who issued the permit for the contractors to install the blind was present.
As Flange B was being unbolted, the contract workers’ supervisor returned to the work area. From his vantage point, the supervisor could not see which flange the crew was working on. Shortly thereafter, the supervisor observed and heard a pressurized release and recognized that something was wrong. One of the standby workers activated an air horn to stop the work. The two contract workers disconnected from their supplied-air hoses, jumped from the scaffold, and evacuated the area. At about 1:30 p.m., the flammable material ignited and exploded with flames erupting from the area. Hot (above 600 degrees Fahrenheit) hydrocarbon material continued to be released from Flange B, fueling the fire. The extent of the fire escalated over three days and involved other equipment until emergency responders extinguished the fire on February 4, 2025. The company reported that approximately 50,000 gallons of flammable hydrocarbon material were released over three days.
The company’s investigation found that the contract workers, hired specifically for the extra tasks during the turnaround, had not received training on the refinery’s equipment opening policies and procedures. Consequently, these workers were not aware of the company's tagging system for identifying which flange should be opened. The company’s investigation also revealed that installing this blind should have been treated as a “first break” (as written on the permit) under the refinery’s policies, because this was the initial equipment opening for this system. First breaks required a qualified operator to be present during the work to ensure that maintenance workers open the proper equipment. However, because of a miscommunication between the workers, the operator was not present when the contract workers disassembled Flange B.
The company required maintenance crews to attach their personal locks or tags to all valves used for equipment isolation. The contractor crew did not apply locks or tags to Valve 1 or Valve 2. If the crew had done so, they could have had the opportunity to better understand the existing hazards by participating in the lockout/tagout process for these valves. The permit issued to the contractor supervisor stated that the equipment was out of service. The supervisor believed that all the equipment was empty and was unaware of the active (operating) process adjacent to Valve 2.
Because the work was on a scaffold, laser pointers were used to highlight Flange A during the field walk-throughs involving the operator, contract workers, and the contractor’s supervisor. Although post-incident interviews with the operator and the contractor’s supervisor revealed that two of the four walkdown participants understood that the blind should be installed in Flange A, it is evident that the contract workers believed that Flange B was the correct location.
Following the incident, the company revised its permitting procedure. For permits that require an operator to be present, operators must now issue one permit per isolation blind only after the workers are at the job site and prepared to start the task. This change was made to help ensure an operator is present to confirm that work is performed on the correct equipment.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was the opening of a flange that was connected to an active process containing pressurized flammable liquid hydrocarbon. When the flange was loosened, the flammable material was released and ignited (autoignition or static discharge), resulting in a large fire. The company could have prevented the incident by having a knowledgeable person present to ensure that workers unfamiliar with the equipment disassembled the correct flange and were aware of the existing hazards. Additionally, the company would benefit from improving its tagging practice to make it obvious which equipment workers should disassemble.

Source:CSB.gov