DO YOU HAVE CHECKS ON YOUR PREFERRED VENDOR WHEN IT OUTSOURCES COMPONENTS?

On February 22, 2024, at 4:20 a.m., a valve leaked hot liquid hydrocarbon, which ignited, resulting in a fire in refinery in Louisiana . It was estimated  that the fire caused $1.2 million in property damage.

On the morning of the incident, unit operators saw a decrease in the crude unit’s vacuum tower bottoms (VTB) flow. Field operators then found a fire near the flow control valve. Emergency responders extinguished the fire within minutes. It was reported that approximately 12,000 pounds of VTB material were released.
The comapny's investigation found that a recently installed 4-inch stainless steel globe valve in the VTB flow control station bypass piping had leaked at its pressure-retaining cover (bonnet). The valve had a Teflon (PTFE) bonnet gasket and Teflon packing, which were limited to 450 degrees Fahrenheit (℉), and were incompatible with the 650℉ VTB material. The valve was ordered in August 2023 and installed during a unit outage on February 16, 2024, six days before the incident.
The valve was equipped with two tags that provided conflicting information. When the company ordered the valve from its preferred vendor, the order included the refinery’s valve number, which specified a valve that met the process requirements by using graphite for the bonnet gasket and packing material. Teflon was not an acceptable material for this application.

The company's preferred vendor did not have this valve in its inventory, so it procured the valve from a third-party supplier. The manufacturer’s tag attached to the valve correctly indicated that it was equipped with Teflon components and stated that the valve’s maximum operating temperature was 450°F. However, the third-party supplier wired an additional tag stamped with the refinery’s valve number to the valve, incorrectly identifying the valve as having graphite components. Refinery personnel accepted and installed the valve based on the order and receipt documentation, along with the valve’s size, flange rating, and the refinery valve number.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was the installation of a valve with Teflon components that could not withstand the process temperature. The company could have prevented the incident by confirming that the manufacturer’s tag indicated that the valve was assembled with the proper components and that the valve’s design temperature was compatible with the vacuum tower bottoms temperature. Contributing to the incident was the third-party supplier’s tag, which incorrectly identified the valve as having graphite components

Source:CSB.gov 

A CHANGE IN LEAK TESTING PROCEDURE CAUSES AN EXPLOSION

On December 10, 2023, at 3:38 p.m., two explosions and a fire occurred in a polymer reactor at a facility in Mt. Vernon, Indiana. Property damage was estimated at $3.5 million.
Three months prior to the incident, on September 18, the company had shut down its polybutylene terephthalate resin unit for scheduled maintenance. On the day of the incident, the maintenance work was nearing completion, and operators were preparing the unit’s reactor system for startup. At 3:38 p.m., a heat exchanger exploded, ejecting several equipment fragments, including one that landed approximately 505 feet away near the facility’s boundary along the Ohio River. A second explosion and flash fire soon followed, rupturing a reactor.
The company's investigation concluded that the initial explosion in the heat exchanger was caused by the rapid, energetic decomposition of unstable organic peroxide that had formed and accumulated inside the equipment. The second explosion and flash fire, which destroyed the reactor, was caused by heat from the first explosion igniting flammable tetrahydrofuran vapor inside the reactor.
The exchanger and reactor were interconnected, with no isolation between the two pressure vessels. The design of the reactor’s outlet piping retained liquid in the piping. Because the piping could not fully drain, it contained polybutylene terephthalate polymer, butanediol, and tetrahydrofuran when the unit was shut down on September 18, 2023.
On December 10, operators began pre-startup activities. At 3:16 a.m., hot oil was sent through the tracing used to heat the reactor’s outlet piping. As the piping heated, the residual hydrocarbon material also heated, evolving tetrahydrofuran vapor that flowed into the reactor and the heat exchanger. A 3-inch nozzle on the heat exchanger remained open to ambient air, allowing oxygen into the reactor system. The tetrahydrofuran vapor reacted with available oxygen to form an organic peroxide compound. The organic peroxide continued to form for another 12 hours, until it exploded in a rapid decomposition reaction at 3:38 p.m. The heat from the explosion ignited additional flammable tetrahydrofuran inside the reactor, triggering the second explosion and a flash fire.
The company's investigation found that the company’s historical practice of leaving residual hydrocarbon material in the reactor’s outlet piping during shutdown created hazards that were neither recognized nor controlled. The reaction of tetrahydrofuran with oxygen produced the explosive organic peroxide. Before the incident, personnel had assumed that the cooled, solidified material could remain in the reactor’s outlet piping because it was not hazardous, creating a false sense of safety.
The investigation also found that a change to the reactor’s leak-testing procedure contributed to the incident. Previously, the reactor was leak-tested online under vacuum. The company switched to using pressurized nitrogen and moved the test into the maintenance outage. A management of change review had been approved to allow a leak test of the reactor during pre-startup activities. However, the review did not assess how the leak test might adversely affect those activities.
When the hot oil heated the reactor’s outlet piping, the procedure required adding nitrogen to the reactor system. However, the nitrogen flow was omitted due to the modified leak test. The company’s investigation concluded that the risk of performing simultaneous tasks during startup had not been evaluated.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was heating the reactor’s outlet piping containing solidified polybutylene terephthalate polymer, butanediol, and tetrahydrofuran while a nozzle on an interconnected heat exchanger was open, allowing oxygen (air) to enter the equipment. These conditions generated tetrahydrofuran vapor, which reacted with oxygen to form an explosive organic peroxide, and also created a flammable atmosphere in the equipment, which then ignited and exploded after the organic peroxide energetically decomposed. The management of change review conducted for the reactor’s leak testing did not assess how the leak testing might affect the simultaneous pre-startup tasks, contributing to the incident. As a result, there was no nitrogen flow through the reactor system, allowing unstable peroxide to form and developing flammable conditions within the equipment.

Source: CSB.gov 

OPEN TOP TANKS CAN BE DANGEROUS!

On February 6, 2023, at 8:15 a.m., a release of a hot sodium hydroxide and water solution (“caustic slurry”) seriously injured two employees at an aluminum refinery in Louisiana

 On the morning of the incident, a team of operators was assigned to drain hot caustic slurry, at a temperature of approximately 195 degrees Fahrenheit (℉), from a tank with an open-top design. The operators closed the tank’s steam injection control valve before beginning the draining operation. During their initial attempt to drain the tank, the operators determined that the drain piping was blocked. They used compressed air to blow through the drain piping to clear the blockage. However, when they directed the air into the piping, caustic slurry erupted from the tank’s open top. The hot, corrosive liquid splashed onto two of the operators. After they washed off in a safety shower, the two operators were transported to a hospital, where they were admitted for treatment of their burn injuries. It was reported that approximately 80 gallons of caustic slurry had been released during the incident.
The company’s investigation revealed that bauxite ore had accumulated in the tank and blocked the drain piping. Additionally, although the steam control valve was closed, it was leaking, which resulted in the tank’s contents being heated beyond the target temperature of 180℉. The investigation also found that no isolation device was installed to prevent the air injected into the drain piping from entering the tank. Furthermore, it was noted that some operators were not wearing the required chemical suits while clearing the pipes. Among the injured operators, one wore the required chemical suit, goggles, and rubber gloves, while the other wore goggles and rubber gloves but not the chemical suit.

Probable Cause
Based on the comapny's investigation, the CSB determined that the probable cause of the incident was flowing compressed air into the bottom of an open-top caustic slurry tank. The air created a geyser-like eruption of hot (195℉) caustic slurry that sprayed onto two operators, resulting in serious burn injuries. The lack of an isolation device between the tank and the air injection location, as well as the lack of an effective procedure to clear the drain piping, contributed to the incident

Confined spaces can be buildings too....argon leak asphyxiates two

On January 30, 2023, at approximately 5:30 p.m., argon gas was released at the Propulsion Systems facility in Utah. Exposure to the argon gas fatally injured two employees, who asphyxiated.
The company treated carbon fiber blocks at the facility. As part of the treatment, a specialized vessel (autoclave) containing carbon fiber blocks was pressurized with argon gas. On the day of the incident, two employees were working to locate argon leaks and troubleshoot the vessel’s pressure control system. During this work, the autoclave did not contain carbon fiber blocks. Throughout the workday, the vessel was pressurized with argon gas several times, but the task was not completed by the end of the employees’ shift. The employees changed out of their work clothes and removed their personal oxygen monitors. However, before meeting with the oncoming shift workers, the two employees returned to the basement. The crew arriving for the next shift found their two coworkers unconscious in the basement’s stairway. Emergency responders transported the two employees to the hospital, where they were declared deceased.
The company’s investigation found that argon had leaked through the seals of the pressurized vessel while the basement’s ventilation system was off, which allowed the basement (about 4,500 cubic feet) to begin to fill with argon and create an oxygen-deficient atmosphere. The company’s investigation did not determine why the two employees returned to the basement at the end of their shift, however. After the incident, the company classified the basement as a confined space and installed an oxygen monitoring system. The company also implemented safeguards to prevent entry into the basement when the oxygen concentration is unsafe, the exhaust ventilation fan is off, or the vessel is pressurized.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was the release of argon gas from the autoclave into a confined area. The two workers were fatally injured when they entered this oxygen-deficient environment. The lack of effective engineering controls, such as forced air ventilation and continual oxygen monitoring, contributed to the severity of the incident.

 Source;CSB.gov 

INADEQUATE HAZARD IDENTIFICATION RESULTS IN AN INCIDENT

 On February 21, 2022, at 9:22 a.m., a large jet fire occurred at a refinery in Louisiana, after a vacuum ejector ruptured within a hydrocracker unit at the refinery. It was estimated that the fire caused approximately $54 million in property damage.

On the day of the incident, the refinery restarted the hydrocracker unit following a maintenance turnaround. The pre-startup work included flowing nitrogen through the equipment to remove air (oxygen) that entered when the equipment was opened for maintenance. The equipment for removing air included a vacuum ejector (Figure). A vacuum ejector is a stationary device that utilizes a high-velocity fluid, such as steam, to create a low-pressure area at a specified location. Even though the vacuum ejector was not operating, nitrogen still was flowed through it to remove air from the equipment.

 

 

After the operators completed the air removal step, the hydrogen and hydrocarbon flows were initiated, which increased the pressure inside the unit’s equipment. At 9:22 a.m., the vacuum ejector ruptured, releasing a flammable gas mixture mainly composed of methane and hydrogen that ignited, resulting in a large fire. Emergency responders closed Valve A (Figure 2) to stop the release of flammable gas and successfully extinguished the fire at 12:27 p.m., roughly three hours after it began. It was estimated that approximately 7,000 pounds of flammable gas were released.
The refinery's investigation determined that after the air removal step was completed, an operator closed Valve C, but Valve A remained open. During the startup, this valve alignment allowed process gas to enter and pressurize the vacuum ejector to approximately 1,465 pounds per square inch (psi). The pressure ruptured the vacuum ejector, which had a design pressure of 360 psi. Marathon concluded that the flammable gas was ignited by a spark created when the vacuum ejector ruptured or from static electricity.
The refinery's investigation identified that the startup procedure did not include the necessary actions to protect the vacuum ejector from high-pressure conditions after operators completed the air removal step. In addition, it was found that the process hazard analysis had not identified the potential for overpressurizing the vacuum ejector.
Probable Cause
Based on the company's investigation, the CSB determined that the probable cause of the incident was not isolating the vacuum ejector from the high-pressure process gas before startup. As a result, the flammable process gas overpressurized and ruptured the vacuum ejector, resulting in a large fire. Marathon could have prevented the incident by eliminating the vacuum ejector from the process since it was no longer in use, thereby avoiding the rupture, the flammable gas release, and ultimately the fire. Alternatively, the company could have installed a blind or a blind flange at the high-pressure isolation valve (Valve A) after the air removal step and before startup, which would have protected the vacuum ejector and prevented the incident.

Source: CSB.gov