WRONG MATERIALS OF CONSTRUCTION OF FLANGE BOLTS CAUSES AN INCIDENT

A spill of nitric acid occurred from a nitric acid absorber tower when a flange failed. An operator noticed a small leak from the flange bolts and proceeded to climb the tower towards the top isolating valve. At this time the flange bolts failed and sprayed acid into the absorber tower bund. The operator climbed to the next level and shut down the operation of the plant. Once the acid level had dropped to below the level of the flange, gaseous oxides of nitrogen were released. The operator then used water spray to reduce the impact of gas and acid mist. Industrial neighbours were notified of the release and the acid in the bund was neutralised with lime and sand, and later used in another onsite manufacturing process.
Key learning points
The investigation revealed that the bolts in the flange were mild steel bolts, which were not appropriate for use in nitric acid applications. These bolts were found to be corroded, which eventually led to the leak. As a follow-up, the company reviewed all the bolts used in the process. Five other flanges were identified as having mild steel bolts rather than stainless steel bolts. It was found that these bolts had not been replaced since plant commissioning. All inappropriate bolts were immediately replaced with stainless steel bolts suitable for acid applications. To prevent a recurrence the company implemented quality control procedures and inspection test plans for new projects and maintenance work. Verify that components, such as flanges and gaskets comply with the material specifications.

 Source:IChemE 

 

CREEPING CHANGES CAUSES AN INCIDENT

The Fluidised Catalytic Cracker Unit (FCCU) was shut down on the 29 th May 2000 following the power distribution failure and was being restarted after an 11-day shutdown. On 10 th June 2000 during start-up a significant leak of hydrocarbons was discovered, creating a vapour cloud which ignited resulting in a serious fire. Workers escaped before the blast, nobody got injured in the incident.
Key learning points
The leak was as a result of failure of a tee-piece connection at the base of the debutaniser column which found a source of ignition nearby. The tee-piece connection which had originally been installed in the 1950’s was correctly specified but incorrectly fitted, and then hidden by lagging. There was no subsequent amendment to the plant layout drawings to identify that change.
Since the 1950’s, sections of the FCCU had been significantly modified. Prior to the modifications in 1986, changes had been made to the pipework at the base of the column and a valve had been removed. This resulted in there being inadequate support for the remaining pipework and the tee-piece connection. Between 1996 and 1998 the FCCU had been experiencing considerable difficulties and did not operate consistently. This resulted in an increase in the number of start-up/shutdown cycles for the plant and pipework. 

An incident occurred in 1999 during a prolonged start-up on the FCCU. It resulted in an ignition
of a torch oil vapour cloud. Contrary to plant operating instructions in the master operating manual, the torch oil had been admitted to the regenerator when the unit was at too low a temperature. As a result, ignition of the torch oil did not occur in the regenerator. Although ignition had not been verified, a considerable further quantity of torch oil was injected, and it is believed that hot spots in the slumped catalyst bed vapourised the torch oil. The provision of a temperature interlock had previously been considered and discounted, as it was decided that operating procedures alone provided enough control.
In the 11 weeks preceding the incident in 2000, 19 start-up attempts had been made and only 7 were
successful. Failure of the tee-piece connection pipework was probably caused by a combination of the incorrectly fitted tee-piece connection, the inadequately supported pipework and the cyclic
stresses/vibration caused by the increased number of start-up/shutdown activities on the plant. Eventually these led to fatigue failure of the pipework in the vicinity of the welded connection. The company reviewed the FCCU to find out why it did not operate properly but the findings were never implemented or communicated properly. The safety report failed to reflect the reality of the condition of the FCCU. The 1997/98 revision concluded that “hardware and software controls in place on the FCCU are adequate to prevent the occurrence of a major accident”. 

Incidents with vibration of the transfer line had occurred over the two years prior to the
explosion. These events were not reported or investigated. There were two incidents preceded the blast on 10 th June, a power distribution failure on 29th May 2000 and the medium pressure steam main rupture on 7th June 2000. Construction of a new facility had started in early 2000. The company hired a sub-contractor for the underground works and the sub-contractor sub-contracted the actual excavation work to an excavation contractor. The company also engaged a main electrical sub-contractor for the electrical and instrumentation work to be carried out. The electrical subcontractor further contracted the laying of the cable in the excavated trench to a cable-laying contractor. The schedule for the excavation and cable laying was very complicated and supervision of the excavation work was limited. On the 25th May a cable-laying operative from the cable-laying contractor observed a damaged tile and cable in preparation for laying a cable but he did not report the damaged cable in the belief that it was dead and it had already been reported. Before that, on 20th April an excavation contractor had been found using a clayspade to the trench at a depth greater than the instructions from the toolbox talks. The earth fault was caused by physical damage to the cable from a clayspade. This case is not a standalone event related to creeping changes. For example, the 2006 Royal Air Force Nimrod crash, Texas City refinery explosion, Buncefield, Shell Moerdijk, the Columbia space shuttle disaster, Bhopal or the Herald of Free Enterprise are cases similar in nature.

Source:IChemE 

 

ACID ATTACK ON CONCRETE CAUSES AN INCIDENT

On 4 February, 2005, a storage tank containing 16,300 tons of 96 % sulphuric acid ruptured. The content of the reservoir spilled out into the bund and then the dock. The remaining 2,000 tons of acid in the bund came into contact with salt water that created an exothermic reaction, which produced an acid cloud consisting of hydrogen chloride. The vapour cloud drifted along the coastline and mostly over the sea. No one was affected by the event.
Key learning points
The incident was caused by a leak in the cooling water supply pipe passing under the tank farm. The leak undermined the ground under the foundations of a tank which then ruptured because of the uneven weight distribution resulting in the sudden release of the acid. The bund was filled with salt water when the rupture occurred and that caused the formation of hydrochloric acid. The pipe was made of concrete and came into use in the early 1960s. The only damage noted to the pipe was a leak at the pumping station in 1999. The inspection of the failed pipe following the incident detected little or no internal corrosion, but heavy external corrosion to the concrete. In certain parts of the pipe the concrete has corroded so severely that the reinforcing steel had also been exposed. It suggests that the corrosion was as a result of an acid attack on the concrete. According to the standards, a strong acid attack on concrete occurs if the pH level in surrounding water is < 5.5 and a very strong attack if the pH level is < 4.5. The company drew the conclusion that the pH level measured as 4 in the shallow groundwater in 1989 entailed risks for strong acid attack on the concrete. However, there was no risk assessment conducted.

Source:IChemE