Axial misalignment causes a fatigue failure -Quantas A380 incident

The ATSB which is conducting investigations into the engine failure incident that occurred to the Airbus A 380 aircraft on November 2010, has mentioned the following in a safety alert:"A subsequent examination of the aircraft indicated that the No 2 engine had sustained an uncontained failure of the Intermediate Pressure (IP) turbine disc. Sections of the liberated disc had penetrated the left wing and the left wing-to-fuselage fairing, resulting in structural and systems damage to the aircraft. The No 2 engine was removed from the aircraft and disassembled in an authorised engine workshop for examination, under the supervision of the Australian Transport Safety Bureau. In addition, a large section of liberated IP turbine disc was also recovered from Batam Island for examination. Those examinations are ongoing. Recent examination of components removed from the failed engine at the Rolls-Royce plc facility in Derby, United Kingdom, has identified the presence of fatigue cracking within a stub pipe that feeds oil into the High Pressure (HP) / Intermediate Pressure (IP) bearing structure. While the analysis of the engine failure is ongoing, it has been identified that the leakage of oil into the HP/IP bearing structure buffer space (and a subsequent oil fire within that area) was central to the engine failure and IP turbine disc liberation event.

Further examination of the cracked area has identified the axial misalignment of an area of counter‑boring within the inner diameter of the stub pipe; the misalignment having produced a localised thinning of the pipe wall on one side.

Misaligned stub pipe counter-boring is understood to be related to the manufacturing process. This condition could lead to an elevated risk of fatigue crack initiation and growth, oil leakage and potential catastrophic engine failure from a resulting oil fire".

Read the full report in this link. Those of you who are responsible for asset integrity in chemical plants - please note that it only requires a small error to cause a big disaster.

The lessons from Bhopal – Relevant more so today

26 years ago, on the night on December 2nd/3rd, 1984, on a wintry night in Bhopal, thousands of men, women and children died an excruciating death when MIC leaked from the Union Carbide factory. The survivors and the next generation children born to those exposed to the gas still are suffering from the effects of the gas. Bhopal is an ongoing tragedy and should never be forgotten. The lessons from the Bhopal Disaster are very relevant even after 26 years:
1. Do not cut costs without looking at the effects on process safety
2. Maintain all your layers of defense.
3. Continually ensure that competency of personnel operating and maintaining plants are updated and current
4. Be prepared for the worst case scenario.
5. Understand the risks and measures to eliminate / reduce or control them
6. Learn from your past incidents. Those who do not learn are condemned to repeat the incidents.
7. Pay heed to your process safety management system audit reports
Read my older post comparing the Bhopal and the BP incident of 2005 in this link

Maintain your mitigation systems - they are your last lines of defense

A news report mentions that a hydrofluoric acid leak in a plant has been effectively contained by the plants mitigation systems, which worked as they were intended to do. Many of operating personnel (myself once included!) do not give enough importance to mitigation systems thinking that they will never be needed. Mitigation systems (dyke walls water sprays, interceptor dykes etc) are not required normally but are very useful in low frequency high potential incidents. In the said incident the article mentions that the company says that they haven't had a leak like this in "years and years".
Read the article in this link

Human issues in the Deepwater Horizon blowout

An Interim Report on causes of the Deepwater Horizon oil rig blowout and ways to prevent such events by the committee for the analysis of causes of the Deepwater Horizon explosion, fire, and oil spill by the National Academy of Engineering; National Research Council mentions the following:
"1.The incident at the Macondo well and Deepwater Horizon MODU was precipitated by the decision to proceed to temporary abandonment of the exploratory well despite indications from several repeated tests of well integrity [the test type known as a negative (pressure) test] that the cementing processes following the installation of a long-string production casing failed to provide an effective barrier to hydrocarbon flow (Sections II and III).
2. The impact of the decision to proceed to temporary abandonment was compounded by delays in recognizing that hydrocarbons were flowing into the well and riser and by a failure to take timely and aggressive well-control actions. Furthermore, failures and/or limitations of the BOP, when it was actuated, inhibited its effectiveness in controlling the well (Sections III and IV).
3. The failures and missed indications of hazard were not isolated events during the preparation of the Macondo well for temporary abandonment. Numerous decisions to proceed toward abandonment despite indications of hazard, such as the results of repeated negative-pressure tests, suggest an insufficient consideration of risk and a lack of operating discipline. The decisions also raise questions about the adequacy of operating knowledge on the part of key personnel. The net effect of these decisions was to reduce the available margins of safety that take into account complexities of the hydrocarbon reservoirs and well geology discovered through drilling and the subsequent changes in the execution of the well plan (Section VI).
4. Other decisions noted by the committee that may have contributed to the Macondo well accident are as follows:
• Changing key supervisory personnel on the Deepwater Horizon MODU just prior to critical temporary abandonment procedures (Section VI);
• Attempting to cement the multiple hydrocarbon and brine zones encountered in the deepest part of the well in a single operational step, despite the fact that these zones had markedly different fluid pressures (because of the different fluid pressures, there was only a small difference between the cement density needed to prevent inflow into the well from the high-pressure formations and the cement density at which an undesirable hydraulic fracture might be created in a low pressure zone) (Section II);
• Choosing to use a long-string production casing in a deep, high-pressure well with multiple hydrocarbon zones instead of using a cement liner over the uncased section of the well (Section II);
• Deciding that only six centralizers would be needed to maintain an adequate annulus for cementing between the casing and the formation rock, even though modeling results suggested that many more centralizers would have been needed (Section II);
• Limiting bottoms-up circulation of drilling mud prior to cementing, which increased the possibility of cement contamination by debris in the well (Section II);
• Not running a bond log after cementing to assess cement integrity in the well, despite the anomalous results of repeated negative-pressure tests (Section II);
• Not incorporating a float shoe at the bottom of the casing as an additional barrier to hydrocarbon flow (Section II); and
• Proceeding with removal of drilling mud from the well without installing the lockdown sleeve on the production casing wellhead seals to ensure the seals could not be shifted by pressure buildup under the seals (Section II).
5. Available evidence suggests there were insufficient checks and balances for decisions involving both the schedule to complete well abandonment procedures and considerations for well safety (Section VI).
6. The decisions mentioned above were not identified or corrected by the operating management processes and procedures of BP or those of their contractors or by the oversight processes employed by the Minerals Management Service (MMS) or other regulators (Sections VI and VII).
7. Currently, there are conflicting views among experts familiar with the incident regarding the type and volume of cement used to prepare the well for abandonment.There are also conflicting views on the adequacy of the time provided for the cement to cure. These factors could have had a material impact on the integrity of the well (Section II).
8. The BOP did not control—or recapture control of—the well once it was realized that hydrocarbons were flowing into the well. Also, both the emergency disconnect system designed to separate the lower marine riser from the rest of the BOP and automatic sequencers controlling the shear ram and disconnect failed to operate (Section IV).
9. Given the large quantity of gas released onto the MODU and the limited wind conditions, ignition was most likely. However, the committee will be looking into reports (such as testimony provided at the MBI hearings) that various alarms and safety systems on the Deepwater Horizon MODU failed to operate as intended, potentially affecting the time available for personnel to evacuate (Section V).
10. The various failures mentioned in this report indicate the lack of a suitable approach for anticipating and managing the inherent risks, uncertainties, and dangers associated with deepwater drilling operations and a failure to learn from previous near misses(Section VI).
11. Of particular concern is an apparent lack of a systems approach that would integrate the multiplicity of factors potentially affecting the safety of the well, monitor the overall margins of safety, and assess the various decisions from perspectives of well integrity and safety. The “safety case” strategy required for drilling operations in the North Sea and elsewhere is one example of such a systems approach (Section VII)
Read the full report in this link.

Static electricity and explosives

An article in the Times of India mentions the following about the recent blast in the cordite factory at Ooty:"factory staff suggest that mere "human vibrations" are enough to trigger a calamity in the highly explosive environment of the dough making unit....At the 13 by 13 feet at the incorporation unit where the blast occurred, earth plates and poles have been positioned for the workers to release their "vibrations" after they perform every small task."
Apparently the "human vibrations" they are talking about is nothing but static electricity. A static discharge spark can readily detonate primary explosives. From the article, all measures to avoid static electricity generation were reportedly taken. It will be good if the investigation team shares reasons on what caused the accident without breaching confidentiality as it is a defense unit.
Read the Times of India article in this link.

Safety Integrity Levels - Hip or Hype?

Yesterday I attended a seminar on "Safety Integrity - Life cycle approach", organised by ISA at IIT, Madras.The IEC 61508 and 61511 standards were discussed. Having interacted with many users, I think the problem with the safety integrity approach lies somewhere between hip and hype. When I mean hip, many users think that just be implementing a SIL 3 capable system, everything will be hunky dory. Not so! It requires a lot of operations and maintenance inputs throughout the life cycle of the system to ensure that it maintains its reliability. While instrument manufacturers often tend to go overboard to sell their ides to the client and engineering, procurement and construction companies also tend to recommend such systems to their clients, ultimately it is the the client who has to decide what level of risk is he prepared to take and whether existing instruments will be sufficient, without going in for a detailed SIL study. Unfortunately many clients do not have the technical support requires to make such decisions and rely on the designer. I go back to the analogy I had given in my earlier posts - We had operated a pneumatic controlled ammonia plant (no DCS, no smart transmitters, no fieldbus, no HART) quite successfully in the eighties for over a decade without an instrument failure that caused a spurious trip or fail dangerous undetected state. The answer to the question whether safety integrity is Hip or Hype lies in the understanding of risks by the client and is solely based on his decision. So the answer lies inbetween!!

Blast in cordite factory

Its ironical that my last blog was about a blast in a test tube. Today there is news about a massive explosion in the cordite factory in Ooty, that killed at least 5 people.A news report mentions that "An intermediary process of mixing dough (a nitrocellulose-nitroglycerine paste) was in progress when the explosion occurred. It brought down a part of the building".
Read the articles in these links":
Blast1
Blast2

A test tube explosion!

An accident at a school lab in the US indicates the dangers of chemicals. A news article mentions the following: "It was a simple science experiment designed to create a small combustion in a glass container and teach high schoolers about chemical reactions.A mixture of three chemicals -- potassium chlorate, manganese dioxide and glycerin -- and a dash of sugar heated over a Bunsen burner in a test tube were supposed to cause a pop and a puff of smoke, demonstrating an exothermic reaction to a class of Grade 11 students at F.J. Brennan Catholic high school.But something went wrong Tuesday morning. The test tube exploded, launching shards of glass across the science lab and injuring teacher Steve Pellarin and three students.No one was seriously hurt, but Pellarin sustained cuts to his face and hands. The students had minor lacerations, and no one sustained any chemical burns, said Windsor-Essex Catholic District School Board spokeswoman Jill Braido".
Read the article in this link.
Wikepedia mentions the following:
"Potassium chlorate is often used in high school and college laboratories to generate oxygen gas[citation needed]; it is a far cheaper source than a pressurized or cryogenic oxygen tank. Potassium chlorate will readily decompose if heated in contact with a catalyst, typically manganese (IV) dioxide (MnO2). Thus, it may be simply placed in a test tube and heated over a burner. If the test tube is equipped with a one-holed stopper and hose, warm oxygen can be drawn off. The reaction is as follows:
2KClO3(s) + heat → 3O2(g) + 2KCl(s)
The safe performance of this reaction requires very pure reagents and careful temperature control. Molten potassium chlorate is an extremely powerful oxidizer and will spontaneously react with many common materials. Explosions have resulted from liquid chlorates spattering into the latex or PVC tubes of oxygen generators, as well as from contact between chlorates and hydrocarbon sealing greases. Impurities in potassium chlorate itself can also cause problems. When working with a new batch of potassium chlorate, it is advisable to take a small sample (~ 1 gram) and heat it strongly on an open glass plate. Contamination may cause this small quantity to explode, indicating that the chlorate should be discarded".
For folks operating chemical reactors in the industry, know what you are dealing with!

Trapped inside a pipe for 80 hours

A Chinese worker in an offshore platform was reportedly trapped inside a pipe when he was inside it doing some work. The pipe apparently collapsed due to water pressure and the worker was trapped for 80 hours before he was rescued.Read the article in this link.

H2S the deadly killer

A news report mentions that 3 people were killed when H2S gas leaked out probably form a burst pipeline in an refinery in Israel. The accident occurred when maintenance work was going on. The report mentions that "An initial investigation points to a technical malfunction in a pipe to a unit that burns off the waste gas from the refining process".
Now every "technical" malfunction is caused by a "human" malfunction. I have observed many incident reports which do not want to discuss the human issue at all. Its like the saying "we are like that only"!!!
Read the report in this link.

Fire in chemical factory at Vadodara

A news report mentions that a major fire broke out at a chemical factory in Vadodara, killing one. The company manufactures industrial solvents which are highly flammable substance.The video accompanying the news item depicts the company entrance mentioning it is an ISO 9001,ISO 14001 and OHSAS 18001 certified company. Is there a lesosn to learn from this?? See the video in this link.
Read another article on the blast in this link

Ammonia leak at Navi Mumbai

Ammonia is used in many cold storages across the country.I have been reading regular reports of ammonia leaks from such facilities in the USA and it is really alarming. Now a newspaper report mentions about a ammonia leak incident in a cold storage facility in Navi Mumbai, India which caused 10 people to be hospitalized. In India, ammonia is manufactured in many large scale ammonia plants in the private as well as public sector. As part of their Corporate Social Responsibility initiatives, these organizations should train the small scale cold storage owners on the hazards of ammonia and its safe handling and maintenance procedures. Read the news article in this link.
Read another article on the accident in this link.