By ThinkReliability Staff
Many of the industrial safety standards that we take for granted are the direct result of catastrophes of past decades. Today there are strict regulations on asbestos handling, exposure limits for carcinogens, acceptable noise levels, the required use of personal protective equipment, and a slew of other safety issues. The organization charged with enforcing those standards is the Occupational Health and Safety Administration – OSHA for short.
OSHA was founded in 1970, in an effort to promote and enforce workplace safety, and their stated mission is to “assure safe and healthful working conditions for working men and women”. However, there was considerable controversy during its early years as it spottily began enforcing, what was perceived as, cumbersome and expensive regulations. Notable events in the 1980s, such as the Bhopal and West Virginia Union Carbide industrial accidents, raised OSHA’s awareness that fundamental changes were needed to develop more effective safety management systems.
This awareness led to the rise of what is now known as Process Safety Management (PSM). This discipline covers how industries safely manage highly hazardous chemicals. OSHA’s PSM standard lays forth multiple requirements such as employee and contractor training, use of hot work permits, and emergency planning. Unfortunately PSM was still a work-in-progress during the fall of 1989.
On October 23, 1989, the Phillips 66 Petroleum Chemical Plant near Pasadena, Texas, then producing approximately 1.5 billion of high-density polyethylene (HDPE) plastic each year, suffered a massive series of explosions. 23 died and hundreds were injured in an explosion that measured at least 3.5 on the Richter scale and destroyed much of the plant. Many of the deficiencies identified at the Phillips 66 plant were in violation of OSHA’s PSM directives; directives which had been announced, but had not yet been formally enacted.
Looking at the Phillips 66 Explosion Cause Map, one can see how a series of procedural errors occurred that fateful day. Contract workers were busy performing a routine maintenance task of clearing out a blockage in a collection tank for the plastic pellets produced by the reactor. The collection tank was removed, and work commenced that morning. However, at some point just after lunch, the valve to the reactor system was opened, releasing an enormous gas cloud which ignited less than two minutes later.
The subsequent OSHA investigation highlighted numerous errors. First, the air hoses used to activate the valve pneumatically were left near the maintenance site. When the air hoses were connected backwards, this automatically opened the valve, releasing a huge volatile gas cloud into the atmosphere. It is unknown why the air hoses were reconnected at all. Second, a lockout device had been installed by Phillips personnel the previous evening, but was removed at some point prior to the accident. A lockout device physically prevents someone from opening a valve. Finally, in accordance with local plant policy but not Phillips policy, no blind flange insert was used as a backup. The insert would have stopped the flow of gas into the atmosphere if the valve had been opened. Had any of those three procedures been executed properly, there would not have been an explosion that day. According to the investigation, contract workers had not been adequately trained in the procedures they were charged with performing.
Additionally, there were significant design flaws in the reactor/collector system. The valve system used had no mechanical redundancies; the single Demco ball valve was the sole cut-off point between the highly-pressurized reactor system and the atmosphere. Additionally, there was a significant design flaw with the air hoses, as alluded to earlier. Not only were the air hoses connected at the wrong time, but there was no physical barrier to prevent them from being connected the wrong way. This is the same reason North American electrical plugs are mechanically keyed and can only be plugged in one way. It can be bad news if connected incorrectly! Connecting the air hoses backward meant the valve went full open, instead of closed. Both of these design flaws contributed to the gas release, and again, this incident would not have occurred if either flaw was absent.
In hindsight, one can see how multiple problems led to such devastating results. To easily understand the underlying reasons behind the Phillips 66 Explosion of 1989, a high-level Cause Map provides a quick overview of the event. Breaking a section of the Cause Map down further can provide significant insight into the multiple reasons the event occurred. The associated PDF for this case shows how different levels of a Cause Map can provide just the right amount of detail for understanding a complex problem such as this one.
The Phillips 66 explosion was a tragedy that could have been avoided. The industrial safety standards that OSHA is charged with enforcing aim to prevent future tragedies like this one. While a gradual safety-oriented transformation has come with some pain and a price tag, few will argue that such standards are unnecessary. Industrial workers deserve to work in an environment where risk to their health has been reduced to the most practical level.