All business strive to make their processes as efficient as possible and maximize productivity. Minimizing excess inventory only seems sensible, as does placing process equipment in a logical manner to minimize transit time between machines. However, when productivity consistently takes precedence over safety, seemingly insignificant decisions can snowball when it matters most.
Using the Phillips 66 explosion of 1989 as an example, it is easy to see how numerous efficiency-related decisions snowballed into a catastrophe. Examining different branches of the Cause Map highlights areas where those shortcuts played a role. Some branches focus on how the plant was laid out, how operations were run and how the firefighting system was designed. Arguably, all of these areas were maximized for production efficiency, but ended up being contributing factors in a terrible explosion and hampered subsequent emergency efforts.
For instance, the Cause Map shows that the high number of fatalities was caused not just by the initial explosion. The OSHA investigation following the explosion highlighted contributing factors regarding the building layout. The plant was cited for having process equipment located too closely together, in violation of generally accepted engineering practices. While this no doubt maximized plant capacity, it made escape from the plant difficult and did not allow adequate time for emergency shutdown procedures to complete. Additionally high occupancy structures, such as the control room and administrative building were located unnecessarily close to the reactors and storage vessels. Luckily over 100 personnel were able to escape via alternate routes. But luck is certainly not a reliable emergency plan; the plant should have been designed with safety in mind too.
Nearby ignition sources also contributed to the speed of the initial explosion, estimated to be within 90 to 120 seconds of the valve opening. OSHA cited Phillips for not using due diligence in ensuring that potential sources of ignition were kept a safe distance from flammable materials or, alternatively, using testing procedures to ensure it was safe to bring such equipment into work zones. The original spark source will never be known, but the investigation identified multiple possibilities. These included a crane, forklift, catalyst activator, welding and cutting-torch equipment, vehicles and ordinary electrical gear. While undoubtedly such a large cloud of volatile gas would have eventually found a spark, a proactive approach might have provided precious seconds for workers to escape. All who died in the explosion were within 250 feet of the maintenance site.
Another factor contributing to the extensive plant damage was the inadequate water supply for fire fighting, as detailed in the Cause Map. When the plant was designed, the water system used in the HDPE process was the same one that was to be used in an emergency. There is no doubt a single water system was selected to keep costs down. Other shortcuts include placing regular-service fire system pump components above ground. Of course, the explosion sheared electrical cords and pipes controlling the system, rending it unusable. Not only was the design of the fire system flawed, it wasn’t even adequately maintained. In the backup diesel pump system, only one of three pumps was operational; one was out of fuel and the other simply didn’t work. Because of these major flaws, emergency crews had to use hoses to pump water from remote sources. The fire was not brought under control until 10 hours after the initial explosion. As the Cause Map indicates, there may not have been such extensive damage had the water supply system been adequate.
There is a fine line between running processes at the utmost efficiency and taking short-cuts that can lead to dangerous situations. Clearly, this was an instance where that line was crossed.