92

Human Error in Process Plant Design and Operations

The case shows the importance of the ability to see and understand a complex
signal (literally hundreds of red alarm lights) and to diagnose the problem. It shows
also the importance of the instant understanding of the code word (Its a dip) on
the part of the operators and what they should dothis level of response is almost
impossible to achieve without earlier experience of something similar.
The supervisors recognition of the situation was at a high level. Interviewed later,
he said that he had seen similar but less extensive situations earlier. Also, everyone knew that with a short reduction in power supply voltage, pumps would trip
and needed to be restarted and flows needed to be controlled to ensure mass balance. Heating balance was carried out more or less automatically. Control system
power was maintained by uninterruptible power supplies, so there was no real loss
of control.
The response shows that each operator understood, i.e. had a clear mental model,
of the mass balance and the importance of pump operation on this, as well as a clear
understanding of the word dip. The fact that other plants in the area did not keep
operating was in some cases the result of greater time sensitivity (less product buffering between production stages) but mostly because the cause of the incident was
not recognised fast enough.
The importance of this kind of expertise in emergency response is illustrated by
other much less fortunate incidents, described in the following section.

EMERGENCY RESPONSE
Plant operators have several tasks in an emergency. Modern plants have ESD systems which should prevent disturbances from turning into accidents. Examples of
emergencies where operator action is definitely required are the following:
Activation of fire-suppression system: Very few onshore fire-protection systems such as deluge or fixed fire water monitors are activated automatically.
Manual activation is used in order to reduce the number of spurious activations. Manual activation is also used in order to concentrate the use of fire
water to the location of the fire.
Operator action in the field is required to close off releases from large
inventories, where there is no ESD for inventory isolation, where ESD
closure of valves fails or where the inventory between two ESD valves is
large.
Manual operation is generally needed for plant unit depressurisation.
Most oil, gas and chemical plants do not need long periods of shutdown
operation in ESD state, as does a nuclear power plant, in order to ensure
continued reactor fuel replacement. There are often long periods, though,
where operators struggle to keep a plant operating. (See, for example, the
case of the Milford Haven Refinery explosion in Table 9.1.) In a large fire
though, operators will often struggle to reduce pressures, to transfer inventories and to adapt to losses of power. Such actions require understanding of
the plant itself, understanding of prefire plans and the ability to improvise
correctly in the cases where no preplanning has been made.