closed the valves to isolate the MIC tanks from the pipes and filters being washed but he did not , however , install a required slip blind ( safety disc ) to protect the valves in case they leaked . The worker who had been assigned the task of washing the pipes reportedly did not check to see whether the pipe was properly isolated . The maintenance department was responsible for inserting the safety discs , but the maintenance sheet did not contain instructions to this effect . It was reported that there was no supervisor during the shift – since that position had been eliminated in a cost-cutting effort — and hence the pipewashing operation was not under supervision . These conditions merely identified the part of the complex process involved in the causation of the accident .
It is relevant to link the work by James Reason [ 3 ] with this discussion on complexity of accident causation . Reason ’ s model addressed the issue of two kinds of errors : active errors and latent errors . Active errors were those “ where the effect is felt almost immediately ” and latent errors “ which tend to lie dormant in the system largely undetected until they combined with other factors to breach system defences ”. Reason highlighted that accidents were not solely due to individual operator error ( active errors ), but lay in the broader array of systemic organisational factors ( latent conditions ) in the upper levels of an organisation .
In Bhopal , it was clearly specified that the refrigeration unit must be operating whenever MIC was in the system with the aim that MIC was to be maintained at a temperature no higher than 5 ◦ C to avoid uncontrolled reactions . A high temperature alarm was to sound if the MIC reached 11 ◦ C . The refrigeration unit was turned off , however , to save money and the MIC was usually stored at nearly 20 ◦ C . Consequently , the threshold of the alarm was adjusted , accordingly , from 11 ◦ to 20 ◦ C and logging of tank temperatures was halted , thus eliminating the possibility of an early warning of rising temperatures . Other protection devices at the plant had inadequate design thresholds . The vent scrubber , had it worked , was designed to neutralise only small quantities of gas at fairly low pressures and temperatures . The pressure of the escaping gas during the accident exceeded the scrubber ’ s design by nearly two and a half times , and the temperature of the escaping gas was at least 80 ◦ C , more than the scrubber could handle . Similarly the flare tower ( which was supposed to burn off released vapour ) was totally inadequate to deal with the estimated 40 tons of MIC that escaped during the accident . In addition , the MIC was vented from the vent stack at about 33 m above the ground ; well above the height of the water curtain intended to knock down the gas . The water curtain reached only 12 to 15 m above the ground . The water jets could reach as high as about 35 m , but only if operated individually . The above shows that in a complex system , accidents often result from failed interaction among components [ 1 , 2 ].
Reason ’ s models provided a change in thinking about accidents and recognition of the complexity of the causation of accidents . The model indicates that major accidents were a result of a failure to recognise the hazards in the system and the need to establish a variety of defences to prevent their adverse effects . And that is why process safety is so important .
How does Process Safety Work
The major thrust of process safety is to prevent and mitigate accidental or unintentional loss of containment of hazardous materials . And it works through a proven concept that has been found useful in preventing and minimising process safety incidents . The concept involves the use of layers of protections or barriers [ 4 ]. These include systems for prevention , mitigation , and recovery . Examples of prevention barriers include basic process control systems , alarms and maintenance . Examples of mitigation barriers include dikes and containment , facility placement , and fire protection systems . Examples of recovery barriers include medical capability , mutual aid , back-up structures and spare part systems .
Anatomy of an Accident
In order to understand how the concept of layers of protections works , it is important to familiarise ourselves with the anatomy of incidents or how process incidents can occur [ 5 ]. Figure 1 shows the anatomy of a process safety accident . During
71