Download - 2008 epsc - accident avoidance
Learning about accidents
Companies cannot learn everything from their own accidents and incidents
Not many significant eventsLimited resources to investigateInternal mindsetLook at one incident at a time
But don’t always learn from others’ misfortuneDifferent hazard, equipment, controls etc.Skim through the headlines onlyFocus on the last big one.
BP Texas CityProcess industry has, quite rightly, looked carefully at this accidentIt seemed as if, to some people, the causes were novel and unheard of in the industryI believe the reports actually reflect the current consensus of what causes major accidents.
Previous study
Analysis of major accident reportsPhD in mid 90’s
Published inquiries go far beyond in-house investigationsRecurring findings
One or more ‘fatal errors’Conditions that made the error likelySystem failures contributing to the accident’s likelihood and consequenceAll accidents preceded by similar near missesManagement did not recognise the warning signs.
My aim here
Not look at accidents in isolationIdentify recurring themesSelect accidents that provide the best illustration of an issueProvide a list of factors that all organisations should look out for.
Piper Alpha
Permit to work failuresWell established systemCompliantNot working in practice
Procedures are essential but…
It is easy to be reassured that written systems and procedures are being usedNo news is good news?
People think they are following the procedure but have not actually understood what is requiredPeople think the procedure is only a guidePeople daren’t say they don’t follow the procedure
Assume people will adapt & take short cutsAudit what people do, not just the paper.
Chernobyl
Communication failuresManagement secretive about design weaknessesOperators did not challenge instructions.
Error is a natural part of communication
It is not what you say, it is what people think you mean
Some messages are taken literallyOther times people ‘read between the lines’
If people are not told about problemsThey will make the wrong decisionsWill not understand why they need to follow procedures
More/better communication is required when unusual events are happening.
Clapham Junction
Technician errorsHighly trainedExperienced.
Training ≠ Competence
Training courses have limited impactMost learning is achieved ‘on the job’
Needs to be plannedTrainees need to be supervised
Time served does not replace the need for competence assessmentCompetent people still make mistakes
Given more complex and demanding tasksIndispensable means less able to take a break.
Herald of Free Enterprise
Door left openShip’s Master did not knowVulnerable design
Layers of protection
UnderstandHow many? Are they independent?
Don’t assume they will workAlways obtain positive indications of operation
Make sure people understand their safety responsibilitiesLearn from near misses
Not just failures, but also what prevented an accidentIf you don’t act, people will assume all is safe.
Bhopal
Methyl IsocyanteRunaway reactionUnable to contain vapours
Reduced throughput does not mean reduced risk
Delaying maintenanceReduced budget or staffPeople get used to systems being inoperable
People are more interested in plants that make moneyHigh rate is more likely to be steady state.
Mexico City
Fractured pipeSlow responseToo late to prevent escalation
Detect → Diagnose → Respond
Have to succeed in all three stagesAND not OR gate logic
Prompt alarmsCompetent people
Plant knowledge and understandingDecision making
ResourcesPeopleEquipment.
BP Texas City
People in the wrong place at the wrong timeTrailers in plant areaArea not cleared during start up
Slow to raise the alarmA good safety record has its downside.
Generic Learning
Big accidents start smallAccidents occur most during unusual circumstancesIf you haven’t got it, it can’t hurt youKeep people away from hazardsWritten systems & procedures provide poor risk controlMost learning is on the jobError is a natural part of communicationPeople who are tired make more mistakesSafety devices can create complacencyDon’t assume safety devices are working.
Generic Learning (cont.)
Everyone needs to act if they know something is unsafe You need to challenge your emergency arrangementsPeople must be prepared to raise the alarmAnyone who may have to deal with the consequences of an accident has to know what they are dealing withMake sure you learn from near missesAll incidents have multiple causes and this should be seen in your investigationsDon’t overlook sabotageNon-operational parts of the business can be hazardousDon’t believe your safety is good (enough).
Conclusions
Before major accidents most managers didn’t have particular concerns about safety
Not perfect, but did not foresee the riskReassured that systems were in place without having good evidence that they were effectiveOnly heard or listened to good news
The biggest risks occur because of the errors and poor judgements made by those managers
High reliability organisations expect failures High reliability organisations expect failures and so work hard to avoid themand so work hard to avoid them