Table Judged Reasons for Failure in Events Cited 22 XIV




Скачать 202.63 Kb.
НазваниеTable Judged Reasons for Failure in Events Cited 22 XIV
страница10/18
Дата14.11.2012
Размер202.63 Kb.
ТипДокументы
1   ...   6   7   8   9   10   11   12   13   ...   18

4.3Failure in British Chemical Plant (poor anticipation of unsafe interactions during design)


In a batch chemical reactor in England, a computer controlled the flow of catalyst into the reactor and the flow of water into the reflux condenser to cool the reaction. Sensor inputs to the computer were to warn of any problems in various parts of the plant. The programmers were told that if a fault occurred in the plant, the computer was to leave all controlled variables as they were and sound an alarm. On one occasion, the computer received a signal indicating a low oil level in a gearbox. The computer reacted as its requirements specified. It sounded an alarm and left the controls as they were. By coincidence, a catalyst had been added to the reactor, but the computer had just started to increase the cooling-water flow to the reflux condenser. The flow was therefore kept at a low rate. The reactor overheated, the relief valve lifted, and the contents of the reactor were discharged into the atmosphere.


There were no component failures involved in this accident. Individual components, including the software, worked as specified, but together they created a hazardous system state. Merely increasing the reliability of the components or protecting against their failure would not have prevented the loss. Prevention required identifying and eliminating or mitigating unsafe interactions among the system components (Kletz, 1982; Leveson, 2004).

4.4Uncontrolled Chain Reaction at Japanese Breeder Reactor (operators’ shortcut of recommended safety procedures)


An essential step in enriching uranium fuel involves mixing concentrated uranium powder with nitric acid, a process using a very specialized mixing apparatus that the Japanese Science and Technology Agency had declared involved “no possibility of critical accident occurrence due to malfunction and other failures.” However, for efficiency, local staff had developed shortcut timesaving procedures approved by the manufacturing quality assurance people but not by safety management. Instead of using a tall and narrow extraction and buffer column designed to prohibit accumulation of sufficient mass to cause a chain reaction, they adopted a bowl-like vessel that put the contents together in one big yellow frothy container. Unfortunately, within seconds of two operators dumping the final liquid into the container, an intense blue light shone from the center of the mass; this was a chain reaction. Intense heat ensued, and radiation alarms were set off. It took 20 hours to stop the chain reaction. The two operators were rushed to the hospital with intense radiation burns, but both died within a few days. The company’s fuel reprocessing license was suspended (Casey, 2006).

4.5Observed Dysfunction in Steel Plant Blast Furnace Department (poor communication regarding authority)


At an iron and steel plant, frequent accidents occurred at the boundary of the blast furnace department and the transport department. One conflict arose when a signal informing transport workers of the state of the blast furnace did not work and was not repaired because each department was waiting for the other to fix it. Such dysfunction was the result of too many management levels separating workers in the two departments from a common manager: the greater the distance, the more difficult the communication, and the greater the uncertainty and risk.


There was also evidence that accidents were more likely in boundary areas or in overlap areas where two or more controllers (human and/or automated) controlled the same process. In both boundary and overlap areas, the potential existed for ambiguity and for conflicts between independently made decisions. When controlling in boundary areas, there was confusion over who was actually in control (which control loop was currently exercising control over the process), leading to missing control actions. The functions in the boundary areas were often poorly defined (Leplat, 1987).
1   ...   6   7   8   9   10   11   12   13   ...   18

Похожие:

Table Judged Reasons for Failure in Events Cited 22 XIV iconTime 2 Beat 122 Entries (12” dogs judged by barbara Bounds; remainder judged by Sandy Moody)

Table Judged Reasons for Failure in Events Cited 22 XIV iconTable Substance identity 2 XI Table Constituents 3 XI Table Impurities 3 XI

Table Judged Reasons for Failure in Events Cited 22 XIV iconAppendix Bibliography (list of all articles cited and what chapter cited in)

Table Judged Reasons for Failure in Events Cited 22 XIV iconTable Substance identity 2 VII Table Constituents 2 VII Table Overview of physico-chemical properties 3 VII

Table Judged Reasons for Failure in Events Cited 22 XIV iconRound Table  Table ronde The New Citizenship Guide. A round Table  Le nouveau guide sur la citoyenneté

Table Judged Reasons for Failure in Events Cited 22 XIV iconNote for Philip: Each section of the content is preceded by the columned table, copied over from your original document. The main body text for each section is outside of the table

Table Judged Reasons for Failure in Events Cited 22 XIV iconTable structure for table `authors`

Table Judged Reasons for Failure in Events Cited 22 XIV iconThese publications cited papers and books authored and coauthored by S. A. Ostroumov
Примеры работ, цитирующих публикации с авторством и соавторством д б н. С. А. Остроумова. These publications cited papers and books...
Table Judged Reasons for Failure in Events Cited 22 XIV iconWere medieval muslims really tolerant when judged by modern standards?

Table Judged Reasons for Failure in Events Cited 22 XIV iconWere medieval muslims really tolerant when judged by modern standards?

Разместите кнопку на своём сайте:
Библиотека


База данных защищена авторским правом ©lib.znate.ru 2014
обратиться к администрации
Библиотека
Главная страница