PUBLICATIONS AVAILABLE FROM THE
CENTER FOR CHEMICAL PROCESS SAFETY
of the
AMERICAN INSTITUTE OF CHEMICAL ENGINEERS
This book is one in a series of process safety guidelines and concept books published by the Center for Chemical Process Safety (CCPS). Please go to www.wiley.com/go/ccps for a full list of titles in this series.
This edition first published 2019
© 2019 the American Institute of Chemical Engineers
A Joint Publication of the American Institute of Chemical Engineers and John Wiley & Sons, Inc.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.
The rights of CCPS to be identified as the author of the editorial material in this work have been asserted in accordance with law.
Registered Office
John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA
Editorial Office
111 River Street, Hoboken, NJ 07030, USA
For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.
Wiley also publishes its books in a variety of electronic formats and by print-on-demand. Some content that appears in standard print versions of this book may not be available in other formats.
Limit of Liability/Disclaimer of Warranty
While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
Library of Congress Cataloging-in-Publication Data is available.
Hardback ISBN: 9781119529071
Cover Images: Silhouette, oil refinery © manyx31/iStockphoto; Stainless steel © Creativ Studio Heinemann/Getty Images, Inc.; Dow Chemical Operations, Stade, Germany/Courtesy of The Dow Chemical Company
It is sincerely hoped that the information presented in this document will lead to an even more impressive safety record for the entire industry. However, the American Institute of Chemical Engineers, its consultants, the CCPS Technical Steering Committee and Subcommittee members, their employers, their employers’ officers and directors, and Baker Engineering and Risk Consultants, Inc.®, and its employees do not warrant or represent, expressly or by implication, the correctness or accuracy of the content of the information presented in this document. As between (1) American Institute of Chemical Engineers, its consultants, CCPS Technical Steering Committee and Subcommittee members, their employers, their employers’ officers and directors, and Baker Engineering and Risk Consultants, Inc.®, and its employees and (2) the user of this document, the user accepts any legal liability or responsibility whatsoever for the consequences of its use or misuse.
Figure 2.1 Event Tree for a Process-related Incident
Figure 2.2 Swiss Cheese Model
Figure 2.3 Latent (hidden) Failure
Figure 2.4 Incident Prevention Strategies
Figure 2.5 Universal Concept for Controlling Risk
Figure 3.1 Overview of Investigation Tools
Figure 3.2 Schematic of an MES display
Figure 3.3 Top Portion of the Generic MORT Tree
Figure 3.4 Common Features of Investigation Methodologies
Figure 4.1 Management System for Process Safety Investigation
Figure 4.2 Checklist for Developing an Incident Investigation Plan
Figure 5.1 Logic Tree for Determining Incident Classification
Figure 5.2 Example Risk Matrix for Determining Incident Classification
Figure 6.1 Investigation Team Collaboration
Figure 7.1 Iteration between Witness and Physical Evidence Collection and Analysis
Figure 7.2 List of Potential Witnesses
Figure 7.3 Illustration of Human Observation Limitations
Figure 7.4 Overview of Interview Process
Figure 8.1 Iteration between Data Analysis and Data Gathering
Figure 8.2 Forms of Data Fragility
Figure 8.3 As-found Position of Valves—Example Photo
Figure 8.4 Initial Site Visit—Example Photo
Figure 8.5 Timeline Example Based on Precise Data
Figure 8.6 Timeline Example Based on Approximate Data
Figure 8.7 Timeline Example Based on a Combination of Precise and Approximate Data
Figure 8.8 Timeline Tips
Figure 8.9 Sequence Diagram for Tank Overflow Example
Figure 9.1 Scientific Method Process
Figure 9.2 Basic Steps in Failure Analysis
Figure 9.3 Rules for Causal Factor Charting
Figure 9.4 Example of a Causal Factor Chart
Figure 10.1 Example of 5 Whys Root Cause Analysis
Figure 10.2 Example of Ishikawa Fishbone Diagram
Figure 10.3 Structured Root Cause Methods Described in This Chapter
Figure 10.4 Flowchart for Root Cause Determination Using Logic Trees
Figure 10.5 Generic Logic Tree Displaying the AND-Gate
Figure 10.6 Generic Logic Tree for a Fire
Figure 10.7 Generic Logic Tree Displaying the OR-Gate
Figure 10.8 Logic Tree using the OR-Gate to establish an Ignition Source
Figure 10.9 Other Symbols Used in Logic Trees
Figure 10.10 Logic Tree Tips
Figure 10.11 Example Top of the Logic Tree, Employee Slip
Figure 10.12 Example Logic Tree Branch Level, Oil Spill
Figure 10.13 Example Logic Tree, Hand-carried Containers
Figure 10.14 Logic Tree, Slip/Trip/Fall Incident
Figure 10.15 Logic Tree Top, Employee Burn
Figure 10.16 Logic Tree Branch, Acid Spray
Figure 10.17 Expanded Logic Tree Sample, Employee Burn
Figure 10.18 Operator Fatality Branch
Figure 10.19 Fire Branch
Figure 10.20 Fact/Hypothesis Matrix for the Kettle Exit Piping Failure
Figure 10.21 Exit Piping Crack Branch
Figure 10.22 Flowchart for Root Cause Determination—Predefined Tree/Checklist
Figure 10.23 Example of Root Causes Arranged Hierarchically within a Section of a Predefined Tree
Figure 10.24 Incident Sequence
Figure 10.25 Complete Causal Factor Chart for Fish Kill Incident
Figure 10.26 Top of the Predefined Tree
Figure 10.27 First Question of the Human Performance Difficulty Category
Figure 10.28 Human Engineering Branch of the Tree
Figure 10.29 Analysis of the Human Engineering Branch
Figure 11.1 Common Human Factors Model
Figure 11.2 Example of Poor Pump and Switch Arrangement
Figure 11.3 Incident Causation Model
Figure 12.1 Incident Investigation Recommendation Flowchart
Figure 12.2 Layers of Safety
Figure 12.3 Bow-Tie Barrier Method
Figure 12.4 Example Recommendations and Assessment Strategies
Figure 14.1 Flowchart for Implementation and Follow-up
Figure 16.1 Example Safety Alert
Figure 16.2 CCPS Process Safety Beacon
Figure 16.3 ICI Safety Newsletter No. 96/1 & 2
Figure 16.4 ICI Safety Newsletter No. 96/7
Figure 16.5 Learning Event Report Example
Figure 16.6 Process Safety Bulletin Example
Table 2.1 Attributes of a Management System
Table 3.1 Some Characteristics of Selected Public Methodologies
Table 4.1 Suggested Training for Effective Implementation
Table 5.1 Common Classification Schemes
Table 5.2 Tier 1 Process Safety Event Severity Categories
Table 5.3 Example of Likelihood Levels for Determining Incident Classification
Table 5.4 Examples of the Impacts of a 1000-lb Cyclohexane Release
Table 7.1 Example Questions for Witnesses and Emergency Responders
Table 8.1 Scene Activities and Typical Responsibilities
Table 8.2 Examples of Paper Evidence
Table 8.3 Examples of Electronic Data
Table 8.4 Examples of Position Data
Table 8.5 Example Data Collection Form for Recording Physical Evidence
Table 9.1 Example Fact/Hypothesis Matrix – Chemical Reduction Explosion
Table 10.1 Strengths and Weaknesses of the 5 Whys Technique
Table 10.2 Strengths and Weaknesses of Logic Trees
Table 10.3 Strengths and Weaknesses of Predefined Trees
Table 11.1 Human Factors Issues
Table 13.1 Sample Sections of an Incident Investigation Report
Table 13.2 Findings, Causal Factors, Root Causes and Recommendations
Table 13.3 Example Checklist for Written Reports
Table 15.1 Requirement Compliance Checklist
Table 15.2 Investigation Key Element Audit Checklist
Table 15.3 Example Categories for Incident Investigation Findings
Table 15.4 Recommendations Review Checklist
Table 15.5 Example Follow-Up Checklist
Table 16.1 Questions for Identifying Learning Opportunities
The American Institute of Chemical Engineers (AIChE) has helped chemical plants, petrochemical plants, and refineries address the issues of process safety and loss control for over 30 years. Through its ties with process designers, plant constructors, facility operators, safety professionals, and academia, the AIChE has enhanced communication and fostered improvement in the high safety standards of the industry. AIChE’s publications and symposia have become an information resource for the chemical engineering profession on the causes of incidents and the means of prevention.
The Center for Chemical Process Safety (CCPS), a directorate of AIChE, was established in 1985 to develop and disseminate technical information for use in the prevention of major chemical accidents. CCPS is supported by a diverse group of industrial sponsors in the chemical process industry and related industries who provide the necessary funding and professional guidance for its projects. The CCPS Technical Steering Committee and the technical subcommittees oversee individual projects selected by the CCPS. Professional representatives from sponsoring companies staff the subcommittees and a member of the CCPS staff coordinates their activities.
Since its founding, CCPS has published many volumes in its “Guidelines” series and in smaller “Concept” texts. Although most CCPS books are written for engineers in plant design and operations and address scientific techniques and engineering practices, several guidelines cover subjects related to chemical process safety management. A successful process safety program relies upon committed managers at all levels of a company, who view process safety as an integral part of overall business management and act accordingly.
Incident investigation is an essential element of every process safety management program. This book presents underlying principles, management system considerations, investigation tools, and specific methodologies for investigating incidents in a way that will support implementation of a rigorous process safety program at any facility. The principles and suggested practices contained in this expanded third edition are not limited to chemical and petroleum process incidents. The basic concepts and provided examples are equally applicable to mining, pharmaceutical, manufacturing, mail order fulfillment, and numerous other hazardous industries.
A team of incident investigation experts from the petroleum, chemical, and consulting industries, as well as a regulatory agency representative, drafted the chapters for this guideline and provided real-world examples to illustrate some of the tools and methods used in their profession. The subcommittee members reviewed the content extensively and industry peers evaluated this book to help ensure it represents a factual accounting of industry best practices. This third edition of the guideline provides updated information on many facets of the investigative process as well as additional details on important considerations such as human factors, forensics, and legalities surrounding incident investigations.
The American Institute of Chemical Engineers wishes to thank the Center for Chemical Process Safety (CCPS) and those involved in its operation, including its many sponsors whose funding made this project possible; the members of its Technical Steering Committee who conceived of and supported this Guidelines project; and the members of its Incident Investigation Subcommittee. The Incident Investigation Subcommittee of the Center for Chemical Process Safety authored this third edition of the Guidelines for Investigating Process Safety Incidents.
The members of the CCPS Incident Investigation Subcommittee were:
Michael Broadribb, Baker Engineering and Risk Consultants, Inc.
Laurie Brown, Eastman Chemical Company
Chonai Cheung, Contra Costa County
Eddie Dalton, BASF
Carolina Del Din, PSRG
Jerry Forest, Celanese, Subcommittee Chair
Scott Guinn, Chevron Corporation
Christopher Headen, Cargill
Kathleen Kas, Dow Chemical Company
Mark Paradies, System Improvements, Inc.
Nestor Paraliticci, Andeavor
Muddassir Penkar, Evonik Canada Inc.
Morgan Reed, Exponent
Meg Reese, Occidental Chemical Corp.
Marc Rothschild, DuPont
Joy Shah, Reliance Industries Ltd
Dan Sliva, CCPS Staff Advisor
Robert (Bob) Stankovich, Eli Lilly
Lee Vanden Heuvel, ABS Consulting
Terry Waldrop, AIG
Scott Wallace, Olin
Della Wong, Canadian Natural Resources
The third edition was authored by Baker Engineering and Risk Consultants, Inc. The authors at BakerRisk were:
Quentin A. Baker
Michael P. Broadribb
Cheryl A. Grounds
Thomas V. Rodante
Roger C. Stokes
Dan Sliva was the CCPS staff liaison and was responsible for overall administration of the project.
CCPS also gratefully acknowledges the comments and suggestions received from the following peer reviewers:
Amy Breathat, NOVA Chemicals Corporation
Steven D. Emerson, Emerson Analysis
Patrick Fortune, Suncor Energy
Walter L. Frank, Frank Risk Solutions, Inc.
Barry Guillory, Louisiana State University
Jerry L. Jones, CFEISBC Global
Gerald A. King, Armstrong Teasdale LLP
Susan M. Lee, Andeavor
William (Bill) D. Mosier, Syngenta Crop Protection, LLC
Mike Munsil, PSRG
Pamela Nelson, Solvay Group
Katherine Pearson, BP Americas
S. Gill Sigmon, AdvanSix
Their insights, comments, and suggestions helped ensure a balanced perspective to this Guideline.
The efforts of the document editor at BakerRisk are gratefully acknowledged for contributions in editing, layout, and assembly of the book. The document editor was Phyllis Whiteaker.
The members of the CCPS Incident Investigation Subcommittee wish to thank their employers for allowing them to participate in this project and lastly, we wish to thank Anil Gokhale of the CCPS staff for his support and guidance.
ACC | American Chemistry Council |
AIChE | American Institute of Chemical Engineers |
ALARP | As Low as Reasonably Practicable |
ANSI | American National Standards Institute |
API | American Petroleum Institute |
ARIP | Accidental Release Information Program |
ARIA | Analysis, Research and Information on Accidents |
ASME | American Society of Mechanical Engineers |
BARPI | Bureau for Analysis of Industrial Risks and Pollutions |
BP | Boiling Point |
BI | Business Interruption |
BLEVE | Boiling Liquid Expanding Vapor Explosion |
BPCS | Basic Process Control System |
C | Consequence factor, related to magnitude of severity |
CCF | Common Cause Failure |
CCPS | Center for Chemical Process Safety, |
CE/A | Change Evaluation/Analysis |
CEFIC | (European) Chemical Industry Council |
CEI | Dow Chemical Exposure Index |
CELD | Cause and Effect Logic Diagram |
CFD | Computational Fluid Dynamics |
CIRC | Chemical Incidents Report Center |
CLC | Comprehensive List of Causes |
COMAH | Control of Major Accident Hazards |
CPQRA | Chemical Process Quantitative Risk Assessment |
CSB | Chemical Safety and Hazards Investigation Board (US) |
CTM | Causal Tree Method |
CW | Cooling Water |
D | Number of times a component or system is challenged (hr–1 or year–1) |
DCS | Distributed Control System |
DIERS | Design Institute for Emergency Relief Systems |
DMAIC | Define, Measure, Analyze, Improve, Control |
DOT | Department of Transportation |
E& CF | Events & Causal Factor Charting |
EBV | Emergency Block Valve |
EHS | Environmental, Health & Safety |
EI | Energy Institute |
EPA | United States Environmental Protection Agency |
eMARS | European Commission Major Accident Reporting System |
EPSC | European Process Safety Centre |
ERPG | Emergency Response Planning Guideline |
ETA | Event Tree Analysis |
F | Failure Rate (hr–1 or year–1) |
f | Frequency (hr–1 or year–1) |
F& EI | Dow Fire and Explosion Index |
F/N | Fatality Frequency versus Cumulative Number |
FCE | Final Control Element |
FEA | Finite Element Analysis |
FMEA | Failure Modes and Effect Analysis |
FTA | Fault Tree Analysis |
HAZMAT | Hazardous Materials |
HAZOP | Hazard and Operability Study |
HAZWOPER | Hazardous Waste Operations and Emergency Response |
HBTA | Hazard–Barrier–Target Analysis |
HE | Hazard Evaluation |
HIRA | Hazard Identification and Risk Analysis |
HMI | Human Machine Interface |
HSE | (UK) Health and Safety Executive |
HRA | Human Reliability Analysis |
ICCA | International Council of Chemical Associations |
IChemE | Institution of Chemical Engineers |
IEC | International Electrotechnical Commission |
IEEE | Institute of Electrical and Electronic Engineers |
IOGP | International Association of Oil & Gas Producers |
IPL | Independent Protection Layer |
ISA | The Instrumentation, Systems, and Automation Society (formerly, Instrument Society of America) |
ISBL | Inside Battery Limits |
ISD | Inherently Safer Design |
ISO | International Organization for Standardization |
JSA | Job Safety Analysis |
KPI | Key Performance Indicators |
LAH | Level Alarm—High |
LAL | Level Alarm—Low |
LEL | Lower Explosive Limit |
LFL | Lower Flammability Limit |
LI | Level Indicator |
LIC | Level Indicator—Control |
LNG | Liquefied Natural Gas |
LOPA | Layer of Protection Analysis |
LOPC | Loss of Primary Containment |
LOTO | Lockout/Tagout |
LSHH | Level Sensor High High |
LT | Level Transmitter |
MARS | Major Accident Reporting System |
MAWP | Maximum Allowable Working Pressure |
MCSOII | Multiple-Cause, Systems-Oriented Incident Investigation |
MES | Multilinear Event Sequencing |
MHIDAS | Major Hazard Incident Data System |
MI | Mechanical Integrity |
MIC | Methyl isocyanate |
MM | Million |
MOC | Management of Change |
MOM | Singapore's regulatory standard for incident investigation |
MORT | Management Oversight Risk Tree |
MSDS | Material Safety Data Sheet |
NAICS | North American Industry Classification System |
NFPA | National Fire Protection Association |
N2 | Nitrogen |
NOM | Mexico's regulatory standard for incident investigations |
NTSB | National Transportation Safety Board |
IOGP | International Association of Oil and Gas Producers |
OREDA | The Offshore Reliability Data project |
ORPS | Occurrence Reporting and Processing System |
OSBL | Outside Battery Limits |
OSHA | United States Occupational Safety and Health Administration |
Pfatality | Probability of Fatality |
Pignition | Probability of Ignition |
Pperson present | Probability of Person Present |
P | Probability |
P& ID | Piping and Instrumentation Diagram |
PCB | Polychlorinated Biphenyl |
PFD | Probability of Failure on Demand |
PHA | Process Hazard Analysis |
PI | Pressure Indicator |
PIF | Performance Influencing Factor |
PL | Protection Layer |
PLC | Programmable Logic Controller |
PM | Preventive Maintenance |
PPE | Personal Protective Equipment |
PSHH | Pressure Sensor High High |
PSI | Process Safety Information |
PSID | Process Safety Incident Database |
PSM | Process Safety Management |
PSM | also Canada's (non-regulatory) standard, individualized by district |
PSV | Pressure Safety Valve (Relief Valve) |
R | Risk |
RCA | Root Cause Analysis |
RIDDOR | Reporting of Injuries, Diseases and Dangerous Occurrence Regulations |
RMP | Risk Management Program (US) |
RQ | Release Quantity |
RV | Relief Valve |
SAWS | China's regulatory guideline for incident investigations |
SCAT | Systematic Cause Analysis Technique |
SCE | Safety Critical Equipment |
SDS | Safety Data Sheets |
SEMS | Safety and Environmental Management System |
SHE | Safety Health & Environment |
SIF | Safety Instrumented Function |
SIS | Safety Instrumented System |
SMART | Specific, Measureable, Agreed/Attainable, and Realistic/Relevant, with Timescales |
SOL | Safe Operating Limit |
SOP | Standard Operating Procedure |
SOURCE | Seeking Out the Underlying Root Causes of Events |
SRK | Skills, Rules, Knowledge |
SSDC | System Safety Development Center |
STEP | Sequentially Timed Events Plot |
T | Test Interval for the Component or System (hours or years) |
T0 | starting time |
Tn | ending time |
TNO | Nederlandse Organisatie voor Toegepast |
Natuurwetenschappelijk Onderzoek (TNO; English: Netherlands Organization for Applied Scientific Research) |
|
UEL | Upper Explosive Limit |
UFL | Upper Flammable Limit |
VCE | Vapor Cloud Explosion |
VLE | Vapor Liquid Equilibrium |
XV | Remote Activated/Controlled Valve |