Mac Lecture

349
-1

Published on

Lecture on Safety Mismanagement, Mac<aster University, November 2009

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
349
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mac Lecture

  1. 1. Safety Mismanagement and High Consequence Accidents
  2. 2. .
  3. 3. THE ORGANISATION (TOP LEVEL MANAGEMENT) HAS MATERIAL RESPONSIBILITIES FOR SAFETY • Responsibilities first formally defined by HM Railways Inspectorate (UK) in 1858 • Investigation of 1870 collision (Brockley Whins) found management “wholly responsible”
  4. 4. Human error in the Boardroom Management cock-ups in five flavours: 1. don’t understand hazard 2. production considerations dominate 3. don’t define/assign safety responsibility 4 ignore, or don’t learn from, experience 5 don’t maintain corporate memory
  5. 5. • SL-1 reactivity insertion accident (1961) • Herald of Free Enterprise capsize (1987) • Challenger explosion (1986) • Pickering pressure tube failure (1983) • Pickering SLOCA (1994) • Fuel string relocation issue (1962-present)
  6. 6. SL-1 National Reactor Testing Station, Idaho Falls
  7. 7. SL-1
  8. 8. • duration of nuclear portion of accident: 2 ms • total duration of accident: 2-4 s • Period of interest: August 1959-December 1960 (17 months or 90.6336 Ms)
  9. 9. SL-1 History • August 1959: Significant design deficiencies identified • August 1960: Significant (hazardous) core deterioration reported • September 1960: SL-1 returned to service at higher power level • September-December 1960: severe deterioration in CR performance
  10. 10. CR drive disassembly procedure 1 secure special tool CRT No 1 on top of rack and raise rod not more than 4 inches. Secure C-clamp to rack at top of spring housing 2 Remove special tool CRT No 1 from rack and remove slotted nut and washer 3 Secure special tool CRT No 1 to top of rack and remove C-clamp, then lower control rod until the gripper knob located at the upper end of element makes contact with the core shroud Assembly of the rod drive mechanism… are the reverse of disassembly
  11. 11. Underlying failures • safety responsibility undefined/unassigned • hazard not clearly defined/understood • no effective response to early indications of design deficiency or core deterioration • dominating production imperative
  12. 12. Dominating production imperative It is clear, and many people have later said so, that the reactor should have been shut down pending resolution of the boron difficulties and the general deterioration of control rod operation. In fact no one did so or even brought the malfunctions to the attention of any responsible safety group. In the climate that existed before the accident, it is likely that if one man had decided that the reactor should be shut down for safety reasons he would have been ridiculed and would almost certainly have had an unfriendly response since he would have had to say some rather harsh things to accomplish his purpose. [T J Thompson]
  13. 13. Cross-channel ferry Herald of Free Enterprise Zeebrugge, 1987
  14. 14. What happened? • assistant bosun not at his station to close doors • Officer of Watch did not remain at door station to supervise • doors not visible from bridge (standing orders required Captain to assume vessel in all respects ready for sea if no report to contrary) • vessel trimmed by the head (~3 ft) for loading • dynamic sinkage (at 18 kts) brought bow wave to ~ 6 ft above lower edge of loading doors • open vehicle deck flooded rapidly (initial 30o list to port in less than 1 min)
  15. 15. The environment • Standing Orders inadequate, ambiguous and unworkable (previously identified) • strong management pressure for early departure • sailing with open loading doors an identified issue (five instances reported to management since 1983) • routine failure to comply with legal requirements (identified in 1983) • routine operation in unknown stability conditions (identified in 1983) • routine overloading
  16. 16. Excessive passengers carried • two instances reported in 1982 • instances reported in 1983 and 1984 • five instances reported in 1986 more passengers carried than permitted (loading limit) more passengers carried than life-saving appliances
  17. 17. • dominating production imperative • misperception of hazard (wilful or otherwise) • refusal to respond to clear indication os unsafe conditions • no defined safety responsibility
  18. 18. Loss of Space Shuttle Challenger
  19. 19. • safety responsibility undefined/unassigned • nature of hazard either not understood or wilfully ignored • no substantive response to O-ring erosion • production imperative in overall programme and in specific launch decision
  20. 20. Pickering Unit 2 pressure tube failure, August 1983
  21. 21. • failure to respond to operating experience and/or misperception of hazard • dominating production imperative
  22. 22. Two more quick ones • Pickering Unit 2 SLOCA (1994) • Fuel string relocation reactivity issue (1962- present)
  23. 23. Pickering SLOCA • Pickering Unit 2 SLOC of 1994 Root Cause Investigation did not identify root cause (some information actively concealed)
  24. 24. RCI recommendations • training to broaden awareness of safety issues • breakdowns and failures in the analysis process should be communicated to all nuclear safety staff so everyone has the opportunity to learn from the mistakes of the past REPORT NEVER FORMALLY ISSUED
  25. 25. Some other examples • Brockley Whins collison (1870): “I find the company's management wholly to blame for this accident” • Shipton derailment (1874) 34 dead • Aberfan landslide (1966) 144 dead (116 children) • Flixborough explosion (1974) 28 dead • Hinton (Alta) rail collision February 1986: 23 dead • Kings Cross fire November 1987: 31 dead • Ocean Ranger oil rig sinking (1982) 84 dead • Bhopal (1984) >3000 dead
  26. 26. • Piper Alpha oil rig fire July 1988: 167 dead • Clapham Junction rail collision (1988) 35 dead • Westray mine explosion May 1992: 26 dead • Ladbroke Grove rail collision (1991) 31 dead • Columbia STS breakup on re-entry (2003) 7 dead
  27. 27. • Crash of RAF Nimrod XV230, Afghanistan, (14 dead) 2006 • Sayano-Shushenskaya (Khakassia) dam turbine failure (75 dead), 2009
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×