(41a) Accident Investigation Using Process Control Event Diagrams

Morrison, D. R., Exponent, Inc.
Ogle, R., Exponent, Inc.
Cowells, J., Exponent
Martens, J., Exponent, Inc.

The automation of chemical processes has both positive and negative features. Computer automation can be a powerful tool for safety management. On the other hand, it provides new opportunities for human error both in design and in operation. The interaction of process equipment, control systems, and operators can be complex. This is especially true with the discrete control of batch systems. In this paper we investigate an accident with an automatically controlled batch dryer that resulted in an explosion and fire.

The batch dryer contained a heat transfer subsystem. The heat transfer subsystem consisted of a combustible oil circulated continuously in a closed loop. The purpose of the heat transfer subsystem was to maintain a plate heat exchanger at a constant temperature. The process dryer was programmed to dry a batch of material in contact with the slab by advancing through several stages of operation. The dryer was controlled by a supervisory control and data acquisition system (SCADA) with several programmable logic controllers (PLCs). During one of these stages the dryer encountered an abnormal operating condition. The control system placed the dryer into a standby mode and tripped an alarm at the human-machine interface (HMI) console. The operator responded to the alarm in a manner consistent with the operating procedures.

The standby mode was a fail-dangerous condition. The control system automatically advanced the dryer into a more hazardous state. The process measurements and alarms transmitted to the HMI indicated an abnormal condition but did not indicate an imminent explosion/fire hazard. Three maintenance workers attempting to diagnose the cause of the abnormal operating condition were injured when the unit exploded.

The interaction of the operator and the control system was analyzed using process control event diagrams (PCEDs). The PCED provides a model for representing the interactions between a chemical process, the control system logic, and process operation. This diagram can serve as the basis for a systematic hazard analysis. PCEDs were a convenient way to trace and document the changes in equipment states caused by the process dynamics, control logic, and operator actions. This structured approach to failure analysis identified several inadequate sensors, sections of control logic, and final control elements. Through the use of this tool, the fail-dangerous state was shown to be a consequence of several design deficiencies in the dryer system and not the result of operator error.


This paper has an Extended Abstract file available; you must purchase the conference proceedings to access it.


Do you already own this?



AIChE Members $150.00
AIChE Graduate Student Members Free
AIChE Undergraduate Student Members Free
Non-Members $225.00