On Oct. 11, 2008, a tank overfill of oleum (i.e., a solution of sulfur trioxide in sulfuric acid) spread a cloud of toxic and corrosive SO3/H2SO4 mist across three towns in Pennsylvania. Approximately 2,500 people were forced to evacuate or shelter-in-place. Fortunately, no one was seriously injured.
The facility was originally built with one power supply and three plug-in pumps, which prevented more than one pump from being used at a time. To prevent an overfill, the power supply was interlocked to stop the pump when a high-high level was reached in Tank 1501 or Tank 1502. However, in the 1980s, a temporary emergency power supply was added after several power outages in the main system. This emergency system was never added to the piping and instrumentation diagrams (P&IDs) or the operating procedures. Importantly, the high-high level switches (LSHHs) did not control the emergency power supply.
On the day of the incident, an operator began to pump oleum from Tank 610 to Tank 1502. To save time, he plugged another pump into the emergency power supply to transfer oleum from Tank 611 to Tank 1502. This practice had been passed from operator to operator for many years, but it was not documented nor managed within the process safety program. The LSHH was unable to stop the transfer from Tank 611, causing Tank 1502 to overfill and release oleum.
Did You Know?
- The plant had been in operation for many years before process safety regulations required accurate P&IDs or operating procedures. In addition, management of change (MOC) was not used as rigorously as it is today.
- If your process was built before process safety regulations came into effect, you may have similar error traps.
- Operating procedures must be up-to-date and followed exactly. Any errors in procedures should be corrected.
- Operating procedures should be well-written and describe the process steps accurately to protect you, your company, and the community.
- Before the incident occurred, two different process hazard analyses (PHAs) discussed the hazards of overfill. The studies noted the high-level power interlock as a safeguard. However, the emergency power supply was not noted on the drawings or in the operating procedures nor was it mentioned by the operators, which hid this weakness from the hazard review teams.
- All changes that can affect the process — including temporary power supplies — need to go through MOC.
- Safety interlocks should not be used to routinely stop the filling of a tank. Instead, the operating procedures should identify the normal point to stop filling.
What Can You Do?
- During PHA meetings, look carefully at the drawings. If something is missing or does not match what is in the field, point that out.
- All undocumented practices should be pointed out to the supervisor. These practices must be written down, checked, and approved.
- Follow your procedures. If the procedures are incomplete or do not match current practices, ensure that they are reviewed and corrected.
- Beware of minor changes to the process. These should go through the MOC procedure.
Drawings and procedures should be accurate, up-to-date, and followed!
©AIChE 2022. All rights reserved. Reproduction for non-commercial, educational purposes is encouraged. However, reproduction for any commercial purpose without express written consent of AIChE is strictly prohibited. Contact us at firstname.lastname@example.org or 646-495-1371.
Would you like to reuse content from CEP Magazine? It’s easy to request permission to reuse content. Simply click here to connect instantly to licensing services, where you can choose from a list of options regarding how you would like to reuse the desired content and complete the transaction.