First, let me say that I could have given a lot more examples. I was responding to a post, not writing a monograph. I also want to make the point that faulty design isn’t just an equipment issue, it can apply
to work organization as well.
I don’t know that we’re all that far apart. I think the old dichotomy between human error and equipment/design failure is almost meaningless. Dig deep enough and it’s all human error. Systems and equipment are
designed by human beings. But that doesn’t help much in correcting the factors that led to an accident.
We’ve seen lots of accidents where the victim or a co-worker made a mistake. But we never stop there in constructing a causal matrix. (We find that matrix models work better than linear root-causal chains.) We
always ask why the worker made the mistake. Was it poor training, confusing instrumentation, fatigue, conflicting job demands, push for production, etc.? Yeah, sometimes it’s just plain carelessness, but that happens to all of us. It’s why we promote
fail-safe design.
The problem with attributing an accident to human error, and stopping there, is that you’ve then got nowhere to go. Understand the reason for the error, and you’ve potentially got something you can fix. And the
whole point of an accident investigation is to fix the problem, not affix the blame.
One more story: This one is about Al Chapanis, generally considered the father of human factors engineering. During WW II, a lot of B-17s returning from missions would take a sudden dive and crash while attempting
to land. The AAF investigated and attributed it to human error – the pilots were deploying the flaps too aggressively and at the wrong time. So they warned pilots not to do that, emphasized proper flap deployment in training, and reportedly disciplined those
pilots who survived the crashes. Chapanis took a closer look and realized that the levers for flaps and landing gear were identical and close together. The pilots, fatigued by long missions and the stress of aerial combat, were deploying the flaps instead
of lowering the landing gear. The solution was to mount balls on one set of levers, and triangles on the other. Pilot error? Yes. But Chapanis asked why, and thereby saved a lot of lives and a lot of aircraft.
Mike Wright
Michael J. Wright
Director of Health, Safety and Environment
United Steelworkers
412-562-2580 office
412-370-0105 cell
“My friends, love is better than anger. Hope is better than fear. Optimism is better than despair. So let us be loving, hopeful and optimistic. And we’ll change the world.”
Jack Layton
From: ACS Division of Chemical Health and Safety [mailto:DCHAS-L**At_Symbol_Here**Princeton.EDU]
On Behalf Of Eugene Ngai
Sent: Friday, August 21, 2020 6:13 AM
To: DCHAS-L**At_Symbol_Here**Princeton.EDU
Subject: EXTERNAL EMAIL: Re: [DCHAS-L] EXTERNAL EMAIL: Comment
I would like to support Richards observations. I agree that most incidents are not due to poor design. In 45 years I have investigated many incidents involving compressed gases. In 2001 I led the investigations into 2 severe incidents involving
highly toxic gases. The first was the rupture of a hydrogen selenide cylinder that was over filled with over 150 lbs. The ER team wound up with 8 employees with severe respiratory distress and skin irritation due to the selenious acid. Decon was a major problem.
We had to triage the victims, not easy to do when they had severe respiratory distress. One of the root causes was failure of the operator during shift change to note the information given to him.
The second was a case where air was liquefied in a arsine process cylinder in liquid N2. The air/arsine mixture was ignited due to pyrophoric contaminants in the cylinder. The pressure due to the deflagrating reaction in the cylinder stripped
the brass cylinder valve threads and propelled it out of the cylinder. 65 lbs of arsine was released. Over 100 people went to the hospital believing they were exposed to arsine. As you can imagine this incident involved a lot of my time for 5 years. One of
the primary root causes was failure to follow Management of Change.
Eugene Ngai
Chemically Speaking LLC
From: ACS Division of Chemical Health and Safety <DCHAS-L**At_Symbol_Here**Princeton.EDU>
On Behalf Of Richard Palluzi
Sent: Monday, August 17, 2020 8:22 AM
To: DCHAS-L**At_Symbol_Here**Princeton.EDU
Subject: Re: [DCHAS-L] EXTERNAL EMAIL: Comment
Thank you for the courteous reply. I will say that 3 cases still, at least to me, do not qualify for sometimes although I agree what would qualify is rather nebulous. There is no doubt in my mind that dangerous
and inappropriate designs have often (sometimes?, occasionally? with a frequency more than very rare and less than common?) gotten built. Whether these were due to corporate decisions, bad engineering, lack of data about the hazards, lack of recognition of
the hazards, a very risk acceptance environment, or a host of other factors can be debated. And I applaud your efforts to keep your people safe.
I will say, that in my experience while rushing, being tired, being pushed to produce, and similar external factors (including distractions about home, family, friends, and finances) are major causes of accidents
I am afraid I have seen too many other cases where the employee simply did not want to follow the rules. Why always amazes me. (I mean I am not going to lose an eye if I don’t wear safety glasses, or get burned if I don’t wear the heat resistant gloves, they
will.) I will acknowledge that this is a minority but not a trivial minority. So I would argue that you need to keep an open mind.
Nice chatting with you.
Richard Palluzi
PE, CSP
Pilot plant and laboratory consulting, safety, design,reviews, and training
www.linkedin.com/in/richardppalluzillc/
Richard P Palluzi LLC
72 Summit Drive
Basking Ridge, NJ 07920
rpalluzi**At_Symbol_Here**verizon.net
908-285-3782
From: ACS Division of Chemical Health and Safety <DCHAS-L**At_Symbol_Here**Princeton.EDU>
On Behalf Of Wright, Mike
Sent: Sunday, August 16, 2020 11:36 PM
To: DCHAS-L**At_Symbol_Here**Princeton.EDU
Subject: Re: [DCHAS-L] EXTERNAL EMAIL: Comment
Richard, thanks for your comment. I withdraw the phrase “as is so often the case.” But I have to replace it with “as is
sometimes the case.” I’ve investigated scores of fatal accidents where a system was designed, or redesigned, with little attention to safety. In some cases safety was considered with respect to normal operations, but not upsets.
But I understand that the claim requires evidence. So here’s a case in point: a small steel operation where an electric furnace was upgraded to increase its capacity. However, the intakes to the water cooling
system were not relocated, so they were below the level of molten metal in the redesigned furnace. A year or so after the redesign, the furnace suffered a breakout (spill) and molten metal covered the intakes, which were not armored to withstand it. When molten
metal covers water the result is an extremely powerful explosion, as the water instantly flashes to steam. A worker died.
Another example: a chemical plant making resorcinol. It’s an endothermic reaction, using a toluene feedstock, with heat supplied by a heat exchange coil circulating hot water. A bright young engineer decided
the efficiency of the reaction would be increased if the water was replaced by molten sodium nitrate. He hadn’t considered the fact that the coil had been repaired with low temperature braising compounds, which melted due to the increased temperature and allowed
the sodium nitrate to enter the vessel. It started to make organic nitrates, for example trinitrotoluene, with predictable results. Luckily, the explosion occurred in the wee hours of the morning, and the operator was taking a break on a balcony outside the
room with the reactor vessel. He was blown off, fell 15 feet, two broken legs but lived. The really scary part was the unit making diethyl ether right next door. Shrapnel penetrated the thin walls, but missed the vessel. The plant sits in a narrow valley,
with homes close by. You can imagine the effect of a vapor cloud of ether drifting over the sleeping families, looking for a source of ignition.
One more: a chemical plant using benzene as a process solvent in a reactor vessel. For safety and environmental reasons they had to phase it out. The engineers thought the easiest conversion was to n-hexane.
But the chemicals are of course different, and the n-hexane tended to boil out of the vessel when the port was opened. The third time this happened, it found a source of ignition and a worker was burned to death.
These are not entirely the engineers’ fault. Management told them what they wanted, and safety wasn’t very high on the list. In the third case, management never bothered to ask for an investigation of the near-misses.
As to worker errors, they certainly exist. But I and my colleagues have investigated more than a thousand fatal and critical accidents since I signed on with the union. Workers are sometimes careless, distracted,
and in a hurry to finish and get home. That’s human. But outright defiance of effective and properly communicated rules is rare. Most worker errors can be assigned to fatigue, conflicting or excessive job demands, poor training, faulty instrumentation, production
pressure. There’s a rich literature on human factors engineering backing that up.
Incidentally, I was trained as an engineer (Cornell ’69) before I went on to public health. Safety was honored in the civil engineering classes; we began the very first freshman class with the Tacoma Narrows
Bridge. But safety was mostly ignored elsewhere. Since graduating, I’ve sometimes been a guest lecturer at various schools. It’s astounding how many 3rd and 4th year engineering students have never had a human factors course, and don’t
understand concepts like fail-safe design.
I have enormous respect for engineers; the profession links science with human needs. But engineers are like any other workers. They need good training, a good ethical code, a properly defined mission, good working
conditions, and proper autonomy. And then they can do wonders.
Mike Wright
Michael J. Wright
Director of Health, Safety and Environment
United Steelworkers
412-562-2580 office
412-370-0105 cell
“My friends, love is better than anger. Hope is better than fear. Optimism is better than despair. So let us be loving, hopeful and optimistic. And we’ll change the world.”
Jack Layton
From: Richard Palluzi [mailto:rpalluzi**At_Symbol_Here**verizon.net]
Sent: Sunday, August 16, 2020 6:46 PM
To: Wright, Mike
Cc: ralph.stuart**At_Symbol_Here**keene.edu
Subject: EXTERNAL EMAIL: Comment
Your recent post included the phrase “. As is so often the case, the engineers hadn’t thought much about safety.” To which I take great exception. In my 45 years of engineering I have spent much more time
and effort trying to get the workers to follow the safety requirements and use the safety equipment provided then I ever spent have to redesign something to make it safer. Yes that happened but it was rare. It is certainly true that a good hazard analysis
and risk assessment will sometimes turn up something the designer missed which is why we do them but the bulk of the incidents I experienced in my career I n the energy industry showed that failing to use the equipment and follow the rules were the much more
common root cause.
I can understand your background but I’d appreciate if you would please avoid inflammatory rhetoric like that in the future.
Richard Palluzi
PE, CSP
Pilot plant and laboratory consulting, safety, design,reviews, and training
www.linkedin.com/in/richardppalluzillc/
Richard P Palluzi LLC
72 Summit Drive
Basking Ridge, NJ 07920
rpalluzi**At_Symbol_Here**verizon.net
908-285-3782
--- For more information about the DCHAS-L e-mail list, contact the Divisional membership chair at
membership**At_Symbol_Here**dchas.org Follow us on Twitter **At_Symbol_Here**acsdchas
--- For more information about the DCHAS-L e-mail list, contact the Divisional membership chair at
membership**At_Symbol_Here**dchas.org Follow us on Twitter **At_Symbol_Here**acsdchas
--- For more information about the DCHAS-L e-mail list, contact the Divisional membership chair at
membership**At_Symbol_Here**dchas.org Follow us on Twitter **At_Symbol_Here**acsdchas
Previous post | Top of Page | Next post