Primatech

• Its operating procedures were not revised after modifications during a major turnaround.

• Operators used an unapproved procedure that did not contain information on operating the new process control system.

• Operators experienced difficulty in performing a solvent-only run required to verify instrument calibrations, proper equipment operating sequences, and other operating parameters and were unable to perform the step.

• Operators bypassed safety interlocks in the control system in order to continue startup.

• Operators proceeded with startup even though one of two centrifuges was out of service that made startup more difficult requiring close focus on the operating conditions and frequent adjustments to control variables.

If a member of a PHA team suggested such a sequence of events, other team members likely would reject its credibility and the team would move on. However, this sequence of failures occurred in an accident that killed two people and injured eight people.

PHA teams look for ways in which a process may deviate from its design intent but usually the specified design intent identifies what should be done, not what should not be done. It is the latter that occurs in many incidents and, while PHA teams should try to identify ways that a process may be misoperated, it is unreasonable to expect a PHA team to identify the ways in which a process may be maloperated. Moreover, there is an effectively infinite number of ways in which a process may be maloperated and it would be impractical to ask a PHA team to try and identify all of them. Misoperation is addressed in PHA by considering the actions that are required of operators and the human factors that influence them. Maloperation must be addressed through operating discipline, proper change reviews, and designing robust processes.