This document discusses learning from accidents and identifies recurring themes. It analyzes major accident reports from Piper Alpha, Chernobyl, Clapham Junction, Herald of Free Enterprise, Bhopal, Mexico City, and BP Texas City. The author aims to identify recurring factors all organizations should be aware of, such as permit to work failures, communication breakdowns, inadequate training, latent conditions, and failure to respond quickly to incidents. Generic lessons include keeping people away from hazards, challenges to emergency arrangements, and learning from near misses rather than just failures.

1. Tel: +44 1492 879813 Mob: +44 7984 284642
andy.brazier@gmail.com
www.andybrazier.co.uk
Accident Avoidance

2. Learning about accidents
Companies cannot learn everything from their
own accidents and incidents
Not many significant events
Limited resources to investigate
Internal mindset
Look at one incident at a time
But don’t always learn from others’ misfortune
Different hazard, equipment, controls etc.
Skim through the headlines only
Focus on the last big one.

3. BP Texas City
Process industry has, quite rightly, looked carefully
at this accident
It seemed as if, to some people, the causes were
novel and unheard of in the industry
I believe the reports actually reflect the current
consensus of what causes major accidents.

4. Previous study
Analysis of major accident reports
PhD in mid 90’s
Published inquiries go far beyond in-house
investigations
Recurring findings
One or more ‘fatal errors’
Conditions that made the error likely
System failures contributing to the accident’s
likelihood and consequence
All accidents preceded by similar near misses
Management did not recognise the warning signs.

5. My aim here
Not look at accidents in isolation
Identify recurring themes
Select accidents that provide the best illustration
of an issue
Provide a list of factors that all organisations
should look out for.

6. Piper Alpha
Permit to work failures
Well established system
Compliant
Not working in practice

7. Procedures are essential but…
It is easy to be reassured that written systems
and procedures are being used
No news is good news?
People think they are following the procedure but
have not actually understood what is required
People think the procedure is only a guide
People daren’t say they don’t follow the procedure
Assume people will adapt & take short cuts
Audit what people do, not just the paper.

8. Chernobyl
Communication failures
Management secretive
about design weaknesses
Operators did not
challenge instructions.

9. Error is a natural part of communication
It is not what you say, it is what people think you
mean
Some messages are taken literally
Other times people ‘read between the lines’
If people are not told about problems
They will make the wrong decisions
Will not understand why they need to follow
procedures
More/better communication is required when
unusual events are happening.

10. Clapham Junction
Technician errors
Highly trained
Experienced.

11. Training ≠ Competence
Training courses have limited impact
Most learning is achieved ‘on the job’
Needs to be planned
Trainees need to be supervised
Time served does not replace the need for
competence assessment
Competent people still make mistakes
Given more complex and demanding tasks
Indispensable means less able to take a break.

12. Herald of Free Enterprise
Door left open
Ship’s Master did not know
Vulnerable design

13. Layers of protection
Understand
How many?
Are they independent?
Don’t assume they will work
Always obtain positive indications of operation
Make sure people understand their safety
responsibilities
Learn from near misses
Not just failures, but also what prevented an accident
If you don’t act, people will assume all is safe.

14. Bhopal
Methyl Isocyante
Runaway reaction
Unable to contain vapours

15. Reduced throughput does not mean
reduced risk
Delaying maintenance
Reduced budget or staff
People get used to systems being inoperable
People are more interested in plants that make
money
High rate is more likely to be steady state.

16. Mexico City
Fractured pipe
Slow response
Too late to prevent escalation

17. Detect → Diagnose → Respond
Have to succeed in all three stages
AND not OR gate logic
Prompt alarms
Competent people
Plant knowledge and understanding
Decision making
Resources
People
Equipment.

18. BP Texas City
People in the wrong place at the wrong time
Trailers in plant area
Area not cleared during start up
Slow to raise the alarm
A good safety record has its downside.

19. Generic Learning
Big accidents start small
Accidents occur most during unusual circumstances
If you haven’t got it, it can’t hurt you
Keep people away from hazards
Written systems & procedures provide poor risk control
Most learning is on the job
Error is a natural part of communication
People who are tired make more mistakes
Safety devices can create complacency
Don’t assume safety devices are working.

20. Generic Learning (cont.)
Everyone needs to act if they know something is unsafe
You need to challenge your emergency arrangements
People must be prepared to raise the alarm
Anyone who may have to deal with the consequences of
an accident has to know what they are dealing with
Make sure you learn from near misses
All incidents have multiple causes and this should be
seen in your investigations
Don’t overlook sabotage
Non-operational parts of the business can be hazardous
Don’t believe your safety is good (enough).

21. Conclusions
Before major accidents most managers didn’t
have particular concerns about safety
Not perfect, but did not foresee the risk
Reassured that systems were in place without having
good evidence that they were effective
Only heard or listened to good news
The biggest risks occur because of the errors
and poor judgements made by those managers
High reliability organisations expect failuresHigh reliability organisations expect failures
and so work hard to avoid themand so work hard to avoid them