SlideShare ist ein Scribd-Unternehmen logo

BP Texas City Refinery Disaster Report

Chinedu Isiadinso
Chinedu Isiadinso
1 von 9
Downloaden Sie, um offline zu lesen
BP TEXAS CITY REFINERY DISASTER ACCIDENT & PREVENTION REPORT Chinedu Charles Isiadinso April 23, 2015 Contents 1 INTRODUCTION 2 2 KLETZ-TYPE PREVENTION TABLE 3 3 ANALYSIS 6 4 CONCLUSION 9 1
1 INTRODUCTION On Wednesday, March 23 2005, numerous explosions, and a fire, occurred at BP Texas City refinery, Texas, USA. The explosions and fire occurred during start-up of an isomerization unit at the refinery. The disaster resulted in 15 fatalities, over 150 injuries, and financial losses exceeding $1.5 billion (USD)[1]. Details of the Accident BP had begun a lengthy maintenance project at their Texas city refinery, which required over 1000 contractors on site along with employees. A number of trailers had been set up, close to the blow-down stack (see figure 1), to serve as offices and meeting rooms for the contractors. In the early hours of Wednesday, March 23 2005, workers began the start-up process of an isomerization unit by pumping highly flammable liquid into to a raffinate splitter tower (see figure 1), which would, normally, have ≈ 2m (6.5ft) of liquid at its base. Liquid height sensor and two alarm systems, for heights of 2m, (6.5ft) and 3m, (10ft), were installed to measure and report the height of liquid in the tower to operators, and raise alarms if the liquid reached 2m and 3m respectively. However, the sensor was designed to measure heights up to 3m, and thus there was no way to tell the amount of liquid in the tower beyond that point. As workers pumped liquid into the splitter tower, the liquid reached, and exceeded, the 3m mark, setting off the 2m alarm but not the 3m. As the liquid feed exceeded 3m, when the feed was stopped, and the height sensor reported 3m, while in actual fact, the tower is believed to have reached 4m, (13ft)[2]. Figure 1: Raffinate section of Isomerization unit[1] Following a shift change, and very poor communication, operators recommenced the start-up process, adding more liquid to the overfull splitter tower. While liquid was being pumped in, no liquid was being pumped out, as specified in the start up procedure[5], due to a level control valve being left closed. About 10 minutes later, as part of the normal process, operator lit burners in the furnace to heat up the liquid being fed to the splitter tower. With the level control valve still closed, the tower liquid level rose, and the heigh meter reported a height of under 3m; however, calculations show that the liquid reached 42m[1]. At 1 pm, the level control valve was opened, following a high pressure alarm that caused a manual relief valve to be opened; this stabilized liquid level. However, liquid leaving the tower 2
was at a very high temperature, and on exiting the heat exchanger (which was not designed to cool down very hot liquid), induced a temperature rise (over 150o[1]) in liquid being fed to the tower. This caused liquid in the tower to boil and expand causing the liquid level in the tower to rise. Minutes later, the 52m, (170ft)[5], 586, 100l[7] capacity splitter tower was completely full, and liquid flowed through a overhead pipe, down 45m, (148ft), and forced open all 3 safety relief valves near the base of the tower; these valves redirected over 200, 000l of flammable liquid to the blow-down drum of significantly lower capacity. Similar to the tower, the blow-down drum was fitted with a liquid height sensor and an alarm, but when the drum overfilled, the alarm failed to alert operators, who continued redirecting flow to the drum. Minutes later, there was an eruption of very hot highly flammable liquid, from the top of the blow-down stack[3], which fell to the ground creating a highly flammable vapour cloud that covered the entire refinery, especially the trailers housing the contractors. Ignition of the cloud, by backfire from an idling diesel truck at about 1:20 pm, caused a number explosions and fires, and sent shock-waves for miles in all directions. Figure 2: BP Texas City Refinery Layout[1] 2 KLETZ-TYPE PREVENTION TABLE Table 1: Kletz-Type prevention table Events Immediate Steps Avoiding Hazard Management System Explosions and Fire Truck driver should have turned engine off after eruption Idling diesel truck backfires, ignites vapour cloud Do not idle truck a few meters from haz- ardous equipment Create dedicated parking space Always know where vehicles on plot are Vapour Cloud forms and expands across re- finery Sound alarm Install disaster alert system Train staff for dis- asters, the CSB report[1] showed that staff where not properly trained for abnormal situations 3
Table 2: Kletz-Type prevention table Events Immediate Steps Avoiding Hazard Management System Blow-down stack over fills and liquid erupts Carry out disaster protocol Install blow-down drum of equal capac- ity as tower. Install modern blow-down stack, to eliminate possibility of overflow Train staff for disasters[9] Liquid in blow-down drum reaches max. capacity; high level alarm does not sound Tower is overfull, ex- pect the drum alarm to sound, and act if there’s no sound Emergency purge sys- tem when drum over fills Regular equipment inspection, due to cost cutting tech- niques, less money was available to inspect and repair faulty equipment[1] High pressure liquid force open all 3 safety relief valves; liquid is redirected to the blow-down drum Turn off feed, and purge systems Install another set of high pressure alarms for the over head pipes Tower overfills; liquid flows through over- head pipe towards re- lief valves 45m below Install overflow detec- tor to shut down pro- cess if tower overfills Liquid fed to tower causes boiling; liquid level rises to 43m, sen- sor shows decline Design location based temperature detector Regular equipment in- spection and repairs Hot liquid, from tower base, heats up tower feed Design system to mea- sure temperature of liquid in key areas (e.g. tower outlet) and alert operator of problems Operators worry about lack of outflow, level control valve is open The process had been running for over 3 hours, check what happened to liquid fed Design system to show valve status A supervisor must al- ways be present Tower high pressure alarm sound; oper- ators open manual relief valve (auto- matic emergency valves failed) Check information about flow into and out of tower and see if there discrepancies. Regular equipment in- spection Improperly calibrated level indicator shows liquid as 2.6m and falling; liquid is at 30m Show flow into and out of tower on same screen and work out in tower volume based on these Equipment inspection and repairs 4
Table 3: Kletz-Type prevention table Events Immediate Steps Avoiding Hazard Management System Supervisor leaves due to family emergency, there is no replace- ment Request replacement supervisor Enforce requirement of at least one tech- nical staff at all times Conflicting infor- mation about level control valve is re- ceived by operator, valve is left closed Request clarification Design system to show valve status Start-up recom- mences, more liquid is added to already overfull tower, liquid level increases Carry out pre-startup procedure Improve system to allow operators see flows in and out of tower Ensure pre-startup is completed ans suc- cessful Night shift operator leaves, day shift oper- ator takes over; state of start-up process is badly communicated Make better use of logbooks Enforce BP sign over protocol, especially during hazardous processes Sensor reads 3m (ac- tual height is 4m), feed is stopped Improve sensor design First tower high level alarm sounds, second fails Stop after first alarm Regular equipment in- spection Operators ignore 2m recommended height and fill to 3m max. height Follow safety recom- mendation Enforce safety re- quirements Contract workers in trailers are not in- formed about start-up process Inform all personnel about hazardous pro- cesses Ensure everyone is out of harms way before starting hazardous processes Isomerization start-up begins, liquid is fed into splitter tower Evacuate all non- essential staff Ensure pre-startup is completed Safety culture Lengthy maintenance process; trailers are set-up close to isomer- ization unit Setup trailers at safe distance Should have followed CSB trailer citing rec- ommendations 5
3 ANALYSIS The accident could be blamed on a wide range of failures, from mechanical to human to process, however, the entire accident could be put down to human error. Starting at the very beginning with the location of the trailers. From figure 3, it can be seen that the trailers where set up in, potentially, the most dangerous part of the site. Trailers where setup between the catalyst warehouse and the isomerization unit (close to the blow-down drum and staff), separated from the unit by a rack of pipes carrying highly flammable liquid. Not only was this citing warned against by safety experts[1], but from figure 2, it can be seen that permanent office structures where erected reasonably far away from hazardous material and equipment, at the other end of the refinery; no deaths occurred at these permanent structures. A reasonable location, for the trailers, would have been next to the control room in the blue section of figure 2. Figure 3: Trailer area and adjacent Isomerization unit[1] Second, employees, and maintenance workers knew how hazardous the isomerization start-up process was, but no alerted the contracts (who where in the trailers) about the start-up, as such contracts where unaware of of what was happening until the eruption and explosion. Deaths could have easily been prevented if trailer staff where informed, or better still, removed from harmsway until the start-up process was complete; there was a safety meeting that day, over 300 people (employees and contractors) where in attendance and nothing was said about the startup about to begin[3]. While immediately it would not have been possible for the night shift operator to have know the second alarm had failed, a better logbook entry could have been left for the day shift operator to work on. The logbook entry gave no indication of previous pumping level and alarm sound, instead it read ”ISOM brought in so raff to unit, to pack raff with”[1]. Operators usually neglected key safety requirements, like the pre-startup checks, which would have confirmed the position of the level control valve, removed non-essential personnel from the 6
site, and potentially noticed, and dealt with, the idling truck. It could have also alerted staff to the faulty alarms and indicator, as it required manual liquid level confirmation, via a sight glass at the base of the tower; it is worth noting, that the sight glass had not been cleaned for longer than recommended and as such dark liquid had covered the glass making it unuseable. Poor communication saw the situation on the ground being badly transmitted from ground operators to board staff, which lead to a one of the most obvious causes of the disaster, the level valve was left closed for over 3 hours while liquid as fed. The valve was later opened, but staff should have instigated the location of hours of pumped liquid; if there was no liquid outflow, then there must have been a build up of liquid in the tower, this would have brought the faulty indicator (which read 2.6m and falling instead of 30m), to their attention and they could have stopped the feed and drained the tower. Following the departure of the only technically trained staff on site that day, due to a family emergency, and contrary to BP standard procedure, there was no replacement supervisor assigned to over see the startup process; this left one low experience operator (not qualified to run an entire refinery without supervision) alone to manage all 3 units at the refinery, including the iszomerizaion unit. On one end of Kletz’s spectrum, we have ways of preventing the hazard. In this case, the hazard could have been prevented had the level indicator had been designed to accommodate the full 52m height of the tower. Looking at it from the point of view of what is necessary, the level was never meant to exceed 3m, however, if operators did not stop the feed exactly when the 3m alarm was heard, they would overshoot and not know how much by. The system could have been fool-proofed by designing an automatic system that shut off liquid feed when the level reached 3m instead of just an alarm. A similar system in the blow-down drum could automatically open the sewer block valve (see figure 4) to drain the drum if it overfills; these would help prevent any instances where there’s human failure. Figure 4: Blow-down drum and gooseneck[1] 7
A similar system was already operational in the emergency relief valve, which failed to open on operator’s command, but opened when pressure exceeded maximum allowed, and this prevented a different accident of a burst pipe. In figure 3, cars can be seen parked around very dangerous equipment, there where more suitable locations for a car park than between a catalyst warehouse and a rack of pipes. Also, the CSB’s report noted poor operator display designs. The control unit did have display for amount of liquid flowing into and out of the tower, but these when on different screens, and thus meant that unless the operator suspected discrepancies in the flow, they would not check to see if the number matched. A better design would have been to have both flows on the same screen, but also to workout the different the alert the operator, or trigger an automatics protection system, if the difference exceeds an acceptable tolerance range. On the other end of Kletz’s spectrum, failures of the management, such as lack of regular equipment inspection and repairs, lead to key safety devices and instruments, level indicators, alarms and even the emergency pressure relief systems, failing to alert operators of danger; these piece of equipment where know by management to be faulty but nothing was done to repair or replace them[3]. Staff where not adequately trained and protections where not put in place to prevent catastrophic failures, the likes of which, had bee predicted as early as 1992[9]. There where no real automatic systems that would act immediately in and emergency, all systems required the intervention of an operator, and while BP required operators to work in pairs and always have one person in the control room at all times, cases of desertion where very common; on the day of the accident, an operator deserted his post hours before his replacement arrived. Management had also consistently failed to address re-occurring unsafe practices, e.g. startup without fully completed pre-startup checks, that had previously (on February 12, 1994) lead to a similar situation where the tower was overfilled. Also, reports show management failed to invest in hazard prevention and safeguard. Furthermore, huge cost cutting tactics saw the isomerization unit grossly under staffed during startup. Management had a responsibility to ensure a safe working environment for everyone on site, but years of limited funding and a growing unsafe culture saw mandated processes being ig- nored, and near misses being left uninvestigated. The main cause of the disaster was a lack of properly implemented pre-emptive measures, which would have completely prevented not only this incidence, but future ones as well. Lessons Learned The following lessons could be drawn and generalized from is disaster; 1. Follow recommend procedure: Operators should not deviate from their training, but also, managers, and supervisors should ensure protocol is strictly adhered to. 2. Alert people of potential danger: Contractors and uninvolved staff, e.g. the two in the idling truck, where not aware of the hazardous process that was going on very close to them. This could also be extended to members of the public, for example, construction site must tell, not only their employees about dangers, but passers-by that could be hurt as well. 3. Check design by Hazop: Safety equipment, in the refinery, where not designed to eliminate hazard, rather they where designed to alert of potentially dangerous situations, and thus 8
where highly susceptible to human error. Safety devices should be designed to make it almost impossible to hurt yourself and others, e.g. automatic speed limiters on high speed trains (Santiago de Compostela rail disaster)[11]. 4 CONCLUSION In conclusion, the disaster at Texas City was completely preventable. Key immediate steps by operators on the day could have prevented the accident, however, the key cause of the disaster was a continuous failure to learn from near misses, an absence of safety culture, and persistent absence of hazard prevention by management staff, even after numerous near misses on numer- ous machines. Also misplaced priorities could be blamed for the disaster, as investments in safety and hazard prevention where not made following BP’s acquisition of Amoco’s outdated (even at the time of acquisition) refinery, instead job cuts and poor maintenance culture, which saved BP hundreds of thousands of dollars, where priority. References [1] U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD. INVESTIGA- TION REPORT REFINERY EXPLOSION AND FIRE. Rep. no. 2005-04-I-TX. Texas City: U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD, 2007. Print. [2] U.S. CHEMICAL SAFETY BOARD. ”Anatomy of a Disaster.” csb.gov. U.S. Chemical Safety Board, 11 Jan. 2008. Web. 11 Mar. 2015. [3] Schorn, Daniel. ”The Explosion At Texas City.” CBSNews. CBS Interactive, 26 Oct. 2006. Web. 11 Mar. 2015. [4] Broadribb, Mike. ”Lessons from Texas City.” Lessons from Texas City (2008): 1-26. hse.gov.uk. Bp, 8 May 2008. Web. 12 Mar. 2015. [5] Michael, Jo-Anne. ”Texas City Incident Human Factor Aspects.” Hse.gov.uk. Health and Safety Executive, n.d. Web. 12 Mar. 2015. [6] Wikipedia contributors. ”Texas City Refinery explosion.” Wikipedia, The Free Encyclope- dia. Wikipedia, The Free Encyclopedia, 1 Mar. 2015. Web. 12 Mar. 2015. [7] Kalantarnia, Maryam, Faisal Khan, and Kelly Hawboldt. ”Modelling of BP Texas City Refinery Accident Using Dynamic Risk Assessment Approach.” Process Safety and Environ- mental Protection 88.3 (2010): 191-99. ScienceDirect. ELSEVIER, 1 Feb. 2010. Web. 12 Mar. 2015. [8] Dean, L. E., H. R. Harris, D. H. Belden, and Vladimir Haensel. ”The Penex Process for Pentane Isimerisation.” Platinum Metals Review 3.1 (1959): 9-11. Print. [9] Cappiello, Dina, and Anne Belli. ”OSHA Warned Refinery about Danger in 1992.” Houston Chronicle. Houston Chronicle, 8 Apr. 2005. Web. 12 Mar. 2015. [10] Hopkins, Andrew. Failure to Learn: The BP Texas City Refinery Disaster. Sydney, N.S.W.: CCH Australia, 2008. Print. [11] Wikipedia contributors. ”Santiago de Compostela rail disaster.” Wikipedia, The Free En- cyclopedia. Wikipedia, The Free Encyclopedia, 5 Mar. 2015. Web. 13 Mar. 2015. 9

Empfohlen

Texas oil refinary explosion
Texas oil refinary explosionTexas oil refinary explosion
Texas oil refinary explosionNeha Baheti
 
Accidental Short Report on Texas City Refinery Explosion 2005
Accidental Short Report on Texas City Refinery Explosion 2005Accidental Short Report on Texas City Refinery Explosion 2005
Accidental Short Report on Texas City Refinery Explosion 2005Farooq Ahmed Fk
 
Process Safety Awareness | PSM | Gaurav Singh Rajput
Process Safety Awareness | PSM | Gaurav Singh RajputProcess Safety Awareness | PSM | Gaurav Singh Rajput
Process Safety Awareness | PSM | Gaurav Singh RajputGaurav Singh Rajput
 
Bleve
BleveBleve
Bleveyoyo priyono
 
case study Bhopal gas tragedy
case study Bhopal gas tragedycase study Bhopal gas tragedy
case study Bhopal gas tragedyPratyush Maheshwari
 
Bhopal Gas Tragedy- The Night of Death
Bhopal Gas Tragedy- The Night of DeathBhopal Gas Tragedy- The Night of Death
Bhopal Gas Tragedy- The Night of DeathParidhi Khandelwal
 
Chemistry fuels and combustion
Chemistry fuels and combustionChemistry fuels and combustion
Chemistry fuels and combustionKkaran Karan
 
Deepwater Horizon Oil Spill
Deepwater Horizon Oil SpillDeepwater Horizon Oil Spill
Deepwater Horizon Oil Spilltifftai
 

Empfohlen

Texas oil refinary explosion
Texas oil refinary explosionTexas oil refinary explosion
Texas oil refinary explosionNeha Baheti
 
Accidental Short Report on Texas City Refinery Explosion 2005
Accidental Short Report on Texas City Refinery Explosion 2005Accidental Short Report on Texas City Refinery Explosion 2005
Accidental Short Report on Texas City Refinery Explosion 2005Farooq Ahmed Fk
 
Process Safety Awareness | PSM | Gaurav Singh Rajput
Process Safety Awareness | PSM | Gaurav Singh RajputProcess Safety Awareness | PSM | Gaurav Singh Rajput
Process Safety Awareness | PSM | Gaurav Singh RajputGaurav Singh Rajput
 
Bleve
BleveBleve
Bleveyoyo priyono
 
case study Bhopal gas tragedy
case study Bhopal gas tragedycase study Bhopal gas tragedy
case study Bhopal gas tragedyPratyush Maheshwari
 
Bhopal Gas Tragedy- The Night of Death
Bhopal Gas Tragedy- The Night of DeathBhopal Gas Tragedy- The Night of Death
Bhopal Gas Tragedy- The Night of DeathParidhi Khandelwal
 
Chemistry fuels and combustion
Chemistry fuels and combustionChemistry fuels and combustion
Chemistry fuels and combustionKkaran Karan
 
Deepwater Horizon Oil Spill
Deepwater Horizon Oil SpillDeepwater Horizon Oil Spill
Deepwater Horizon Oil Spilltifftai
 
Electrostatic heater treater
Electrostatic heater treaterElectrostatic heater treater
Electrostatic heater treaterSrikar Perumalla
 
Flixborough Disaster slide
Flixborough Disaster slideFlixborough Disaster slide
Flixborough Disaster slideNurul Atirah Abdul Razak
 
Bhopal gas tragedy, 1984
Bhopal gas tragedy, 1984Bhopal gas tragedy, 1984
Bhopal gas tragedy, 1984sameersailesh
 
The mexico city explosion of 1984
The mexico city explosion of 1984The mexico city explosion of 1984
The mexico city explosion of 1984Mohit Nayal
 
Pipeline Safety
Pipeline SafetyPipeline Safety
Pipeline Safetybeckyjmeier
 
Lecture 1 Crude Oil Quality
Lecture 1 Crude Oil QualityLecture 1 Crude Oil Quality
Lecture 1 Crude Oil QualityGeology Department, Faculty of Science, Tanta University
 
SEVESO DISASTER ITALY
SEVESO DISASTER ITALYSEVESO DISASTER ITALY
SEVESO DISASTER ITALYMOHD SALMAN
 
Dow Fire and Explosion Index (Dow F&EI) and Mond Index
Dow Fire and Explosion Index (Dow F&EI) and Mond IndexDow Fire and Explosion Index (Dow F&EI) and Mond Index
Dow Fire and Explosion Index (Dow F&EI) and Mond IndexEvonne MunYee
 
Significant Gas Pipeline Incidents
Significant Gas Pipeline IncidentsSignificant Gas Pipeline Incidents
Significant Gas Pipeline IncidentsThe Windsdor Consulting Group, Inc.
 
Case study of flixborough uk disaster
Case study of flixborough uk disasterCase study of flixborough uk disaster
Case study of flixborough uk disasteramanshaikh89
 
Flixborough disaster
Flixborough disasterFlixborough disaster
Flixborough disasterDiponegoro University
 
Bhopal gas tragedy
Bhopal gas tragedyBhopal gas tragedy
Bhopal gas tragedyPINKEY GUPTA
 
Overview of consequence modelling in the hazard assessment package phast witl...
Overview of consequence modelling in the hazard assessment package phast witl...Overview of consequence modelling in the hazard assessment package phast witl...
Overview of consequence modelling in the hazard assessment package phast witl...Cao Thanh Nhat
 
Chapter 13 fuel oil piping and storage
Chapter 13 fuel oil piping and storageChapter 13 fuel oil piping and storage
Chapter 13 fuel oil piping and storageAYM1979
 
Truck loading and unloading technical specification
Truck loading and unloading technical specificationTruck loading and unloading technical specification
Truck loading and unloading technical specificationCARLOS RUIZ CARDENAS
 
Work Permit System
Work Permit SystemWork Permit System
Work Permit SystemGagan Tanwar
 
HAZOP Basics
HAZOP BasicsHAZOP Basics
HAZOP Basicshossam hassanein
 
Deep Water Horizon Oil Spill (B. P. Oil Spill)
Deep Water Horizon Oil Spill (B. P. Oil Spill)Deep Water Horizon Oil Spill (B. P. Oil Spill)
Deep Water Horizon Oil Spill (B. P. Oil Spill)Syed Ali Roshan
 
Assignment piper alpha
Assignment piper alphaAssignment piper alpha
Assignment piper alphaJohnin Taimin
 
Rupture Disc Products For Industrial Process Safety
Rupture Disc Products For Industrial Process SafetyRupture Disc Products For Industrial Process Safety
Rupture Disc Products For Industrial Process SafetyCTi Controltech
 
automation
automationautomation
automationalfredo ruggiero
 
HAZOP.ppt
HAZOP.pptHAZOP.ppt
HAZOP.pptJayaKarthic1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Electrostatic heater treater
Electrostatic heater treaterElectrostatic heater treater
Electrostatic heater treaterSrikar Perumalla
 
Bhopal gas tragedy, 1984
Bhopal gas tragedy, 1984Bhopal gas tragedy, 1984
Bhopal gas tragedy, 1984sameersailesh
 
The mexico city explosion of 1984
The mexico city explosion of 1984The mexico city explosion of 1984
The mexico city explosion of 1984Mohit Nayal
 
SEVESO DISASTER ITALY
SEVESO DISASTER ITALYSEVESO DISASTER ITALY
SEVESO DISASTER ITALYMOHD SALMAN
 
Dow Fire and Explosion Index (Dow F&EI) and Mond Index
Dow Fire and Explosion Index (Dow F&EI) and Mond IndexDow Fire and Explosion Index (Dow F&EI) and Mond Index
Dow Fire and Explosion Index (Dow F&EI) and Mond IndexEvonne MunYee
 
Case study of flixborough uk disaster
Case study of flixborough uk disasterCase study of flixborough uk disaster
Case study of flixborough uk disasteramanshaikh89
 
Bhopal gas tragedy
Bhopal gas tragedyBhopal gas tragedy
Bhopal gas tragedyPINKEY GUPTA
 
Overview of consequence modelling in the hazard assessment package phast witl...
Overview of consequence modelling in the hazard assessment package phast witl...Overview of consequence modelling in the hazard assessment package phast witl...
Overview of consequence modelling in the hazard assessment package phast witl...Cao Thanh Nhat
 
Chapter 13 fuel oil piping and storage
Chapter 13 fuel oil piping and storageChapter 13 fuel oil piping and storage
Chapter 13 fuel oil piping and storageAYM1979
 
Truck loading and unloading technical specification
Truck loading and unloading technical specificationTruck loading and unloading technical specification
Truck loading and unloading technical specificationCARLOS RUIZ CARDENAS
 
Work Permit System
Work Permit SystemWork Permit System
Work Permit SystemGagan Tanwar
 
Deep Water Horizon Oil Spill (B. P. Oil Spill)
Deep Water Horizon Oil Spill (B. P. Oil Spill)Deep Water Horizon Oil Spill (B. P. Oil Spill)
Deep Water Horizon Oil Spill (B. P. Oil Spill)Syed Ali Roshan
 
Assignment piper alpha
Assignment piper alphaAssignment piper alpha
Assignment piper alphaJohnin Taimin
 
Rupture Disc Products For Industrial Process Safety
Rupture Disc Products For Industrial Process SafetyRupture Disc Products For Industrial Process Safety
Rupture Disc Products For Industrial Process SafetyCTi Controltech
 

Was ist angesagt? (20)

Electrostatic heater treater
Electrostatic heater treaterElectrostatic heater treater
Electrostatic heater treater
 
Flixborough Disaster slide
Flixborough Disaster slideFlixborough Disaster slide
Flixborough Disaster slide
 
Bhopal gas tragedy, 1984
Bhopal gas tragedy, 1984Bhopal gas tragedy, 1984
Bhopal gas tragedy, 1984
 
The mexico city explosion of 1984
The mexico city explosion of 1984The mexico city explosion of 1984
The mexico city explosion of 1984
 
Pipeline Safety
Pipeline SafetyPipeline Safety
Pipeline Safety
 
Lecture 1 Crude Oil Quality
Lecture 1 Crude Oil QualityLecture 1 Crude Oil Quality
Lecture 1 Crude Oil Quality
 
SEVESO DISASTER ITALY
SEVESO DISASTER ITALYSEVESO DISASTER ITALY
SEVESO DISASTER ITALY
 
Dow Fire and Explosion Index (Dow F&EI) and Mond Index
Dow Fire and Explosion Index (Dow F&EI) and Mond IndexDow Fire and Explosion Index (Dow F&EI) and Mond Index
Dow Fire and Explosion Index (Dow F&EI) and Mond Index
 
Significant Gas Pipeline Incidents
Significant Gas Pipeline IncidentsSignificant Gas Pipeline Incidents
Significant Gas Pipeline Incidents
 
Case study of flixborough uk disaster
Case study of flixborough uk disasterCase study of flixborough uk disaster
Case study of flixborough uk disaster
 
Flixborough disaster
Flixborough disasterFlixborough disaster
Flixborough disaster
 
Bhopal gas tragedy
Bhopal gas tragedyBhopal gas tragedy
Bhopal gas tragedy
 
Overview of consequence modelling in the hazard assessment package phast witl...
Overview of consequence modelling in the hazard assessment package phast witl...Overview of consequence modelling in the hazard assessment package phast witl...
Overview of consequence modelling in the hazard assessment package phast witl...
 
Chapter 13 fuel oil piping and storage
Chapter 13 fuel oil piping and storageChapter 13 fuel oil piping and storage
Chapter 13 fuel oil piping and storage
 
Truck loading and unloading technical specification
Truck loading and unloading technical specificationTruck loading and unloading technical specification
Truck loading and unloading technical specification
 
Work Permit System
Work Permit SystemWork Permit System
Work Permit System
 
HAZOP Basics
HAZOP BasicsHAZOP Basics
HAZOP Basics
 
Deep Water Horizon Oil Spill (B. P. Oil Spill)
Deep Water Horizon Oil Spill (B. P. Oil Spill)Deep Water Horizon Oil Spill (B. P. Oil Spill)
Deep Water Horizon Oil Spill (B. P. Oil Spill)
 
Assignment piper alpha
Assignment piper alphaAssignment piper alpha
Assignment piper alpha
 
Rupture Disc Products For Industrial Process Safety
Rupture Disc Products For Industrial Process SafetyRupture Disc Products For Industrial Process Safety
Rupture Disc Products For Industrial Process Safety
 

Ähnlich wie BP Texas City Refinery Disaster Report

Hazard operability study - in Industires and plant
Hazard operability study - in Industires and plantHazard operability study - in Industires and plant
Hazard operability study - in Industires and plantJayaKarthic1
 
Ashrae journal -_the_fundamentals_of_expansion_tanks
Ashrae journal -_the_fundamentals_of_expansion_tanksAshrae journal -_the_fundamentals_of_expansion_tanks
Ashrae journal -_the_fundamentals_of_expansion_tanksmechi01
 
Building Service II Group Assignment
Building Service II Group AssignmentBuilding Service II Group Assignment
Building Service II Group AssignmentXinYee Khoo
 
Building services 2 assignment
Building services 2 assignmentBuilding services 2 assignment
Building services 2 assignmentShao Xun Sean Thun
 
S3 SANITARY PIPE WORK ASSIGNMENT
S3 SANITARY PIPE WORK ASSIGNMENTS3 SANITARY PIPE WORK ASSIGNMENT
S3 SANITARY PIPE WORK ASSIGNMENTno suhaila
 
Pressure_Switch_Leak_Detection_F14
Pressure_Switch_Leak_Detection_F14Pressure_Switch_Leak_Detection_F14
Pressure_Switch_Leak_Detection_F14Hugo Nguyen, MBA
 
Building Services System in PKNS Complex, Shah Alam
Building Services System in PKNS Complex, Shah AlamBuilding Services System in PKNS Complex, Shah Alam
Building Services System in PKNS Complex, Shah AlamLee Pei Gie
 
Relief Systems.pdf
Relief Systems.pdfRelief Systems.pdf
Relief Systems.pdfKAhmedRehman
 
G0366046050
G0366046050G0366046050
G0366046050theijes
 

Ähnlich wie BP Texas City Refinery Disaster Report (20)

automation
automationautomation
automation
 
HAZOP.ppt
HAZOP.pptHAZOP.ppt
HAZOP.ppt
 
Hazard operability study - in Industires and plant
Hazard operability study - in Industires and plantHazard operability study - in Industires and plant
Hazard operability study - in Industires and plant
 
Ii presentation
Ii presentationIi presentation
Ii presentation
 
Ashrae journal -_the_fundamentals_of_expansion_tanks
Ashrae journal -_the_fundamentals_of_expansion_tanksAshrae journal -_the_fundamentals_of_expansion_tanks
Ashrae journal -_the_fundamentals_of_expansion_tanks
 
Sealed system components
Sealed system componentsSealed system components
Sealed system components
 
Compiled
CompiledCompiled
Compiled
 
Building Service II Group Assignment
Building Service II Group AssignmentBuilding Service II Group Assignment
Building Service II Group Assignment
 
Building services 2 assignment
Building services 2 assignmentBuilding services 2 assignment
Building services 2 assignment
 
moc0828011.pdf
moc0828011.pdfmoc0828011.pdf
moc0828011.pdf
 
S3 SANITARY PIPE WORK ASSIGNMENT
S3 SANITARY PIPE WORK ASSIGNMENTS3 SANITARY PIPE WORK ASSIGNMENT
S3 SANITARY PIPE WORK ASSIGNMENT
 
Jaipur Fire
Jaipur FireJaipur Fire
Jaipur Fire
 
Pressure_Switch_Leak_Detection_F14
Pressure_Switch_Leak_Detection_F14Pressure_Switch_Leak_Detection_F14
Pressure_Switch_Leak_Detection_F14
 
Bleve
BleveBleve
Bleve
 
MET 214 Module 6
MET 214 Module 6MET 214 Module 6
MET 214 Module 6
 
Building Services System in PKNS Complex, Shah Alam
Building Services System in PKNS Complex, Shah AlamBuilding Services System in PKNS Complex, Shah Alam
Building Services System in PKNS Complex, Shah Alam
 
Relief Systems.pdf
Relief Systems.pdfRelief Systems.pdf
Relief Systems.pdf
 
Relief systems
Relief systemsRelief systems
Relief systems
 
Abnormal Situation Management
Abnormal Situation ManagementAbnormal Situation Management
Abnormal Situation Management
 
G0366046050
G0366046050G0366046050
G0366046050
 

Mehr von Chinedu Isiadinso

Heat exchanger design project
Heat exchanger design project Heat exchanger design project
Heat exchanger design project Chinedu Isiadinso
 
4. Generator Step Up Transformer
4. Generator Step Up Transformer4. Generator Step Up Transformer
4. Generator Step Up TransformerChinedu Isiadinso
 
POWER TRANSMISSION IN ENGINES
POWER TRANSMISSION IN ENGINESPOWER TRANSMISSION IN ENGINES
POWER TRANSMISSION IN ENGINESChinedu Isiadinso
 

Mehr von Chinedu Isiadinso (10)

CW1 Report
CW1 ReportCW1 Report
CW1 Report
 
6. Balance Of Plant
6. Balance Of Plant6. Balance Of Plant
6. Balance Of Plant
 
Heat exchanger design project
Heat exchanger design project Heat exchanger design project
Heat exchanger design project
 
7. Transmission Lines
7. Transmission Lines7. Transmission Lines
7. Transmission Lines
 
5. Switchyard & Substation
5. Switchyard & Substation5. Switchyard & Substation
5. Switchyard & Substation
 
4. Generator Step Up Transformer
4. Generator Step Up Transformer4. Generator Step Up Transformer
4. Generator Step Up Transformer
 
2. Tewac Generator
2. Tewac Generator2. Tewac Generator
2. Tewac Generator
 
Renewable Energy Essay
Renewable Energy EssayRenewable Energy Essay
Renewable Energy Essay
 
POWER TRANSMISSION IN ENGINES
POWER TRANSMISSION IN ENGINESPOWER TRANSMISSION IN ENGINES
POWER TRANSMISSION IN ENGINES
 
1. Gas Turbine (9E03)
1. Gas Turbine (9E03)1. Gas Turbine (9E03)
1. Gas Turbine (9E03)
 

BP Texas City Refinery Disaster Report

  • 1. BP TEXAS CITY REFINERY DISASTER ACCIDENT & PREVENTION REPORT Chinedu Charles Isiadinso April 23, 2015 Contents 1 INTRODUCTION 2 2 KLETZ-TYPE PREVENTION TABLE 3 3 ANALYSIS 6 4 CONCLUSION 9 1
  • 2. 1 INTRODUCTION On Wednesday, March 23 2005, numerous explosions, and a fire, occurred at BP Texas City refinery, Texas, USA. The explosions and fire occurred during start-up of an isomerization unit at the refinery. The disaster resulted in 15 fatalities, over 150 injuries, and financial losses exceeding $1.5 billion (USD)[1]. Details of the Accident BP had begun a lengthy maintenance project at their Texas city refinery, which required over 1000 contractors on site along with employees. A number of trailers had been set up, close to the blow-down stack (see figure 1), to serve as offices and meeting rooms for the contractors. In the early hours of Wednesday, March 23 2005, workers began the start-up process of an isomerization unit by pumping highly flammable liquid into to a raffinate splitter tower (see figure 1), which would, normally, have ≈ 2m (6.5ft) of liquid at its base. Liquid height sensor and two alarm systems, for heights of 2m, (6.5ft) and 3m, (10ft), were installed to measure and report the height of liquid in the tower to operators, and raise alarms if the liquid reached 2m and 3m respectively. However, the sensor was designed to measure heights up to 3m, and thus there was no way to tell the amount of liquid in the tower beyond that point. As workers pumped liquid into the splitter tower, the liquid reached, and exceeded, the 3m mark, setting off the 2m alarm but not the 3m. As the liquid feed exceeded 3m, when the feed was stopped, and the height sensor reported 3m, while in actual fact, the tower is believed to have reached 4m, (13ft)[2]. Figure 1: Raffinate section of Isomerization unit[1] Following a shift change, and very poor communication, operators recommenced the start-up process, adding more liquid to the overfull splitter tower. While liquid was being pumped in, no liquid was being pumped out, as specified in the start up procedure[5], due to a level control valve being left closed. About 10 minutes later, as part of the normal process, operator lit burners in the furnace to heat up the liquid being fed to the splitter tower. With the level control valve still closed, the tower liquid level rose, and the heigh meter reported a height of under 3m; however, calculations show that the liquid reached 42m[1]. At 1 pm, the level control valve was opened, following a high pressure alarm that caused a manual relief valve to be opened; this stabilized liquid level. However, liquid leaving the tower 2
  • 3. was at a very high temperature, and on exiting the heat exchanger (which was not designed to cool down very hot liquid), induced a temperature rise (over 150o[1]) in liquid being fed to the tower. This caused liquid in the tower to boil and expand causing the liquid level in the tower to rise. Minutes later, the 52m, (170ft)[5], 586, 100l[7] capacity splitter tower was completely full, and liquid flowed through a overhead pipe, down 45m, (148ft), and forced open all 3 safety relief valves near the base of the tower; these valves redirected over 200, 000l of flammable liquid to the blow-down drum of significantly lower capacity. Similar to the tower, the blow-down drum was fitted with a liquid height sensor and an alarm, but when the drum overfilled, the alarm failed to alert operators, who continued redirecting flow to the drum. Minutes later, there was an eruption of very hot highly flammable liquid, from the top of the blow-down stack[3], which fell to the ground creating a highly flammable vapour cloud that covered the entire refinery, especially the trailers housing the contractors. Ignition of the cloud, by backfire from an idling diesel truck at about 1:20 pm, caused a number explosions and fires, and sent shock-waves for miles in all directions. Figure 2: BP Texas City Refinery Layout[1] 2 KLETZ-TYPE PREVENTION TABLE Table 1: Kletz-Type prevention table Events Immediate Steps Avoiding Hazard Management System Explosions and Fire Truck driver should have turned engine off after eruption Idling diesel truck backfires, ignites vapour cloud Do not idle truck a few meters from haz- ardous equipment Create dedicated parking space Always know where vehicles on plot are Vapour Cloud forms and expands across re- finery Sound alarm Install disaster alert system Train staff for dis- asters, the CSB report[1] showed that staff where not properly trained for abnormal situations 3
  • 4. Table 2: Kletz-Type prevention table Events Immediate Steps Avoiding Hazard Management System Blow-down stack over fills and liquid erupts Carry out disaster protocol Install blow-down drum of equal capac- ity as tower. Install modern blow-down stack, to eliminate possibility of overflow Train staff for disasters[9] Liquid in blow-down drum reaches max. capacity; high level alarm does not sound Tower is overfull, ex- pect the drum alarm to sound, and act if there’s no sound Emergency purge sys- tem when drum over fills Regular equipment inspection, due to cost cutting tech- niques, less money was available to inspect and repair faulty equipment[1] High pressure liquid force open all 3 safety relief valves; liquid is redirected to the blow-down drum Turn off feed, and purge systems Install another set of high pressure alarms for the over head pipes Tower overfills; liquid flows through over- head pipe towards re- lief valves 45m below Install overflow detec- tor to shut down pro- cess if tower overfills Liquid fed to tower causes boiling; liquid level rises to 43m, sen- sor shows decline Design location based temperature detector Regular equipment in- spection and repairs Hot liquid, from tower base, heats up tower feed Design system to mea- sure temperature of liquid in key areas (e.g. tower outlet) and alert operator of problems Operators worry about lack of outflow, level control valve is open The process had been running for over 3 hours, check what happened to liquid fed Design system to show valve status A supervisor must al- ways be present Tower high pressure alarm sound; oper- ators open manual relief valve (auto- matic emergency valves failed) Check information about flow into and out of tower and see if there discrepancies. Regular equipment in- spection Improperly calibrated level indicator shows liquid as 2.6m and falling; liquid is at 30m Show flow into and out of tower on same screen and work out in tower volume based on these Equipment inspection and repairs 4
  • 5. Table 3: Kletz-Type prevention table Events Immediate Steps Avoiding Hazard Management System Supervisor leaves due to family emergency, there is no replace- ment Request replacement supervisor Enforce requirement of at least one tech- nical staff at all times Conflicting infor- mation about level control valve is re- ceived by operator, valve is left closed Request clarification Design system to show valve status Start-up recom- mences, more liquid is added to already overfull tower, liquid level increases Carry out pre-startup procedure Improve system to allow operators see flows in and out of tower Ensure pre-startup is completed ans suc- cessful Night shift operator leaves, day shift oper- ator takes over; state of start-up process is badly communicated Make better use of logbooks Enforce BP sign over protocol, especially during hazardous processes Sensor reads 3m (ac- tual height is 4m), feed is stopped Improve sensor design First tower high level alarm sounds, second fails Stop after first alarm Regular equipment in- spection Operators ignore 2m recommended height and fill to 3m max. height Follow safety recom- mendation Enforce safety re- quirements Contract workers in trailers are not in- formed about start-up process Inform all personnel about hazardous pro- cesses Ensure everyone is out of harms way before starting hazardous processes Isomerization start-up begins, liquid is fed into splitter tower Evacuate all non- essential staff Ensure pre-startup is completed Safety culture Lengthy maintenance process; trailers are set-up close to isomer- ization unit Setup trailers at safe distance Should have followed CSB trailer citing rec- ommendations 5
  • 6. 3 ANALYSIS The accident could be blamed on a wide range of failures, from mechanical to human to process, however, the entire accident could be put down to human error. Starting at the very beginning with the location of the trailers. From figure 3, it can be seen that the trailers where set up in, potentially, the most dangerous part of the site. Trailers where setup between the catalyst warehouse and the isomerization unit (close to the blow-down drum and staff), separated from the unit by a rack of pipes carrying highly flammable liquid. Not only was this citing warned against by safety experts[1], but from figure 2, it can be seen that permanent office structures where erected reasonably far away from hazardous material and equipment, at the other end of the refinery; no deaths occurred at these permanent structures. A reasonable location, for the trailers, would have been next to the control room in the blue section of figure 2. Figure 3: Trailer area and adjacent Isomerization unit[1] Second, employees, and maintenance workers knew how hazardous the isomerization start-up process was, but no alerted the contracts (who where in the trailers) about the start-up, as such contracts where unaware of of what was happening until the eruption and explosion. Deaths could have easily been prevented if trailer staff where informed, or better still, removed from harmsway until the start-up process was complete; there was a safety meeting that day, over 300 people (employees and contractors) where in attendance and nothing was said about the startup about to begin[3]. While immediately it would not have been possible for the night shift operator to have know the second alarm had failed, a better logbook entry could have been left for the day shift operator to work on. The logbook entry gave no indication of previous pumping level and alarm sound, instead it read ”ISOM brought in so raff to unit, to pack raff with”[1]. Operators usually neglected key safety requirements, like the pre-startup checks, which would have confirmed the position of the level control valve, removed non-essential personnel from the 6
  • 7. site, and potentially noticed, and dealt with, the idling truck. It could have also alerted staff to the faulty alarms and indicator, as it required manual liquid level confirmation, via a sight glass at the base of the tower; it is worth noting, that the sight glass had not been cleaned for longer than recommended and as such dark liquid had covered the glass making it unuseable. Poor communication saw the situation on the ground being badly transmitted from ground operators to board staff, which lead to a one of the most obvious causes of the disaster, the level valve was left closed for over 3 hours while liquid as fed. The valve was later opened, but staff should have instigated the location of hours of pumped liquid; if there was no liquid outflow, then there must have been a build up of liquid in the tower, this would have brought the faulty indicator (which read 2.6m and falling instead of 30m), to their attention and they could have stopped the feed and drained the tower. Following the departure of the only technically trained staff on site that day, due to a family emergency, and contrary to BP standard procedure, there was no replacement supervisor assigned to over see the startup process; this left one low experience operator (not qualified to run an entire refinery without supervision) alone to manage all 3 units at the refinery, including the iszomerizaion unit. On one end of Kletz’s spectrum, we have ways of preventing the hazard. In this case, the hazard could have been prevented had the level indicator had been designed to accommodate the full 52m height of the tower. Looking at it from the point of view of what is necessary, the level was never meant to exceed 3m, however, if operators did not stop the feed exactly when the 3m alarm was heard, they would overshoot and not know how much by. The system could have been fool-proofed by designing an automatic system that shut off liquid feed when the level reached 3m instead of just an alarm. A similar system in the blow-down drum could automatically open the sewer block valve (see figure 4) to drain the drum if it overfills; these would help prevent any instances where there’s human failure. Figure 4: Blow-down drum and gooseneck[1] 7
  • 8. A similar system was already operational in the emergency relief valve, which failed to open on operator’s command, but opened when pressure exceeded maximum allowed, and this prevented a different accident of a burst pipe. In figure 3, cars can be seen parked around very dangerous equipment, there where more suitable locations for a car park than between a catalyst warehouse and a rack of pipes. Also, the CSB’s report noted poor operator display designs. The control unit did have display for amount of liquid flowing into and out of the tower, but these when on different screens, and thus meant that unless the operator suspected discrepancies in the flow, they would not check to see if the number matched. A better design would have been to have both flows on the same screen, but also to workout the different the alert the operator, or trigger an automatics protection system, if the difference exceeds an acceptable tolerance range. On the other end of Kletz’s spectrum, failures of the management, such as lack of regular equipment inspection and repairs, lead to key safety devices and instruments, level indicators, alarms and even the emergency pressure relief systems, failing to alert operators of danger; these piece of equipment where know by management to be faulty but nothing was done to repair or replace them[3]. Staff where not adequately trained and protections where not put in place to prevent catastrophic failures, the likes of which, had bee predicted as early as 1992[9]. There where no real automatic systems that would act immediately in and emergency, all systems required the intervention of an operator, and while BP required operators to work in pairs and always have one person in the control room at all times, cases of desertion where very common; on the day of the accident, an operator deserted his post hours before his replacement arrived. Management had also consistently failed to address re-occurring unsafe practices, e.g. startup without fully completed pre-startup checks, that had previously (on February 12, 1994) lead to a similar situation where the tower was overfilled. Also, reports show management failed to invest in hazard prevention and safeguard. Furthermore, huge cost cutting tactics saw the isomerization unit grossly under staffed during startup. Management had a responsibility to ensure a safe working environment for everyone on site, but years of limited funding and a growing unsafe culture saw mandated processes being ig- nored, and near misses being left uninvestigated. The main cause of the disaster was a lack of properly implemented pre-emptive measures, which would have completely prevented not only this incidence, but future ones as well. Lessons Learned The following lessons could be drawn and generalized from is disaster; 1. Follow recommend procedure: Operators should not deviate from their training, but also, managers, and supervisors should ensure protocol is strictly adhered to. 2. Alert people of potential danger: Contractors and uninvolved staff, e.g. the two in the idling truck, where not aware of the hazardous process that was going on very close to them. This could also be extended to members of the public, for example, construction site must tell, not only their employees about dangers, but passers-by that could be hurt as well. 3. Check design by Hazop: Safety equipment, in the refinery, where not designed to eliminate hazard, rather they where designed to alert of potentially dangerous situations, and thus 8
  • 9. where highly susceptible to human error. Safety devices should be designed to make it almost impossible to hurt yourself and others, e.g. automatic speed limiters on high speed trains (Santiago de Compostela rail disaster)[11]. 4 CONCLUSION In conclusion, the disaster at Texas City was completely preventable. Key immediate steps by operators on the day could have prevented the accident, however, the key cause of the disaster was a continuous failure to learn from near misses, an absence of safety culture, and persistent absence of hazard prevention by management staff, even after numerous near misses on numer- ous machines. Also misplaced priorities could be blamed for the disaster, as investments in safety and hazard prevention where not made following BP’s acquisition of Amoco’s outdated (even at the time of acquisition) refinery, instead job cuts and poor maintenance culture, which saved BP hundreds of thousands of dollars, where priority. References [1] U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD. INVESTIGA- TION REPORT REFINERY EXPLOSION AND FIRE. Rep. no. 2005-04-I-TX. Texas City: U.S. CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD, 2007. Print. [2] U.S. CHEMICAL SAFETY BOARD. ”Anatomy of a Disaster.” csb.gov. U.S. Chemical Safety Board, 11 Jan. 2008. Web. 11 Mar. 2015. [3] Schorn, Daniel. ”The Explosion At Texas City.” CBSNews. CBS Interactive, 26 Oct. 2006. Web. 11 Mar. 2015. [4] Broadribb, Mike. ”Lessons from Texas City.” Lessons from Texas City (2008): 1-26. hse.gov.uk. Bp, 8 May 2008. Web. 12 Mar. 2015. [5] Michael, Jo-Anne. ”Texas City Incident Human Factor Aspects.” Hse.gov.uk. Health and Safety Executive, n.d. Web. 12 Mar. 2015. [6] Wikipedia contributors. ”Texas City Refinery explosion.” Wikipedia, The Free Encyclope- dia. Wikipedia, The Free Encyclopedia, 1 Mar. 2015. Web. 12 Mar. 2015. [7] Kalantarnia, Maryam, Faisal Khan, and Kelly Hawboldt. ”Modelling of BP Texas City Refinery Accident Using Dynamic Risk Assessment Approach.” Process Safety and Environ- mental Protection 88.3 (2010): 191-99. ScienceDirect. ELSEVIER, 1 Feb. 2010. Web. 12 Mar. 2015. [8] Dean, L. E., H. R. Harris, D. H. Belden, and Vladimir Haensel. ”The Penex Process for Pentane Isimerisation.” Platinum Metals Review 3.1 (1959): 9-11. Print. [9] Cappiello, Dina, and Anne Belli. ”OSHA Warned Refinery about Danger in 1992.” Houston Chronicle. Houston Chronicle, 8 Apr. 2005. Web. 12 Mar. 2015. [10] Hopkins, Andrew. Failure to Learn: The BP Texas City Refinery Disaster. Sydney, N.S.W.: CCH Australia, 2008. Print. [11] Wikipedia contributors. ”Santiago de Compostela rail disaster.” Wikipedia, The Free En- cyclopedia. Wikipedia, The Free Encyclopedia, 5 Mar. 2015. Web. 13 Mar. 2015. 9