Incident Investigation Logic Tree Methods - PowerPoint PPT Presentation

incident investigation logic tree methods l.
Skip this Video
Loading SlideShow in 5 Seconds..
Incident Investigation Logic Tree Methods PowerPoint Presentation
Download Presentation
Incident Investigation Logic Tree Methods

play fullscreen
1 / 23
Download Presentation
Incident Investigation Logic Tree Methods
Download Presentation

Incident Investigation Logic Tree Methods

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Incident Investigation Logic Tree Methods Dennis C. HendershotRohm and Haas Company, retired SACHE Workshop September 2005 Bristol, PA

  2. Purpose of Incident Investigations • System improvements • Not choosing scapegoats • You must set the tone!

  3. Logic Tree • Start with the incident as the top event • It may be useful to start with a generic top tree • Damaging agent in a location • Employee or equipment in location • Employee or equipment in contact with damaging agent long enough to cause • Injury • Damage

  4. Generic Top Level Logic Treefor Incident Investigations Injury or Equipment Damage Injured (or damaged equipment) in contact with Causative agent AND Causative agent Present (fire, pressure, chemical) Contact with causative agent long enough to cause injury AND AND OR C A B

  5. Logic Tree • Choose one second level event • Determine causes • Draw causing events on logic tree • Keep asking "Why?" and • Draw causes on treeFollow one branch to basic (root) system cause • Includes • Training • Management systems • Culture • Repeat for the other events

  6. AND "AND" Gate All events entering this box must be true in order for this event to be true Event A Event B

  7. Event B Event A Test the Logic at Each Step All events entering this box must be true in order for this event to be true AND • For each event, ask, “If this event does not happen, would the event above occur?” • If no, the event stays as a cause. • If yes, the event is not a cause.

  8. OR "OR" Gate If any event entering this box is true, then this event is true Event B Event A

  9. When to Stop • At System Level • Broader areas affected than this incident • Systems, rather than peopleTypical: management systems, design systems, training systems • When needed expertise is lacking • May need instrument expert (or vendor expert) to explain why a control device failed a certain way. • May need manufacturer when we can't figure out why cooling tower fan blades are failing.

  10. Writing Events • Stick to the Facts • Avoid drawing conclusions • Clearly label conclusions • Indicate direct quotations of witnesses

  11. Stick to Facts • Box Says • “Goggle area" sign too high to see easily • Facts Are • Sign is high • Conclusions Drawn • Signs cannot be easily seen

  12. Determining Causes • Generic logic tree • Top level event • Second level events • Keep asking"WHY?" • "AND" gates • "OR" gates • Common mode failures • System level causes • Test the logic

  13. Test the Logic • Test the logic against the sequence of events and the facts. • Does the tree support the facts? • does the tree explain all the facts? • Is the tree supported by the facts; • are additional facts or assumptions needed to support the tree? • The events below each gate must be necessary and sufficient to cause each event • If there are gaps, modify the tree or get more facts.

  14. Recommendations • Look at each bottom level event. • Attempt to make a recommendation to prevent that event from occurring, or • To mitigate it, if it does occur. • Look at structure of tree. • Attempt to add "AND" gates to the tree. • Selection basis for recommendations: • Protection provided • Frequency of challenge, • Cost of recommendation. • Management will address each recommendation and document what was done.

  15. Peroxide Drum Explosion1998 Loss Prevention Symposium Paper 6c

  16. MCSOII Logic Tree (1)

  17. MCSOII Logic Tree (2)

  18. MCSOII Logic Tree (3)

  19. MCSOII Logic Tree (4)

  20. Logic Tree Advantages • More structure • Good display of facts • Encourages “Out of the Box” thinking • Displays cause and effect • Shows simultaneous events • Captures common mode failures • Shows "AND" - "OR" relationships • If keep asking "Why?", can lead to deep system problems

  21. Logic Tree Disadvantages • Can get bogged down in discussions about the logic structure • Requires good facilitator to manage discussions • If something appears to be important, get it written down somewhere, worry about detailed logic later • Logic can become complex, if too rigorous • Can miss deep cultural issues • Some background items might not fit easily in the tree (impact many branches)

  22. Some Incident InvestigationResources and Articles • Book: • Center for Chemical Process Safety (CCPS) (2003). Guidelines for Investigating Chemical Process Incidents. 2nd Edition. American Institute of Chemical Engineers, New York. • Papers and Articles • Anderson, S. E., and R. W. Skloss (1992). “More Bang for the Buck: Getting the Most From Accident Investigations.” Plant/ Operations Progress 11, 3 (July), 151-156. • Anderson, S. E., A. M. Dowell, and J. B. Mynaugh (1992). “Flashback From Waste Gas Incinerator into Air Supply Piping.” Plant/Operations Progress11, 2 (April), 85-88. • Antrim, R. F., M. T. Bender, M. B. Clark, L. Evers, D. C. Hendershot, J. W. Magee, J. M. McGregor, P. C. Morton, J. G. Nelson, and C. Q. Zeszotarski (1998). “Peroxide Drum Explosion and Fire.” Process Safety Progress17, 3 (Fall)), 225-231.

  23. Incident Investigation Exercises • Incident 1 – Emergency relief system catch tank rupture • Groups 1, 3, 5 • Incident 2 – Sodium hydroxide dilution tank eruption • Groups 2, 4