Microsoft Word - 1.docx


 CHEMICAL ENGINEERING TRANSACTIONS  
 

VOL. 77, 2019 

A publication of 

 
The Italian Association 

of Chemical Engineering 
Online at www.cetjournal.it 

Guest Editors: Genserik Reniers, Bruno Fabiano 
Copyright © 2019, AIDIC Servizi S.r.l. 
ISBN 978-88-95608-74-7; ISSN 2283-9216 

Near Misses from the Seveso Inspections: Use of Knowledge 
Based Methods for Safety Improvement 

Silvia M. Ansaldi*, Annalisa Pirone, Maria Rosaria Vallerotonda, Patrizia Agnello, 
Paolo Bragatto 
INAIL Italian National Institute for Insurance against Accidents at Work, Department of Technological Innovation 
s.ansaldi@inail.it 

In Italy, the 2016 campaign of Seveso inspections has been the first after the Seveso III (European Directive 
2012/18/UE) implementation. That inspection plan involved the audit of about 150 of the over 450 upper tier 
establishments. During the 2016-2017 campaigns, about a thousand documents of operating experience OE 
reports have been gathered. The aim of the paper is to describe the methods adopted for exploiting in a more 
formal way this valuable information treasure. The study adopts cognitive methods, based on different 
taxonomies and classifications, to extract knowledge useful for different aims. The paper shows some 
examples to exploit alerts for stakeholders. Results of extracted knowledge are valuable for inspectors to 
address future inspections, and for regulators to issue new guidelines.  

1. Introduction 

In recent Seveso inspections in Italy, the focus is on the study of incidents and near-miss events. The 
approach, based on near miss discussion compared with safety barriers, is considered “risk based”, as it is 
able to single out the critical issues of the safety system. In Italy, the practice of exploiting the “operating 
experience” document OE (basically the Incidents and Near Misses recorded at the site) for assessing the 
global efficiency of a safety management systems SMS, was presented years ago by few pioneers (Agnello et 
al. 2012) and today it is becoming more and more common. In 2016 and 2017 campaigns of Seveso 
Inspections, under Seveso III legislation, the new guideline has been applied for the first time by the inspection 
teams participated by INAIL, Environmental Agencies, and Fire-fighters representatives. The paper discusses 
the potential of OE’s. Section 2 describes the objectives; section 3 tells of the document archive and a brief 
overview of the state of the art for this topic. Section 4 describes the methodology proposed and the 
procedure used for extracting information and, hopefully, knowledge from this archive. Section 5 contains the 
application outcomes of two case studies.  

2. Aim and objectives 

The aim of the paper is to understand how to exploit in a more formal way the valuable knowledge contained 
into the documents archive, for addressing the inspectors’ training, upgrading the inspection activity, 
disseminating safety information, so that  to improve the safety of  the chemical industry in Italy. The paper 
discusses a methodology adopted for near miss analysis, suitable for major hazard industries under Seveso 
legislation. At the time of writing this paper, the archive have a thousand documents of OE’s gathered during 
2016 and 2017 inspections campaigns in the Seveso upper tier establishments. It is definitely out of scope of 
this paper to discuss the responsibilities of assessors, any erroneous assessments, as well as the duty 
holders for the inadequate implementation of the safety regulations. The “not blaming” culture is essential to 
learn from incidents and near misses. 

                                

 
 

 

 
   

                                                  
DOI: 10.3303/CET1977071 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Paper Received: 5 November 2018; Revised: 9 May 2019; Accepted: 30  June  2019 

Please cite this article as: Ansaldi S., Pirone A., Vallerotonda M., Agnello P., Bragatto P., 2019, Near Misses from the Seveso Inspections: Use 
of Knowledge Based Methods for Safety Improvement, Chemical Engineering Transactions, 77, 421-426  DOI:10.3303/CET1977071  

421



3. Background 

3.1 Inspection documents archive 

The archive contains two types of documents: the accident and incident reports (i.e. OE) and critical system 
CS reports. The documents gathered come from different sites, both process plants and storage depots 
operating in several chemical sectors. The OE documents are predefined forms, which the operator fills in with 
the most significant events occurred in the recent past at the plant. The contents deal with information 
referring to both the recording of the event and its analysis, including the description of the occurrence, the 
failed (or missing or misapplied) technical or procedural measures adopted for prevention or mitigation scope, 
the recovery actions undertaken, and, hopefully, the follow-up actions identified and planned as corrective 
measure for improving the safety system. Although the form is the same for all owners, the compiling mode 
varies by establishment and by type of event recorded. Their accuracy is not homogeneous and the 
interpretation of OE concept changes from one establishment to another. At a few establishments, just the 
releases of hazardous substance without consequences are registered. In other cases, reports include 
anomalies, unsafe situations, failures, and trivial errors; that is, events not directly related to major accident 
hazard. The documents are various, but represent truthful pictures of deviations occurred inside the 
establishment. In addition to these records, the archive also has the documents containing the outcomes of 
the risk assessment for all the establishments inspected the CS reports. They provide a bow-tie-based 
representation for each top events assessed, with the technical and organizational safety barriers to prevent 
the accident, those to monitor the event and its escalation, and those to mitigate the consequences, Bragatto 
et al (2017). 

3.2 Near Miss analysis: state of the art 

There is no room in this paper to discuss different methods used in the literature to manage near miss 
information. In most papers, the subject is argued from the point of view of the management, using internal 
experience for the continuous improvement of their own SMS. Significant examples are in Andriulo & Gnoni 
(2014) or in Phimister & al. (2003). Anyway, the problem is similar to the exploitation of accident databases. A 
significant example is in Jacabson & al. (2009), Sales & al. (2007) and in Kirchsteiger (1999). In Gnoni & 
Saleh (2017) near misses are discussed in the light of safety principles, independent on the industrial domain. 
The typical methods of knowledge management, including case based reasoning and text mining, are also 
used to extract useful information for safety improvements. An example is in Suzuki & al. (2006). The 
knowledge management techniques are now much more powerful than in past and widely applied in many 
different fields. Thus, an investigation of their potential for near miss management is challenging indeed. 

4. Methodology 

Each document archived has a few attributes, e.g. the industrial sector, the inspection’s year. All the other 
information requires search within textual descriptions. Thus, the huge amount of documents inhibits and 
discourages any human attempt to extract information only by reading the reports. Applying text-mining 
techniques to reduce the human efforts to select key concepts would be desirable. However, a straightforward 
application of these techniques is not enough for eliminating some noises, including namesakes, ambiguities, 
special jargons used in the company or own abbreviations, in addition to implicit and tacit concepts not clearly 
expressed but useful for understanding the event and its context. The proposed methodology suggests using 
a semantic search engine to support the experts in the search activities. Therefore, taking advantage of the 
characteristics of those tools, including dictionary management features, taxonomies, synonyms, “queries” 
become filters to reduce the set of reports and focus on the most relevant ones. Combining the use of 
taxonomies together with synonyms is the capability of looking for concepts not simply keywords, thus the 
search is like to apply a mask to the document to point out only the words pertinent to the query. A few of 
simple taxonomies corresponding to the topics of the key elements involved, including events, equipment, and 
working activities, have been defined. The use of semantic search engine is a challenge to improve the 
methods for extracting the knowledge quickly, without replacing the inspectors’ expertise and competence but 
rather as a facilitator of their work. The system adopted for testing the methodology is IBM OmniFind™; one of 
its capabilities is to provide brief summaries for each found document, dynamically generated according to the 
query, with the advantage to understand quickly the relevance of the result. Another key feature is the 
semantic proximity calculation of the outcomes with respect to the target. The procedure, described in Ansaldi 
et al. (2018), shows how the semantic distance plays a key role in decisions of improving queries, with new 
keywords, synonyms, and reducing any ambiguities. Both summaries interpretation and semantic distance 
offer remarkable advantages to the experts for evaluating quickly the document relevance with respect to the 
search. 

422



4.1 Proposed procedure 

The OE archive includes the most meaningful events occurred in the recent past at the establishments, 
including anomaly, near miss, incident, and accident. Anomaly is a deviation from the normal procedural or 
organizational operative conditions, not involving major accidents hazard MAH. In Seveso establishments, 
near miss, incidents and accidents always deal with a loss of containment, respectively, without 
consequences, or with minor or major consequences. The diagram shown in figure 1 describes a classification 
of the different types of OEs gathered into the archive. 
 

 

Figure 1: The diagram for classifying operative experiences 

The boxes correspond to the types of occurrences and their relations with respect to the top event and the 
consequences. The blue box, labelled as “No related to Top Event”, is the OE not directly concerning a top 
event, but important because highlight dangerous situations. For example, some OE report loss of 
containment of tanks collecting meteoric water, due to exceptional rainfalls. These events do not involve 
hazardous substances, but are worthy of note because involving service components that, if out of service, 
may lead to interruption of plant operation or to worst consequences. The second blue box (“Related to Top 
Event-None/minor consequences”) contains events considered as precursors of top events, but without effects 
or with minor consequences; while the third one (“Related to Top Event-Major consequences”) classifies the 
major accidents. The ellipses indicate the behavior that items of the CS report may have had in the event, i.e. 
the barriers missed, failed or worked well; the different colors indicate their commitment, green and yellow 
mean, respectively, positive and negative involvement of the barrier, grey a minor involvement. The barriers, 
concerning technological, operational and organizational aspects, play different roles including prevention, 
protection and mitigation of consequences. The OE’s report a detailed event description, thus to extract 
information on which barriers failed or worked to stop any evolution toward a major accident. Unfortunately, 
not all causes are explicitly mentioned, often an interpretation by the expert is required. Since the barriers and 
their behavior are the key point, which the search is based on, starting from the CS report, a preliminary list of 
the measures adopted was compiled. The Table 1 shows a non-exhaustive list of safety technical barriers. 
The first two columns refer to preventive ones, while the other two describe those for mitigating the 
consequences. Operation describes the functionality, while Device column provides with some examples.  

Table 1: Safety barriers 

Preventive barriers Protective barriers 
Operation Device Operation Device 
Regulate All types of valve Containment Basin, curb 
Measure/Control Level gauge, pressure gauge, thermometer, flow 

meter, procedure 
Detect gas detector, sniffer 

Alarm High, very high, low, very low of a parameter (i.e. 
level, temperature, flow, pressure) 

Release Rupture disk, relief valve

Insulate Jacket, wrap, painting, insulation, seal Emergency System block 

423



5. First results 

The methodology was applied to the OE’s archive for a couple of specific industrial types of establishments: 
refineries and chemical process plants. For each case study, firstly all the documents are classified according 
to the above definitions of anomaly, near miss or incident. Next, combinations of different concepts, including 
events, equipment, technical and organizational measures, are used for checking the most frequent 
occurrences. The events occurred mainly deal with the losses of containment, i.e. leakage, overflow, involving 
several types of equipment, e.g. lines, tanks, exchangers, pumps, or instrumentation, e.g. valves, alarms, 
measure devices. Most of these documents specify which barriers failed and which worked well to prevent or 
stop escalation of consequences; a few reports have such a short description to be difficult to understand the 
scenario in which the event occurred. According to the methodology, the search activity into the OE archive is 
an iterative process that combines different concepts to find out the most frequent similar occurrences. Tables 
2 and 3 show the results and the concepts adopted for looking into refineries and chemical establishments 
documents archive. The columns mean: the type of event, the equipment involved, the direct cause identified, 
which barrier failed, which barrier worked well; the first and the last columns show the identification of the type 
of near miss ID and the number N° of documents found, respectively. Three digits compound the ID: event, 
equipment and cause concepts. The key to reading it is that each row corresponds to a cluster of near misses 
with a strong similarity based on those concepts. The number inside the round brackets states the restriction 
of pertinent documents. 

5.1 Case study 1: refineries 

The archive contains 77 OE’s of which 14 anomalies, 60 near misses and 3 incidents, only the last two sets 
are considered for the search purposes. The near misses related to the “loss of containment on a line” (ID 
1.1.1, 1.1.2, 2.1.3) counts 17 documents; the corrosion/erosion is the most relevant cause, of which 5 are 
corrosion under insulation. Five documents refer to other causes, e.g. wrong maintenance operations or 
activities, classified as organizational. The 3.7.0 and 4.7.0 rows (Loss or fire occurred at other equipment) are 
useful for near misses counting but are meaningless for knowledge extraction, since correspond to different 
cases from each other. 

Table 2: Near misses clusters for case study 1 

ID Event Equipment Cause Barrier failed Barrier worked well N°
1.1.1 Drip/Leakage  Line Corrosion under 

insulation 
 Control procedure (3) 5 

1.1.2 Drip/Leakage  Line Organizational Procedure Control procedure (2) 5 
1.2.3 Drip/Leakage Flange Corrosion  Control procedure (1) 2 
1.2.4 Drip/Leakage Flange Failure Gasket Control procedure (1) 2 
1.3.5 Drip/Leakage Exchanger Maintenance  Control procedure (1) 2 
1.4.4 Drip/Leakage Tank Failure Draining system Control procedure (1) 2 
2.1.3 Leakage/Loss  Line Corrosion/erosion   7 
2.2.6 Leakage/Loss Flange Overpressure Pressure control  3 
2.3.4 Leakage/Loss Exchanger Failure Gasket  3 
2.4.1 Leakage/Loss Tank Corrosion under 

insulation 
  2 

3.4.4 Release  Tank Failure Level 
measurement 

Explosive sensor (1) 3 

3.4.2 Release  Tank Organizational Procedure Basin (1), level meas. (1) 2 
3.5.4 Release  Pump Failure  Gas detector (1), procedure 

(1) 
4 

3.6.4 Release  Valve Failure Maintenance (1)  3 
3.7.0 Release  Other    3 
4.1.7 Fire Line Hot operations (2) 

Contamination (2) 
 Emergency procedure (4) 4 

4.5.8 Fire Pump Leakage  Emergency procedure (3) 3 
4.3.8 Fire Exchanger Leakage, 

failure/defect 
Gasket (1) Emergency procedure (3) 3 

4.8.3 Fire Furnace Corrosion  Emergency procedure (2) 2 
4.7.0 Fire Other   Emergency procedure (3) 3 
 

424



The most frequent causes deal with equipment failures (17 reports) and the corrosion, counted into 16 
documents of which 7 are corrosion under insulation. Classified as organizational cause, there are 9 near 
misses related to wrong procedure application or incorrect workers behaviors. The group 3.4.2 contains near 
misses in which the barriers, i.e. the basin of containment and the level gauge worked well; but in one case 
the procedure for tank remediation was not correctly applied and the hazardous substance spilled inside the 
basin, in the other case the alarm was not recognized by the workers. The control procedure, daily applied in 
the refineries, counts 9 explicitly mentions in the reports for early detection of a drip or leakage of hazardous 
substances. Level gauge failure caused overfilling problems of tanks in three near misses, but in one case, a 
sensor detected the unusual quantity of flammable vapors. The near misses and incidents related to fire 
outline the activation of the emergency procedure for blocking the evolution of the event. 

5.2 Case study 2: chemical process plants 

The archive contains 221 OE of which 82 anomalies, 126 near misses and 13 incidents. All events involving 
the same type of equipment and with the largest number of occurrence are considered; for those that it is not 
possible identify the same equipment, a classification, based on preventive or protective barriers that failed or 
well worked, is proposed. Table 3 shows results for near miss linked to equipment. The near misses related to 
the “loss of containment on a valve” (ID1.2.1, 1.2.2, 3.2.1, 3.2.2, and 4.2.2) and to the “loss of containment on 
a line” (ID 1.1.1, 1.1.2, 2.1.1, and 3.1.2) count respectively 20 and 15 documents. In the first case, valve 
failure is the most relevant cause identified in 12 documents; in the second one, organizational aspects are 
more numerous and identified into 10 documents. The causes of near misses, dealing with the equipment, are 
organizational ones (30) and technical failures (26). Organizational critical issues mainly relate to missing or 
not applied procedures (10), aspects of the inspection and maintenance (15) and training (4). Technical 
failures involve broken valves (11), measure controls and inspection (8), broken gaskets and flanges (4) and 
wrong design (3). 

Table 3: Near misses clusters for case study 2 – equipment 

ID Event Equipment Cause Barrier failed Barrier worked well N° 
1.1.1 Release  Line Organizational Procedure (3), 

maintenance (1) 
Emergency procedure (2) 4 

1.1.2 Release Line Failure Project (3) Basin (2) 3 
1.2.2 Release Valve Failure Valve (4) Emergency procedure (1) 4 
1.2.1 Release Valve Organizational Training (4), procedure 

(1) 
Basin (1) 5 

1.3.3 Release Tank Corrosion Maintenance (3) Basin (2) 3 
1.3.2 Release Tank Failure Level measurement (2)  2 
1.4.1 Release Reactor  Organizational Procedure (3), 

maintenance (1) 
Gas detector (1) 4 

1.4.2 Release Reactor Failure Measure controls (2) Emergency procedure (1) 2 
2.1.1 Drip/Leakage Line Organizational Maintenance (6) Basin (2) 6 
3.1.2 Leakage Line Failure Gasket (2) Emergency procedure (2) 2 
3.2.2 Leakage Valve Failure Valve (3)  3 
3.2.1 Leakage Valve Organizational Procedure (3)  3 
3.5.1 Leakage Pump Organizational Maintenance (4) Emergency procedure (1) 4 
3.5.3 Leakage Pump Corrosion Degradation analysis (2) Detector (1) 2 
3.6.1 Leakage Flange Organizational Maintenance (3), 

degradation analysis (1)
Inspection (1) 4 

3.6.2 Leakage Flange Failure Flange (2)  2 
4.2.2 Overflow Valve Failure Valve (4), inspection (1) Emergency procedure (1) 5 
4.3.2 Overflow Tank Failure Level measurement (3) Basin (1), emergency 

procedure(1) 
3 

5.4.0 Fire Reactor  Unsuitable materials (2), 
insulation (1), seal (1) 

Emergency procedure (3) 4 

 
The Table 4 shows the events, not included in Table 3, based on the type of behavior of barriers involved. In 
the case of release, the most numerous events are due to the failure of preventive barriers (inspections, 
procedures, maintenance); the causes of drip/leakage events concern organizational aspects, too. Overflows 
are due to failures related to technical aspects (malfunctioning of pumps or damaged seals). The results also 
point out the positive role of the emergency procedures. 

425



Table 4: Near misses clusters for case study 2 – barriers 

Event N° Barrier failed Cause Barrier worked well 
Release  24 Inspection (10), procedure (7), maintenance (6) Organizational Emergency 

procedure (5) 
Drip/Leakage 5 Maintenance (3), degradation analysis (2) Organizational  
Overflow 8 Procedure (3), pump (3), gasket (2) Failure Emergency 

procedure (5) 
Fire 12 Maintenance (5), procedure (4), project (3) Failure  

6. Conclusions and future developments 

The use of text-mining systems or search engines to exploit an accident database is not new; but their use to 
near misses was not trivial.  Even though a unified format is adopted throughout Italy, the variety and the 
quality of those documents affect the knowledge extraction. In the present study, just a couple of types of 
process was considered. The results for the chemical plants are more complex than the ones of the refineries, 
because the first ones include less standardized industrial activities and different substances. The analysis of 
the real cases represents a valuable support to improve training, risk analysis, safety document management. 
The structured outcomes can provide operators and inspectors with indications and suggestions useful for 
different industrial contexts. Every year a new inspection national campaign is planned, thus in a few years 
many thousands documents will be, hopefully, collected, so that to provide the Italian Seveso stakeholders 
with a trustable source of information about accident prevention.  

Acknowledgments 

The authors are grateful to the Inail inspectors who provided the documents collected during the Seveso 
inspections, without which this study would not have been possible. 

References 

Agnello, P., Ansaldi, S.M., Bragatto, P.A. (2012). Plugging the gap between safety documents and workers 
perception, to prevent accidents at Seveso establishments Chemical Engineering Transactions, 26, 291-
296. 

Andriulo, S., Gnoni, M. G. (2014). Measuring the effectiveness of a near-miss management system: An 
application in an automotive firm supplier. Reliability Engineering & System Safety, 132, 154-162. 

Ansaldi, S.M., Agnello, P., Bragatto, P.A. 2016. Incidents triggered by failures of level sensors, CET Chemical 
Engineering Transactions, 53, 223-228. 

Ansaldi, S.M., Pirone A., Vallerotonda M.R., Bragatto, P.A., Agnello, P. 2018. How inspections outcomes may 
improve the foresight of operators and regulators in Seveso industries, CET Chemical Engineering 
Transactions, 67. 

Bragatto, P.A., Ansaldi, S.M., Pirone A., Agnello, P. 2017. Improving the safety management systems at small 
Seveso establishments through the bow-tie approach, Risk Analysis and Management – Trends, 
Challenges and Emerging Issues, Bernatik, Huang & Salvi Eds., Taylor & Francis Group, 235-243. 

Gnoni M.G., Ansaldi S.M., Bragatto P.A. 2017. A model for analyzing near-miss events by adopting system 
safety principles. ESREDA Enhancing Safety: the Challenge of Foresight. 

Gnoni M.G., Saleh J.H. (2017) Near-miss management systems and observability-in-depth: handling safety 
incidents and accidents precursors in light of safety principles. Safety Science, 91, 154-167. 

Jacobsson, A., Sales, J., Mushtaq, F. (2009) A sequential method to identify underlying causes from industrial 
accidents reported to the MARS database. Journal of Loss Prevention in the Process Industries, 22 (2), 
pp. 197-203.  

Kirchsteiger, C. (1999) The functioning and status of the EC's major accident reporting system on industrial 
accidents Journal of Loss Prevention in the Process Industries, 12 (1), pp. 29-42. 

Phimister, J.R., Oktem, U., Kleindorfer, P.R., Kunreuther, H. (2003) Near-miss incident management in the 
chemical process industry, Risk Analysis, 23 (3), pp. 445-459. 

Saleh J.H., Marais K.B., Favarò F.M. (2014). System safety principles: a multidisciplinary engineering 
perspective. Journal of Loss Prevention in Process Industries, 29, 283-294. 

Sales, J., Mushtaq, F., Christou, M.D., Nomen, R. (2007) Study of major accidents involving chemical reactive 
substances analysis and lessons learned. Process Safety and Environmental Protection, 85 (2 B), pp. 117-
124. 

Suzuki, M., Batres, R., Fuchino, T., Shimada, Y., Chung, P.W. (2006) A knowledge-based approach for 
accident information retrieval. Computer Aided Chemical Engineering, 21 (C), pp. 1057-1062. 

426