Microsoft Word - 025.docx


 CHEMICAL ENGINEERING TRANSACTIONS  
 

VOL. 48, 2016 

A publication of 

 
The Italian Association 

of Chemical Engineering 
Online at www.aidic.it/cet 

Guest Editors: Eddy de Rademaeker, Peter Schmelzer
Copyright © 2016, AIDIC Servizi S.r.l., 
ISBN 978-88-95608-39-6; ISSN 2283-9216 

Learning from Accidents – Reporting is not Enough 
Mark Hailwood 
LUBW Landesanstalt für Umwelt, Messungen und Naturschutz Baden-Württemberg, Griesbachstr. 1, 76185 Karlsruhe, 
Germany   
mark.hailwood@lubw.bwl.de 

The fire and explosion at the Nypro Works, Flixborough, UK in 1974 led to the setting up of a court of inquiry 
which reported in 1975. In the closing paragraphs of the report (Department of Employment, 1975) various 
lessons are listed as well as issues to be referred to other bodies. Two aspects are worth highlighting, as they 
have to a certain extent been lost in the mists of time. Firstly, “that the management structure should be so 
organised that the feedback from the bottom to the top should be effective.” This is not only to ensure that 
instructions are effectively carried out, but also that those responsible for certain tasks are competent, that top 
management has a clear understanding of the responsibilities and demands placed on individuals including 
the potential for overloading. The second issue which was raised, but referred to other bodies for urgent 
consideration, is that of the siting of offices, laboratories and the like well removed from hazardous plants and 
the construction of control rooms on block-house principles. This was then addressed further in their 2nd 
report to the UK’s Health and Safety Commission by the Advisory Committee on Major Hazards (HSC, 1979)  
On 23 March 2005 an explosion occurred at BP America’s Texas City refinery killing 15 workers and injuring 
170 others. All of the fatalities occurred in a temporary office container located adjacent to the ISOM-plant, but 
not associate with the start-up operations of this plant. The lessons learned and conclusions drawn from the 
various investigations regarding the location of temporary buildings as well as the feedback within the 
management structure bear stark similarities to those of thirty years before. The fact that the analogy between 
the vulnerable buildings listed in the Flixborough report and the temporary buildings for contractors had not 
been drawn is an indicator of the limits of the learning achieved.  
This is not an isolated case, but has been repeated many fold. The chemical process world needs to make 
learning the lessons, i.e. taking action where appropriate, a fundamental aspect of process safety in the 
coming years. 
This paper shows examples of the failure to learn or limits of learning achieved in the past. It raises the need 
to establish learning organisations not only in the chemical processing industry, but also within public 
authorities and academia. It confirms the requirement that learning from accidents be firmly anchored in the 
safety management system and that leadership and corporate governance are essential to achieving this and 
preventing as far as possible the disasters of the past being repeated (be it in a modified form) in the future. 

1. Introduction 

Learning from accidents is an essential element of chemical process safety, however when reading accident 
reports of recent incidents the similarity of many of the findings and also the recommendations to prevent 
future events to those contained in reports published several years previously is startling. It should also be a 
major concern to process safety specialists as it is indicative that the required learning is not taking place in a 
sustainable manner and that unless conscious steps are taken to address this, serious accidents and 
disasters are to be expected. 
"It might seem to an outsider that industrial accidents occur because we do not know how to prevent them. In 
fact, they occur because we do not use the knowledge that is available. Organizations do not learn from the 
past or, rather, individuals learn but they leave the organization, taking their knowledge with them, and the 
organisation as a whole forgets" (Kletz, 1993).  

                               
 
 

 

 
   

                                                  
DOI: 10.3303/CET1648119

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Please cite this article as: Hailwood M., 2016, Learning from accidents – reporting is not enough, Chemical Engineering Transactions, 48, 709-
714  DOI:10.3303/CET1648119  

709



2. Learning Process 

Learning, in any domain, is an ongoing process. In the process safety domain the learning from accidents 
process can be broken down into a number of elements. These elements involve different individuals and they 
will be executed at different times throughout the operational life cycle of a process facility. 

2.1 Accident investigation 

Key to learning from accidents is the investigation and analysis of the incident itself. A variety of methods, 
some of which are proprietary tools, have become established over the years. There does not, however, seem 
to be a single tool which is suitable for all types of incident and for aspects of the investigation. In carrying out 
the investigation it is important also to understand who is carrying out the investigation and with which goal in 
mind. An investigation led by prosecution authorities will be seeking to establish whether culpability of 
individuals or the organization itself can be proved. Similarly investigations by insurers will potentially have a 
focus on their business interests. 
Fundamentally an accident investigation should establish the facts with regard to what happened and when it 
happened. It should not be solely focused on the day of the fire, explosion or release of hazardous material 
but also consider the time period leading up to the incident, in particular changes in operation, organization, 
maintenance, etc. The investigation should cover technical aspects, as well as the organizational and 
management roles. 
Establishing the narrative for an incident is often not a trivial task and investigators must take care not to reject 
evidence which appears to conflict with their perception of what has occurred. Likewise assumptions that 
humans will have followed procedures, taken logical actions, noticed and occurrence or even interpreted the 
signal correctly require corroboration. 
Of interest to an accident investigation is the existence of precursors or warning signals. Very often claims are 
made that this incident has never happened before, however after detailed questioning, reconstruction and 
discussion very often similar events which due to good fortune did not reach the level of an accident can be 
identified.- 

2.2 Reporting 

Once the accident investigation has been completed a report should be written. There are a range of types of 
report with different purposes, different intended readerships and thus different styles and content. The type of 
report which intended can also have an impact on the depth of the investigation and the way it is carried out. 
Within the EU, under the Seveso Directives, reporting takes place by government authorities according to 
agreed criteria. These data feed into the eMARS database which is maintained by the Major Accident Hazards 
Bureau (MAHB) at the EC-Joint Research Centre in Ispra. The data for the database entries is generated 
through the investigation process and may be the result of reporting requirements by the operator to the 
government authorities under the national implementation of the Seveso Directive e.g. Annex VI of the Major 
Accident Ordinance in Germany (Störfall-Verordnung, 2005).  
Accidents of particular importance may lead to very detailed reports or even multiple reports covering different 
aspects and in many cases where these are reports are carried out as part of official government 
investigations they may be made publically available (see for Example CSB www.csb.gov or the UK HSE 
Buncefield investigation http://www.hse.gov.uk/news/buncefield/index.htm). 
The main beneficiary of the report of an accident should be the company in which the accident occurred. 
Therefore it is important that the report contains not only an account of what has happened, but also an 
analysis of why it happened. It should not be the goal of an accident report to apportion blame, similarly 
describing causes as being due to human error may be factually correct, but is not useful. Of greater 
importance is understanding what led to the human failing, and how this can be avoided in the future. 

2.3 Dissemination 

Accident reports which are filed or fed into a computer database do not automatically lead to learning. If the 
only people to read the report are those who write or process the report, then little is achieved. Within the 
reporting and learning from accidents process clear paths for the dissemination of reports and lessons learned 
should be defined. These may include: 

• Dissemination within the company - to other sites, other operating units, to other functions such as 
process design or maintenance and repair 

• Dissemination according to legal requirements - regulations such as the respective national 
implementation of the Seveso Directives require that major accidents are reported to the relevant 

710



authorities, which then report these incidents to the eMARS database 
(https://emars.jrc.ec.europa.eu/) . In Germany the national major accidents are also held in the ZEMA 
database (http://www.infosis.uba.de/index.php/de/site/12981/zema/index.html) maintained by the 
Federal Environment Agency. Occupational safety accidents leading to injury must be reported to the 
authorities in most jurisdictions as do significant releases of hazardous substances to the 
environment. The criteria in each case will be defined in the appropriate regulations. Not all legally 
required reporting is available to third parties. Very often it is analysed through national statistics, 
which may be broken down by industrial sector.  

• Dissemination through specialist circles and committees - there are a number of organisations which 
collect reports of accidents and then publish them either in journals or online databases. Some 
examples are: 

o IChemE Loss Prevention Panel - published in the bi-monthly Loss Prevention Bulletin, 
subscription journal, also available electronically online. http://www.icheme.org/lpb/  

o ProcessNet - publishes anonymised process safety incident reports, below the threshold of 
major accidents, but useful for learning in an online database, free access, available in 
English and German. http://processnet.org/en/incident_db.html 

o CCPS - publishes monthly Process Safety Beacon, one page reports on one aspect of 
process safety for learning purposes, free access, available in multiple languages. 
http://www.aiche.org/ccps/resources/process-safety-beacon. CCPS also maintains an 
accident database; however access is restricted to corporate members. 

o Dangerous Goods-Hazmat Group Network, made available by the Steel Tank Institute / 
Steel Plate Fabricators Association - publishes monthly bulletins of hazardous incidents 
reported in the media, very often involving petroleum or tank storage; free access. 
http://www.steeltank.com/Publications/TankUseMishaps/tabid/187/Default.aspx  

o DKL Engineering, Inc - provides a free to access compilation of sulfuric acid related 
accidents http://www.sulphuric-acid.com/techmanual/Plant_Safety/safety_accidents.htm  

o ARIA - a database provided by the Bureau for the Analysis of Industrial Risks and Pollution 
(BARPI) of the French environment ministry with a searchable database containing over 
40 000 incidents. All reports are in French and a large proportion available in English. 

Whichever path is chosen for the dissemination of information a bi-directional process should be maintained of 
both reporting as well as actively researching those accidents which are pertinent to the activities of the 
operator and distributing these lessons back along the information chain. 

2.4 Instigating learning 

Learning in any sphere of knowledge is a process. It is rarely an instantaneous event and often requires 
repetition in some form or other. Many major corporations have accident reporting systems in place which 
have been running for many years. Employees are often informed of occurrences either through the computer 
system (e-mail) or through a posting on a noticeboard. These methods do present a large opportunity to be 
ignored and need to be continually reviewed with regard to their effectivity and the need to draw attention to 
the contents. Many companies choose to highlight incidents within weekly meetings, making it the first item of 
the agenda. It is important here to avoid monotony and a blasé attitude from those who do not believe that this 
item applies to them. One alternative approach is to ensure that the information is not always presented by the 
safety specialists, but shared around so that the responsibility and recognition of the relevance of safe 
operation and learning from accidents is developed throughout the organisation. 
One of the most important aspects of learning is having identified that an accident is relevant to the process 
plant operation being considered to take action. This action means that the company must investigate its own 
plant in detail and then take the appropriate measures to prevent a repetition. The measures may be technical 
or organizational. Regardless of the form they take the must be implemented within the management of 
change framework. This ensures that changes in technology or procedures are appropriately documented and 
that the necessary training regarding the changes also takes place.  
 

711



2.5 Managing the process 

Within the operation of a chemical process facility there are many opportunities for learning. However unless 
learning is built into the systems and processes it is impossible to ensure that appropriate learning from 
accidents is achieved within the organization. This means that at particular points within the safety 
management system processes and procedures need to be established as well as responsibilities assigned 
and control and review by senior management carried out at appropriate time intervals. Such processes and 
procedures should at least address: 

• The reporting and investigation of accidents / process safety incidents. 

• The communication of information on process safety incidents at management meetings. 

• The route for the dissemination of information regarding incidents which occurred within the facility. 

• The researching of relevant accidents at the design assessment stage of a chemical process. 

• The researching of relevant accidents for periodic safety reviews, the safety report (Seveso), 
emergency planning scenarios 

• The integration of information and lessons learned from accidents into training of staff at all levels, 
including tool-box talks for operators, fitters, electricians, etc.; induction of new engineers or new 
managers into a plant or facility. 

The control and review processes by senior management should not only note whether the activity has been 
executed, but also consider how effective the processes and procedures are in learning the lessons from 
accidents. 

2.6 Public Authorities 

Not only industry needs to learn the lessons from accidents, but also public authorities and their employees, in 
particular those with responsibility for permitting and inspecting hazardous facilities. If inspectors are not 
aware of what the causal factors of accidents are, then they have little opportunity to make a targeted 
assessment as to whether an operator has taken all measures necessary for the prevention of major 
accidents, which is however one of the fundamental requirements of the EU Seveso Directives. 
This means that public authorities as organizations need to institute mechanisms and processes which allow 
their employees to learn about those accidents which are relevant to the hazardous facilities which they 
supervise and also allows for information transfer across industrial branches.  
This is an activity which must be organized and structured. It cannot be left to chance interests and 
enthusiasms of individuals. It must be seen as part of the professional development of public authority 
employees in the field of process safety. 

2.7 Academia 

Many academic courses in chemical engineering involve the teaching of design principles; however how many 
of these address the issues of the risks due to changes in design or the lessons learnt from accidents which 
have influences design principles? Unless students learn at an early stage in their professional career that 
knowledge is continually developing and that all systems can fail, they will not appreciate the need for 
mechanisms to investigate accidents or the need to assess their own designs for failure potential and to 
integrate lessons learned from past accidents into their own work.  

3. A Review of missed opportunities  

A number of major accidents could have certainly been prevented if the lessons learned from that event had 
resulted in the adoption of the necessary measures. When challenged the claim is often made that the lessons 
were not publicized. In reality it becomes apparent that in many cases particular deficiencies exist: 

• A lack of proactive searching for potentially relevant accidents within organisations. 

• A lack of recognition of similarity between situations, allowing a transfer of lessons from one domain 
to another without them being identical in all aspects. 

• A lack of awareness of events beyond the usual boundaries of operation, often the national borders. 

• A lack of preparedness to change and adapt and actually learn from others. 

712



Whilst hindsight is invariably better at identifying the previously missed opportunities than beforehand, the fact 
that missed opportunities exist suggests that there are likely to be systemic failings which need to be 
addressed.  

Table 1:  Missed opportunities for learning and repeated accidents  

  Missed opportunity for learning  Repeated accident 
1974 Flixborough (UK) Dangers posed by a vapor cloud

explosion to vulnerable buildings
(Report of the Court of Enquiry, 1976) 

 2005 BP Texas City (USA) 

1985 Naples (IT) 
1983 Newark, NJ 
(USA) 
 

 Overfilling of gasoline storage tanks
can lead to a large explosive 
atmosphere 

 2005 Buncefield (UK) 

2001 Tolulouse (FR) 
and others 

 The explosive nature of ammonium
nitrate fertilizer 

 2013 West, Texas (USA) 

1988 Shell Norco
(USA) 

 Failure of an elbow below a water
injection point due to erosion 

 2001 Conoco Phillips, Humber Refinery, 
UK 

1986 Schweizerhalle
(CH) 

 Risks to trans-boundary rivers posed 
by fire-water runoff from a chemical
accident 

 2005 Jilin, (CN) 

1991 Culemborg (NL)  Failure to classify pyrotechnics
correctly and store them appropriately 

 2000 Enschede (NL) 

1976 Icmesa (IT) - so 
called Seveso disaster
and many others 

  The need for effective control of heat
transfer (cooling) and process
parameters for exothermic chemical
accidents  

 1993 Griesheim (DE) 
1998 Morton International Inc. NJ (USA)
2004 MFG Chemical Inc. GA (USA)
2012 Wülfrath (DE) 
as well as many other run-away 
reactions 

4. Future strategies 

Companies operating major hazard facilities need to develop systems to not only report and learn from their 
own accidents and near misses, but also through the use of databases and reports from the accidents of 
others. This knowledge must be utilized within all stage of a facilities operation, in particular the design 
operation, inspection and maintenance.  
Public authorities must ensure that when accidents occur, that they are thoroughly investigated and that the 
causes and lessons learned are communicated. In doing so it may be appropriate to provide electronic 
resources to collect and document this knowledge and make it accessible to third parties. Public authority 
inspectors need to be aware of the relevant accidents in relation to the facilities which they inspect and ensure 
that the lessons learned elsewhere are evaluated and appropriate measures taken. 
Academic institutions and those organizations offering training courses should address the need to learn from 
accidents in the development of their educational programs. There needs to be an understanding that 
engineered systems can and will fail, and that there is a need to develop knowledge on failure mechanisms, 
accident investigation techniques and on learning processes. It is important that awareness is raised for those 
accidents  

5. Conclusions 

There are very few, if any, new accidents. The accidents which occur are repeats of accidents which have 
gone before. They may not be absolutely identical; however they have sufficient similarities, that through the 
application of previous lessons learned they would have been at least foreseeable and most probably 
preventable. Accident reporting mechanisms which do not result in knowledge transfer and the taking of 
appropriate action are data cemeteries. Only through active sharing of information, that is telling the stories at 
meetings, conferences, through publications or education will the accident reports gain awareness. Once 
awareness has been gained those responsible for design, permitting, audit & review processes and 
government inspection must take appropriate action to ensure that lessons are truly learned. 
 
 

713



Reference 

 
CSB, 2007, U.S. Chemical Safety and Hazard Investigation Board Investigation Report, Refinery Explosion 

and Fire, BP Texas City, Texas, March 23, 2005, Report No. 2005-04-I-TX, 
http://www.csb.gov/file.aspx?DocumentId=345  

Department of Employment, 1975, The Flixborough disaster - Report of the Court of Inquiry, HMSO, London, 
Available online: http://www.icheme.org/communities/special-interest-
groups/safety%20and%20loss%20prevention/resources/hse%20reports.aspx 

HSC, 1979, Health and Safety Commission, Advisory Committee on Major Hazards, Second Report 
http://consultations.hse.gov.uk/inovem/gf2.ti/f/4194/126437.1/PDF/-/acmh2.pdf  

Kletz, T., 1993, Lessons from disaster - How organisations have no memory and accidents recur, Institution of 
Chemical Engineers, United Kingdom 

Seveso III Directive, 2012, Directive 2012/18/EU of the European Parliament and of the Council of 4 July 2012 
on the control of major-accident hazards involving dangerous substances, amending and subsequently 
repealing Council Directive 96/82/EC, O.J. L 197, 25.07.2012, p.1 http://eur-lex.europa.eu/legal-
content/EN/TXT/?uri=CELEX:32012L0018  

Störfall-Verordnung, 2005, Zwölfte Verordnung zur Durchführung des Bundes-Immissionsschutzgesetzes 
(Störfall-Verordnung) vom 08.06.2005, BGBl. I S. 1598, zuletzt geändert am 14.08.2013, BGBl. I S. 3230 

 

714