Safety Lesson Learned: Electrical Failure
Location of Incident: Coryton Refinery, UK
Brief Account of Incident
On 15th September at 08:45hrs local time, a fault developed on the external electrical distribution network that ultimately resulted in all Refinery Units apart from the crude unit and the Boiler House shutting down. The Refinery HV protection system sensed the fault and disconnected the Refinery from the external grid. This resulted in the automatic operation of the Refinery power load shedding system. Prior to the incident the refinery was operating normally.
As a result of the initial disturbance some electrical drives tripped, but either re-accelerated or auto-started. However, on the Continuous Catalytic Reformer (CCR) the Waste Heat Boiler Feed Water Pump (BFW) did not auto-start, resulting in a controlled shutdown of the CCR Unit. The CCR is the only hydrogen producing unit for the Refinery and the loss of a hydrogen supply resulted in a domino shutdown of other hydrogen dependent units.
At approx. 08:55hrs, critical control equipment on the Cracking Complex control console in the Central Control Building (CCB) started to fail due to a fluctuating supply voltage. In response to the lack of unit displays and with the knowledge that the majority of Refinery units were shutting down, the decision was made to shutdown the Cracking Complex whilst control was still available.
Outcome
There were no injuries or any significant environmental emissions during the Refinery shutdown. The lost opportunity cost of the shutdown has been estimated at $10.5MM.
Critical Factors
1. Incorrect co-ordination between the external power supply network and Refinery network protection systems.
2. Failure of the CCR BFW pump-motor drive to auto-start.
3. Voltage fluctuations on the Uninterruptible Power Supply (UPS) system distribution network supplying the CCB.
System Causes
1. Inadequate technical design, input obsolote – Refinery and the external power supply protection system settings are not properly coordinated.
2. Insufficient knowldege transfer – there was a lack of understanding around the full functionality of the auto-start facility when only the duty pump/motor was available.
3. Inadequate evaluation and/or documentation of change – the wiring mode were not adequately evaluated and technical query was not issued.
What Went Wrong
- Poor operation/reliability of Production radio communications system.
- Delays in start-up due to piping failures in Product Movement Area.
What Went Well
- there were no injuries or significant environmental incidents during the Refinery shutdown.
- the Refinery power load shedding system (SCADA) operated as per design.
- the Major Incident Team effectively managed the incident with tremendous team support from all Refinery Department.
- Boiler House facilities including steam and power generation remained on-line.
- All units were made safe and abnormal start-up procedures instigated and followed.
Safety Lesson Learned
1. Need to periodically conduct System Studies and Interconnection Studies to ensure correct settings on electrical protection systems.
2. Need to understand the full functionality of pump auto-start facilities. Realize they can be different in design and functionality.
3. Equipment installations especially on UPS and Safety Critical systems must be thoroughly tested before commissioning.
GET INFO ON SAFETY INCIDENT TOPIC FOR YOUR SAFETY TALK TOPIC AND SAFETY LESSON LEARNED
Blog Archive
Saturday, October 13, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment