Reliability And Availability Assessment
The Bhopal city is located in the central India. In 1984, about 1.4 million people lived there, and the region was growing and developing. Therefore, there was a need to increase the productivity of fields. This could be reached by pesticides application.
Answering the need, the Union Carbide (UC) built a plant that produced sevin, the insecticide. The UC plant was located five miles away from Bhopal. In 1972, UC published the internal report that recommended using West Virginia (WV) plant as a sample project. If a new plant was to be constructed, it had to be as good as WV plant. However, Indian facility project has gone through several cost-cutting programs (Labib & Champaneri 2012). This resulted in severe process safety degradation.
The disaster was caused by consequences of the events that took place because of design imperfections. In his work, Chouhan (2005) states that the disaster was not an accident. He claims that the disaster could have been avoided, providing appropriate design and maintenance. The Technical Causes of Failure from a Design Perspective Piping Material The UC used carbon steel (C-Steel) piping instead of stainless steel (304 SS) piping used in WV facility. The carbon steel is more corrosive.
Water that penetrated into MIC tank contained the corrosion particles, which catalyzed the reaction in the tank (Chouhan 2005). Process Control The process was controlled manually, without any computerized control installed. For WV plant, the system controlled and monitored leaks, their rates and concentrations and was connected to alert system (Labib & Champaneri 2012). The Systems for Toxic Gases Neutralization The Bhopal plant had one Vent Gas scrubber (VGS) installed. When it was under maintenance, the plant released the toxic gases to the atmosphere.
In the night of disaster, the toxic gases were released through the VGS. The sample design of WV plant had inbuilt redundancy of VGS, namely four VGSs without atmospheric vent. This enabled around the clock operation of VGS, despite the maintenance procedures (Labib & Champaneri 2012). Flare towers were installed to burn out occasional releases of toxic vapors. Bhopal plant had only one flare tower, which was under maintenance, as well. The successful project was supposed to have at least two flare towers.
In addition, at WV plant, the flare towers were designed to burn the emergency releases of toxic gases. It is important to note, that VGS and flare tower were not designed to neutralize or burn the high volume releases. Providing VGS and flare tower were operating, they would not be able to prevent the disaster. The Bhopal facility was equipped with water spray systems. These were used to knock out the toxic chemical vapor by spraying large volumes of water.
The staff applied the water spray systems as the release became evident. However, the gases were released through 100 ft. pipe, and the water sprays could not reach the gas (Eckerman 2005). Thus, system appeared useless. MIC storage The unit storage tank between the MIC manufacture and storage tankwas supposed to be installed.
It aimed to provide MIC purity assurance (Labib & Champaneri 2012). Pipelines construction At the Bhopal facility, the lines from storage tanks and other equipment joined and lead to flare tower and VGS. Thus, the probability of MIC contamination was high. For the WV plant, the storage tank lines were separated from other equipment. On the night of disaster, the slip blind at the line that joined MIC storage tank and equipment, was opened.
During equipment washing, water entered the tank (Chouhan 2005). Consequences of Failure On December 3, 1984 UC Pesticide plant, released toxic gases. The gases were released form the tank that contained 42 tons of methyl isocyanate (MIC). The content of cloud formed from the released gases is not known, and there are many suggestions about that (MIC, its trimers, nitrogen oxides, carbon monoxide, chlorinated hydrocarbons etc.).
The UC Chief Engineer did not deny that highly toxic hydrocyanide acid could be present in the cloud. People suffered from severe lung injuries, including lethal. Some people were half-blinded; some foamed at the mouth and vomited. Obviously, the released gases were heavier than air. This resulted in higher injuries for children as they were exposed to higher concentrations than adults, so the rate of death among children was higher.
MIC cloud killed about 3,000 people (some repute the total of 20,000). Many people required psychological rehabilitation (Eckerman 2005).In the morning after the disaster, people’s bodies laid on the streets, along with the corpses of cats, dogs, buffalos and cows. Few days later, the trees leaves fell off, and the grass became yellow. Approximately 120,000 suffer from the long-term effects of the disaster today (Labib & Champaneri 2012).
People have bad co-ordination, chronic pulmonary insufficiency, experience decreased resistance to lungs and airways infections. Analysis of the Causes of the Failure Fault Tree Analysis We use the technical causes of failure from a design perspective, discussed in the first section, to build a Fault tree analysis (FTA). It allows identifying the events that caused the failure. By calculating the probability of occurrence of the lowest events, we will obtain the probability of occurrence of the top event (plant failure). We identified the following events that contribute to failure. Then, we estimate the probability of every event.
We should consider the plant operational time before the disaster happened which is 5 years, or 5 ? 365 = 1825 days ? 24 = 43800 hours. Ineffective VGS. The system failed because of atmospheric vent. The event lasted for 2.25 hours (duration of the disaster) during the operational time (Eckerman 2005). The failure probability is P(1) = 2.
25 / 43800 = 5.1%u221910-5. Ineffectiveness of water spray system. This system failed 1 day during the operational period. The water was supposed to cover 1/5000 of the plant territory (Labib & Champaneri 2012).
Thus, P(2) = (1/5000) / 1825 = 1.1%u221910-7.
Absence of automatic control, all failures detected by humans. Labib & Champaneri 2012 assumed that staff identified 20,000 failures and missed 10%, which is 2,000. P(4) = 2000/20000=0.1. Non-operating flare tower. This fault was caused by two reasons.
The flare tower was incapable of burning the emissions (9), and it was under maintenance (10, no redundancy). The flare tower failed to handle the emissions for 2.25 hours, P(7) = 2.25 / 43800 = 5.1%u221910-5.
Since there was only one flare tower, instead of two as for WV project, P(8) = (1/2) / 43800 = 1.1%u221910-5. Absence of MIC storage tank. Suppose, the purity check was to be fulfilled once a week, that is 5 years ? 52 weeks = 260 times. P(6) = 260/1825 = 0.14 (Labib & Champaneri 2012).
For these events, we build the FTA, taking into consideration that (7) and (8) are intermediate events (Fig. 1). For (5) the probability (P) is calculated as P(5) = P(7) + P (8) – P(7) %u2219 P(8) = 5.1%u221910-5 + 1.1%u221910-5 – 5.1%u221910-5 %u22191.
1%u221910-5 = 6.2%u221910-5 – 5.61%u221910-10 = 6.2%u221910-5. Minimal Cut Set Single events and their combinations that caused the disaster can be identified by minimum Cut Set using the Boolean algebra.
As a result, we obtain a new fault tree, which is logically equivalent to the original (Figure 1). The events beneath the plant failure event are minimal cut sets, which are event inputs necessary and sufficient to cause the top event (Ishizak 2011). We replace OR gates for failure 5 with its probability and obtain: Plant Failure = P(1) + P(2) + P(3) + P(4) + P(5) + P(6) = P(1) + P(2) + P(3) + P(4) + P(7,8) + P(6). This means that plant failure occurs if either of failures 1-4 or 7, 8, 6 occurs. Minimum Cut Sets are 1, 2, 3, 4, 6, 7, 8 failures. Figure 3 represents the new fault tree.
Failure Probability for the Top Event Basing on the data provided by Figure 3, probability of the plant failure from the design prospective is P(plant failure) = P(1) + P(2) + P(3) + P(4) + P(5) + P(6) = 5.1%u221910-5 + 1.1%u221910-7 + 0.04 + 0.1 + 6.
2%u221910-5 + 0.15 = 0.266. For the Bhopal plant, the probability of failure from the design prospective was 0.266, which means that the plant had to fail one time every 4 years. This confirms the words of Chouhan (2005): “the disaster that was waiting to happen”.
In this study, we did not analyse the other possible causes of the disaster, as management decisions, plant maintenance, and workforce. Conclusions The Bhopal disaster is the significant example of the safety design importance. Apparently, if a plant had been constructed on the pattern of WV plant, the disaster would never happen. FTA proves the plant design constituent in the failure probability is high.