|
This illustrates the “if – then” syllogism form of the “did nots;” e.g., HAZOP studies missed credible scenarios of vessel overfilling because of extruder malfunctions,
which we now know are credible because they happened. That leads to the “double conditional negative”; i.e., the HAZOP didn’t identify the scenario, so it didn’t
recommend appropriate safeguards. But why? This is also known as the “if we had some ham, we could have had ham and eggs, if we had some eggs” analysis.
“During the 1990 HAZOP, the team recognized that high pressure could occur in the reactor knockout pot if the emergency pressure relief system discharge line was plugged with solidified polymer. A recommendation was made to provide a system to ensure the line was clear during operation, but no such system was established.”
This exemplifies the reverse syllogism: “then – if,” compounded by the passive-voice whine that somebody (who?) didn’t establish a feasible system to avoid the mishap.
“In the 1999 HAZOP, the team determined that the emergency pressure relief system was an adequate safeguard in the event of plugging the normal vent. They did not
recognize the credible scenario that both the normal and emergency vents could simultaneously plug with polymer, as occurred on March 13.”
This “did not” lets the HAZOP team off the hook by stopping the investigation report before it gets to the critical answer to why the team didn’t recognize a credible scenario. Was it ignorance of the system’s operational characteristics? Or lack of imagination? Or missing design data? Or cover-up for institutional deficiencies? If we don’t know why the system broke, we can’t define the problem and fix it.
|
