San Bruno – organisational analysis

If you are in this industry you must be aware of the San Bruno failure in September 2010. The immediate causes are now well known.  Equally interesting is recent analysis of the underlying organisational failures in both the pipeline owner and the regulator which allowed a catastrophic latent defect to remain undetected for over 50 years. Jan Hayes of ANU and the EPCRC has reviewed the organisational factors that contributed to this disaster. She spoke about the findings at the APIA Convention in Adelaide, and for members of the APIA Research and Standards Committee the full report is available from the EPCRC website (RP6.4-02). The detailed analysis and linking of technical and organisational failures is good reading.

Some of the findings reported seem to be unique to the USA, where the pipeline industry is much older and hence has accumulated a number of legacy issues. Nevertheless I would like to highlight a few selected points for the Australian industry:

  • Avoid disconnects between risk/safety management and real world performance. Actions must be linked to consequences. The PG&E integrity management system was divorced from field data and took on a life of its own that had no grounding in reality. This is a warning that systems can take on a symbolic value that is detached from the originally intended use of the system, especially when divorced from any real world feedback. Risk management is always problematic when the model itself becomes reality. I think (hope) that the AS 2885 SMS process minimises this problem, but it is not inconceivable that it could be misused.
  • In particular, blind compliance divorced from risk assessment does not assure safety. Compliance with standards and regulations is not enough – either to prevent accidents or to meet overall legislative duties in a duty of care regime. AS 2885 is a minimum standard.
  • Identification of risks must be wide-ranging, not constrained by models or preconceptions or compliance with rules. The SMS process explicitly requires this approach, but I have too often seen it misused through thoughtless application of checklists as discussed in the comments to the previous post.
  • Good regulation is a benefit to the industry as well as the community. Some companies may need to be protected from themselves. More importantly, the rest of the industry needs to be protected from such companies. A serious failure caused by a maverick could have drastic repercussions for all the conscientious players. Effective regulatory oversight of the whole industry protects the whole industry.

The final section of the EPCRC report on San Bruno contains a list of probing questions that companies and pipeline managers should ask themselves to assess how well they are avoiding the organisational problems that lead to catastrophe. Worth reading and applying.

This entry was posted in Incidents, Research, Risk assessment, Standards. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s