The weekly Reflektion Week 29/2019
This week’s Reflektion is based on the loss of the German submarine U-1206 in April 1945. The cause of the loss was a new type of toilet.
We will be organizing another breakfast seminar in September to watch out for information at https://www.reflekt.as/events/
Is something new always positive? How do you assess the risks associated with new technology and innovation?
The German submarine U-1206 was a type VIIC U-boat launched at Danzig on 16th March 1944. The submarine was lost on the 14th April 1945 only 24 days before the end of hostilities in Europe.
A new toilet had been installed that allowed for discharge of sewage when the submarine was submerged rather than storage in a sceptic tank and then discharge when the submarine surfaced. One of the crew had used the toilet but had been unable to flush the toilet as intended. Further attempts were made to discharge the toilet contents and in one of the attempts a valve was opened that should not have been opened. Sewage and then seawater flooded into the toilet which was located in the forward section. The leak flooded the submarines batteries leading to chlorine gas formation forcing the submarine to the surface. U-1206 was then attacked by British air patrols and the commander ordered the scuttling of the submarine. One sailor died in the air attacks, three sailors drowned and 46 were taken prisoner. The crew had not received adequate instructions on how the toilet worked. The crew were also unaware of the connection between the toilet and the outside environment and the consequences of operating the valve. The valve was not labelled nor locked in a closed position and could be operated by the crew members.
I once investigated an incident where the HP flare knock out drum had inadvertently been filled with condensate. The investigation revealed that the control room (CCR) operator had manged to render the shutdown trip on a condensate vessel inoperative. The condensate had overflowed to the flare system and then to the knock out drum. The high level switch on the flare knock out drum was connected to the emergency shutdown system (ESD) and this system functioned as intended so the consequences of the incident were relatively minor. It could however have been worse, for example if the overpressure protection system had failed.
The PSD and ESD systems had recently been changed out for a modern Safety Automation System with screen-based interface and touch screen control. The CCR operator had not completed his training on the system and was unfamiliar with the man machine interface. He had been ‘playing’ with the system to become more familiar with how it worked and had inadvertently overridden two shutdown levels.
Many companies have a drive to apply new technology to improve operability, increase uptime and/or reduce costs. The companies are often focussed on the improvements to the operations and not focussed enough on the potential risks associated with the new technology. If this is the case, the challenges that are faced by the people that will use the technology may not be considered and adequate training not provided. Sufficient failure mode analyses may not be carried out and used to develop operating procedures and guidelines. The people may be expected to learn without enough instruction and understanding of the potential consequences of errors and faults. How do you ensure you get all the benefits of new technology while managing all the risks?