ABSTRACT
An official report described a boiler explosion which killed two men. The boiler exploded because the water level was lost. The boiler was fitted with two sight glasses, two low level alarms, a low level trip which should have switched on the water feed pump and another low level trip, set at a lower level, which should have isolated the fuel supply. Most of the incidents described so far have been mistakes: the designers were unaware of specific hazards, good practice or the practicalities of plant operation. Many of these designers would have benefited from a period as maintenance engineers or members of the start-up team on the plants they had designed. Surveys have shown that most safety advisers are now familiar with the concept of inherently safe design. Psychologists often say that we have reached the limit of what can be done by changes in design to make plants safer and we now need to concentrate on changing behaviour.
