Classic Cases
Accident details:
Prior to the accident, Unit #4 had 115MW of active power, 30MVar of reactive power, and a frequency of 49.99Hz. Power plant technicians were working at the DCS engineering station, downloading and updating the control software. After the download, DPUs #27, #6, and #11 in the DCS system malfunctioned, requiring DPU switching. DPU #6 successfully restarted, and DPU #26 successfully switched to main control. DPUs #1 through #7 in the DCS system subsequently restarted and switched. The DCS system was reset, all interlocks and automatic functions were automatically released, the displayed data showed bad points, the control signal for the pulverizers automatically reset from 1 to 0, all pulverizers stopped operating, and the boiler was extinguished. Operators found that load reduction on the DCS screen was ineffective, and the boiler steam temperature and pressure dropped rapidly.
Cause of accident:
While working at the DCS engineering station, staff performed an initialization download of the system, causing the DCS system to reset. All interlocks, automatic functions, and CRT displays malfunctioned, the boiler went out, and operators had to trip the power switch to shut down the system.
Problems exposed by the accident:
1. Inadequate supervision and management of personnel from external manufacturers and failure to strictly implement the electronic room management system resulted in a DCS reset, boiler fire extinguishing, and malfunctions of interlocks, automatic functions, and CRT displays when personnel from a certain company were working at the DCS engineer station.
2. The safety measures, technical measures, abnormal accident handling measures and operational plans for ensuring power supply to the plant and main equipment were insufficient. The DC oil pump was not started manually in time, resulting in the unit's bearings collapsing when the AC oil pump lost power and the DC oil pump did not work in conjunction with it.
Preventive measures
1. All factories must seriously learn from this accident, draw inferences from it, and immediately conduct a comprehensive safety inspection across the entire factory. We must resolutely overcome complacency. We must propose rectification plans and implementation schedules for any unsafe conditions found in each system and specialty.
2. Strictly strengthen the management of on-site work by external personnel. They should be treated the same as factory employees, and a work permit system should be strictly implemented. Work cannot start without a permit.
3. Strictly enforce the electronic room management system, prohibit unauthorized personnel from entering the electronic room, and ensure that the maintenance of the DCS engineering station is handled by designated personnel. Under normal circumstances, it is not permitted to perform tasks such as downloading DCS software while the unit is running normally.
4. Each factory should formulate measures to protect personnel and main equipment, targeting its own weaknesses. Before shutting down in case of an accident, the DC oil pump should be started first, and if conditions permit, the factory power supply should be switched before shutting down.
5. Improve the DC oil pump interlocking control, adding a direct tripping method and a low oil pressure linkage interlocking method, and adding a hard connection to the wiring method. The DC oil pump control switch should be easy for operators to operate during accident handling.
6. Strengthen operator training. Develop emergency response plans and procedures for operators to protect their personal safety and main equipment in various abnormal situations, especially extreme ones, to ensure that operators remain calm and composed in the event of automatic control malfunctions.
Disclaimer: This article is a reprint. If it involves copyright issues, please contact us promptly for deletion (QQ: 2737591964). We apologize for any inconvenience.
