Outside rail of curve near point of derailment (Credits: Chicago Transit Authority).

Outside rail of curve near point of derailment (Credits: Chicago Transit Authority).

On July 11, 2006, a car on the Chicago Transit Authority Blue line subway train derailed in downtown Chicago, Illinois. Following the derailment, the train came to a stop, and electrical arcing between the last car and the 600-volt direct current third rail generated smoke.

Approximately 1,000 passengers were on the eight-car train at the time of the derailment, and all had to be evacuated.

Immediately following the derailment the train operator exited the control compartment and walked onto the catwalk to determine what had happened. The operator also used his portable two-way radio to inform controllers of the situation. When he saw thick smoke the operator decided to tell passengers to exit the train, and he did this by walking from car to car to make the announcement. However, some passengers could not hear the announcement, and there was some confusion during this time. One of the passengers exiting the train used an emergency call box to inform Chicago Transit Authority personnel of the problem. In doing so, the passenger provided the call box number, which should have allowed immediate determination of the location of the derailment. However, in the months before the accident call box numbers had been changed to accommodate a new numbering system, but the subway maps had not been updated with the new call box numbers. Because emergency responders did not have specific information about the location of the train, emergency responders first went to the wrong location. This delayed care for injured passengers.

Approximately 150 people were treated and transported from the scene, but there were no fatalities in the incident. Over $1 million in damage was reported.

Investigation

The U.S. National Transportation Safety Board (NTSB) found that the derailment was caused by failure of the track tie plates and fastener system, which had failed because of the effects of corrosion and wear. While this was the proximate cause of the accident, the report stated that the root cause of the derailment was ineffective management and oversight of the track inspection and maintenance program, which resulted in unsafe track conditions. Track inspectors did not have sufficient time allotted for inspecting all their assigned territory, and the training program did not prepare inspectors to perform their duties, according to the accident investigation report. The NTSB also stated that previously-identified safety deficiencies had not been corrected. The NTSB in particular noted that the system safety program was ineffective. The NTSB stated that a System Safety Program Plan existed which delineated responsibilities for safety. The plan included provisions for preventative maintenance, repair, and inspections. However, the plan was not followed. Personnel were not required to monitor the track structure, and did not have sufficient experience to perform their duties, according to the NTSB. The NTSB also noted a failure in emergency planning which led to confusion and ineffective evacuations during the incident. The report recommended improvements in the approaches to safety management and emergency response.

System Safety Planning

The seeds of this accident were sown during the early phases of development, during the planning phase. Planning is a key component of the system safety process for both terrestrial and space systems. Plans should be developed which describe the methodology by which the system safety process is employed for a program. In many organizations this plan is called the System Safety Program Plan (SSPP), although other documents such as the Safety Management Plan

may contain this information. The SSPP establishes the management of the system safety program, defines the technical methodology to analyze hazards and reduce risks, and defines the products that result from the system safety program.

The SSPP describes how the system safety program will be managed. However, another aspect of safety planning that is just as important is emergency planning. While there is some overlap between emergency management and system safety, emergency management is a unique discipline with its own approaches to reducing risks. Emergency management historically has focused on what happens when the danger is imminent or the accident has already occurred.

Emergency management typically allocates its resources to assuring that widespread injury and damage do not occur if an event takes place. In space systems, emergency response planning may be important for ground crews preparing a vehicle for flight, especially when toxic and reactive chemicals are used. Crew survivability assessments and plans are also emergency management activities used when space systems include human crew.

The Importance of System Safety Planning

Planning is an important part of the system safety process. System Safety Program Plans allow an organization to prepare for the system safety effort and apply the appropriate resources to that effort. Emergency response plans allow organizations to prepare for the worst to minimize injury and damage. Poor system safety program planning can set the tone for the entire safety effort, resulting in failures to identify hazards, assess risks, and verify that safeguards work, as will be described in chapters to follow. Poor emergency planning, including inadequate flight crew safety assessments, can lead to death, injury, and significant environmental and property damage when systems do not operate as expected. A failure to ensure that emergency management and system safety are integrated can lead to a misunderstanding of an organization’s level of preparedness. Plans that do not reflect reality may create the impression that an effective organization is in place and that risks have been reduced, when in fact large risks could exist.

As illustrated by the train derailment in Chicago, plans must not only be prepared, but they must also be an on-going part of the safety effort throughout the system life cycle.

 References

National Transportation Safety Board, “Railroad Accident Report: Department of Chicago Transit Authority Train Number 220 Between Clark/Lake and Grand/Milwaukee Stations, Chicago, Illinois, July 11, 2006,” NTSB/RAR-07/02, September 11, 2007.

Tags

About the author

Terry Hardy

Twitter Facebook Website

Terry Hardy founded and leads efforts in system safety, software safety, and emergency management at Great Circle Analytics. Mr. Hardy has over 30 years of engineering experience and has performed engineering, safety, emergency management, and risk management activities for a number of commercial and government organizations including NASA and the U.S. Federal Aviation Administration. Mr. Hardy has created a web site, www.systemsafetyskeptic.com, to provide lessons learned in system safety, and he is author of several books on system safety including "The System Safety Skeptic: Lessons Learned in Safety Management and Engineering" and "Software and System Safety: Accidents, Incidents, and Lessons Learned."