Critical Analysis of Train Derailments in Canada through Process Safety Techniques and Insights into Enhanced Safety Management Systems

Abstract

Canada’s rail transportation network is a critical part of Canada’s integrated supply chain which connects industries, consumers, and resource sectors to ports on the Atlantic and Pacific coasts. One transportation activity that is essential to most industries, especially oil and manufacturing, is the rail transport of dangerous goods (DG). Although rail transportation of DG is beneficial to Canada’s economy, not paying attention to the safe transportation of these types of goods can have irreparable effects on the economy, human lives, and the environment. Recent rail accidents, such as Lake Wabamun in 2005 and Lac-Mégantic in 2013, have shown that there is still room to increase the safety of transportation of DG by rail through improving railways’ safety management systems (SMS). As a result, investigations to increase the safety of rail transportation of DG have been started. This work is part of these initiatives focusing on enhancing railways’ SMS, particularly DG main-track train derailments. The current study applied detailed root cause analysis (RCA), the bow tie analysis (BTA), and incident databases to identify the main causes and consequences of these types of accidents (2007–2017). Then, the relationship between these factors and gaps in SMS elements were identified and the frequency of each factor was investigated. The results showed that the main gaps are related to process and equipment integrity, incident investigation, and company standards, codes, and regulations. Furthermore, some useful recommendations are presented to improve the management of each SMS element and reduce these gaps.

Keywords

freight systems transportation of hazardous materials hazardous release rail rail safety human factors in crashes system safety

Railways play a prominent role in Canada’s integrated supply chain and help to ensure that the country stays competitive in global supply chains. Canadian railways open up world markets by operating more than 41,000 km of track across the country. These railways connect industries, consumers, and resource sectors to ports on the Atlantic and Pacific coasts, which has resulted in transport of $310 billion worth of goods by rail each year ( 1 ). Rail transfers contribute to the transportation of various types of goods, including dangerous and non-dangerous goods. One essential transportation activity for most industries is rail transport of dangerous goods (DG). Rail transfer of fuels and chemicals increased by 42.5% between 2011 and 2017 ( 2 ). Furthermore, total annual oil production is expected to increase by an average of 3% until 2021 and reach 4.25 million barrels per day (b/d) by 2035 from 2.9 million b/d in 2018 ( 3 ). Railways provide the opportunity to deliver goods to locations that are inaccessible by other transportation modes such as pipeline and road. This feature makes the role of rail transportation more important than before, especially in accommodating the increase in traffic.

Background

Dangerous Goods Transportation Safety

The transportation system in Canada is relatively safe, as compared with other modes, even for the shipment of DG ( 4 ). Since the promulgation of the Canada Transportation Act in 1996, mainline accident rates have decreased considerably for federally regulated railways despite substantial growth in traffic ( 5 ). Transport Canada (TC) estimates that out of tens of millions of DG shipments every year, 99.997% of shipments arrive at their destination without any serious incidents ( 6 ). The decline in rail accident rates may result from the introduction of safety management systems (SMS), increased interaction between railway companies and regulators, and other new safety initiatives ( 7 ) such as human factors analysis and classification system (HFACS). It is noted that although some of these initiatives are led by regulatory bodies (such as TC), many are initiated and led by industry. Nonetheless, railway accidents persist. The Lake Wabamun accident, in which a train derailment spilled 788,000 L of product into the lake in 2005 ( 8 ), and the Lac-Mégantic accident, in which 47 people lost their lives after a freight train derailment in 2013 ( 9 ), are two recent examples of serious accidents that increased public sensitivity to transport of DGs by rail. These accidents show that there is still room for improvement in safe transportation of DG by rail and railways’ SMS must be continually re-evaluated and improved.

Safety Management Systems

TC’s experience and research show that complying with all regulatory requirements does not guarantee that the organization’s operations will not pose a risk to safety ( 6 ). As such, simply making more regulations to address specific occurrences does not necessarily improve transportation safety. According to Miller ( 4 ), comprehensive implementation of SMS is the primary tool for the transportation sector to responsibly, proactively, and systematically address risk within its operations. Edwards ( 10 ) defines SMS as a systematic and explicit approach which helps to manage risk and control losses. Roland et al. ( 11 ) expand on this by stating that system safety is the application of special technical and managerial skills to the systematic, forward-looking identification and control of hazards throughout the life cycle of a project, program, or activity.

The framework of SMS with its 12 elements was initially described in the Guidelines for Technical Management of Chemical Process Safety which was published in 1989, and developed as part of the chemical industry’s responsible care initiative ( 12 ). The SMS framework includes process and equipment integrity, human factors, incident investigation, and more (Supplemental Appendix B). Over time, the number of SMS elements has increased to 20 elements through the addition of new elements such as process safety culture ( 13 ). This study is part of a broader research project which has already been published, in which a 12-element SMS framework was implemented ( 14 ). To align with that project and provide comparable results, a 12-element SMS framework was also chosen for the current study.

Literature Review

Academic research has applied SMS to various transportation sectors, mostly focusing on one element of SMS. Håvold ( 15 ) studied safety culture in the maritime transportation industry. The results of the study confirmed that measuring safety culture as a predictor of unsafe work behavior is an appropriate tool for accident prevention and safety improvement. Bielić et al. ( 16 ) examined how the characteristics and behaviors of leadership affect safety in maritime transportation. These elements have a positive effect on creating and maintaining a positive safety culture, and they improve ship safety. Hsu et al. ( 17 ) focused on the aviation sector and examined the key components of airline SMS. They found that having policies that convey the top managers’ vision on safety to all staff is the most important SMS dimension. In the rail industry, one SMS element that has attracted researchers’ attention is human factors ( 18 – 20 ). Kyriakidis et al. ( 21 ) proposed a data-based framework to identify the most significant human performance factor affecting the performance of railway operation. They analyzed 479 railway operational accidents and incidents from different countries such as Canada, the United States (US), and so forth. The results of the study revealed that safety culture and distraction are the prime contributors to accidents and incidents. Dindar et al. ( 22 ) identified employees’ physical conditions such as lack of sleep, insufficient efficiency and poor judgment caused by alcohol or drugs, restriction of work or motion, and injury or illness as important factors in rail accidents.

Other researchers have examined SMS from a broader perspective. Read et al. ( 23 ) focused on improving railway SMS and identified three key insights. First, feedback mechanisms need improvement to better understand the effectiveness of control measures. Second, formal controls at higher levels of the system need strengthening. Third, focusing on failures rather than normal performance provides additional insight into failure modes. Chen and Chen ( 24 ) focused on SMS in aviation, showing that developing an SMS measurement scale to evaluate the performance of a company’s SMS can be done through a five-factor structure: documentation and commands, safety promotion and training, executive management commitment, emergency preparedness and response plan, and safety management policy.

To summarize, various studies have focused on analyzing one specific element of SMS, such as safety culture, human errors, and so forth. A few studies analyze the influence of the system as a whole on safety performance ( 25 – 27 ). To address this gap in literature, this study focuses on the assessment of the entire SMS on railway operations, specifically on the transportation of DG.

There are different risk analysis methods that can be used in this regard. Among them, bow tie analysis (BTA) has been employed in the current study because of the following advantages. Many studies have confirmed that this technique can present a direct and logical relationship between hazards, tasks, safety controls, risks, and the potential outcomes of accidents. As a result, BTA provides valuable information that can be used to prevent, control, and mitigate undesired events ( 28 , 29 ). This method has also gained acceptance as a credible risk and safety management tool as it provides a graphical representation of accident scenarios, which is useful for comprehensive risk analysis and safety assessment ( 30 ). Also, BTA is easy to understand and does not need a high level of expert knowledge ( 31 ). To develop the BTA, root cause analysis (RCA) and event tree analysis (ETA) have been employed in this study.

Research Objectives

The main goal of this paper is to find gaps in the railways’ SMS, with a special focus on the DG main-track train derailments (from a list of class 1, 2, 3 out of six classes of occurrences) from 2007 to 2017, which resulted in Transportation Safety Board (TSB) investigation of 40 accidents (Supplemental Appendix A includes definitions of six classes of occurrences). This study applies BTA to main-track derailments of petroleum crude oil trains to find the main causes and consequences of this type of accident. The reason for focusing on accidents pertaining to trains carrying petroleum crude oil is that these are among the highest consequence accidents. From this, we recommend preventive and mitigative measures to limit the consequences of similar accidents. Moreover, all 40 accidents are investigated to categorize their causes and consequences based on the BTA results. By investigating the frequency of and the relationships between the main causes and consequences of these accidents and the SMS elements, the gaps in the SMS elements are identified and ranked from most to least frequent. Finally, we aim to provide useful recommendations for enhancing SMS in the Canadian railway industry.

Methodology

Data Sources and Analysis Methods

This study investigates the TSB main-track train derailment reports for class 1, 2, 3 occurrences (Supplemental Appendix A) in transportation of DGs from 2007 to 2017. This research focuses on occurrences with significant consequences. As a result, class 4 to 6 occurrences are not considered or assessed. At the time of this study, some occurrences in 2018 and 2019 were still under investigation, so the overall project included information until the last year of complete data.

A class 1 occurrence is a series of occurrences with similar characteristics that have formed a pattern of one or more significant safety risks over time. These safety risks have been previously identified in the investigations done by TSB (or similar organizations in other jurisdictions) or have emerged from statistical analysis. A class 2 occurrence attracts a high level of public interest across Canada or internationally because of its significant consequences. It affects many people, some of whom may be fatally or seriously injured, releases large amounts of DGs, and causes significant damage to property, the environment, or both. A class 3 occurrence may have significant consequences resulting in a high level of public interest. The consequences may include multiple fatalities, serious injuries, or both, or there may be a medium-sized release of DG. Also, there is moderate to significant damage to property, the environment, or both ( 32 ).The class of occurrence is mentioned in the rail occurrence database system (RODS), which is available at www.tsb.gc.ca.

TSB reports identify main-track derailments in the title. All 165 TSB reports (class 1, 2, 3 occurrences) between 2007 and 2017 were investigated to identify whether a DG tank car was involved in the derailment. It is noteworthy that the occurrences with a release of fuel from the locomotive fuel tank were also considered as DG occurrences. There was a total of 40 DG main-track derailments (class 1, 2, 3 occurrences) in the study database for this 10-year period. To identify the highest consequence occurrences, we first selected DG occurrences involving DG release, fires, or explosions, resulting in a total of 14 accidents (Supplemental Appendix A). Considering the class of each of the occurrences, which represents the severity of their consequences, we identified petroleum crude oil as the DG type with the highest consequence when transported by rail (for main-track derailments investigated by the TSB).

Second, we started creating a bow tie (BT) for petroleum crude oil main-track derailments. We included all of the petroleum crude oil investigations to determine the main causes, consequences, and prevention and mitigation measures for these accidents. Based on the results, we then drew a comprehensive BTA diagram to represent all accidents for petroleum crude oil. Throughout this second step, the relationships between main causes and consequences and gaps in railway SMS elements were identified through the development of RCA diagrams. Although regulated rail SMS have been tailored toward rail transport, to analyze the specifics of DG transportation, we adopted an SMS from the Canadian Society of Chemical Engineering (CSChE) which was tailored to the production, storage, management, and transportation of DG. Thus, the insights from our review are generalizable to any rail operator’s specific SMS. The framework of SMS that was used in this study has 12 elements, described in detail in Supplemental Appendix B. The Center for Chemical Process Safety (CCPS) moved from the 12-element system to a risk-based approach in 2007. However, the CSChE’s Process Safety Management Division (PSMD) retained the original, more easily implementable CCPS for use in Canada, where SMS is not regulated and, thus, relies on voluntary adoption by site operators ( 33 ).

Next, we categorized the causes and consequences of all the study data set based on BTA results. By investigating the frequency of each category, we ranked the main causes and consequences. Based on the identified relationship between SMS elements and causes and consequences, the gaps in the SMS elements were identified and then ranked from most to least frequent. Figure 1 summarizes our methodology.

Figure 1.

Methodology flowchart.

Root Cause Analysis (RCA)

RCA is a retrospective technique which reviews the sequence of events that lead to any given endpoint ( 34 ). Applying this technique identifies the factors that allow failure modes. It also examines whether the same or related factors are present in other parts of the system. Determining the root causes of an incident identifies preventive measures such as modifying the design, manufacturing process, or operating procedures ( 35 ). For this study, we used RCA instead of fault tree analysis (FTA) to understand the sequence of causes that led to the incidents.

Event Tree Analysis (ETA)

ETA is a forward-looking, bottom-up, logical modeling technique which starts with a loss of containment event (top event) and analyzes all possible outcomes resulting in a range of consequences ( 36 ). ETA is developed qualitatively; however, the likelihood of different consequences can be quantified by determining the frequency (by using historical data) or probability (by using experimental failure mode data) for each possible pathway. This technique can be applied before an incident happens to quantify the range of possible outcomes or after an incident to investigate the functional failures of the system. This technique is typically used in transportation and nuclear power plants ( 37 , 38 ).

Bow Tie Analysis (BTA)

BTA is a fairly new method for safety assessment and risk analysis of a system to illustrate the relationships among various factors—hazards, causes, and consequences—and identify measures to lessen the likelihood of occurrence of undesired events and/or mitigate the consequences of failures within an industrial system ( 30 , 39 ). This technique is a combination of FTA and ETA, which are connected through the top (loss of containment) event. Loss of containment is the top event for the backward-looking FTA or RCA, while it is the initiating event for the forward-looking ETA ( 40 ). BTA’s advantages are its simplicity, versatility, and pictorial display, which make it easily understandable and applicable to areas across industries ( 41 ). For instance, oil and gas ( 42 , 43 ), chemical ( 44 ), healthcare ( 41 , 45 ), marine ( 46 ), and transportation industries ( 47 , 48 ) have benefited from the use of BTA.

Results

After investigating all the 165 rail occurrences (class 1, 2, 3 occurrences) between 2007 and 2017 that have TSB reports, we identified 40 DG main-track train derailments that had occurred while transporting DG. It is noteworthy that rail accidents and incidents together are called rail occurrences (Supplemental Appendix A). All 40 DG main-track train derailments (class 1, 2, 3 occurrences) which represent our study database were in the category of accidents.

To identify the occurrences with the highest consequences, we selected accidents caused by DG release, fire, or explosion, leaving us with 14 accidents in the first step. Out of the 14 accidents, 10 had a DG release and also resulted in a fire or explosion. Further investigations of these 10 accidents revealed that three of them were in class 2, while the rest of them were in class 3. There were no class 1 occurrences among these 10 accidents.

All of the three main-track train derailments in class 2 happened while transporting petroleum crude oil. As class 2 occurrences have more severe outcomes than do class 3 occurrences, we concluded that accidents involving transportation of petroleum crude oil have the highest consequences when compared with other DG rail occurrences investigated by TSB. We applied RCA to TSB’s main-track derailments reports for the trains transporting petroleum crude oil (Figures 2 –8) to understand the sequence of events resulting in the train derailments and the main causes of these accidents. Accident R13T0060 is a class 3 petroleum crude oil occurrence. Although the consequence level is different from class 2, the processes leading to the occurrence when transporting petroleum crude oil still provide valuable information to identify the main causes of petroleum crude oil accidents. Collectively, based on the RCA results, the main causes of these derailments consist of the following:

Weaknesses in different aspects of risk assessment (e.g., gaps in railway risk assessment when making a change to its operations, weakness in TC risk-based approach for identifying targeted regulatory inspection).

Rail defects such as rail end batter (REB), vertical split head (VSH) defects, and vertical split rim (VSR) cracks.

Gaps in regulations (e.g., using new technologies for inspection is not required by regulation; absence of regulatory requirement for wheel impact load detector [WILD] threshold).

Gaps in railway guidelines and instructions (e.g., weakness in railway track inspection guidelines for joint inspection and rail grinding).

Weaknesses in training (e.g., insufficient mentoring and support for assistant track supervisor [ATS] during the on-the-job portion of the training, working as fully qualified ATS while the employee was newly hired, not reinforcing training by practical training).

Weaknesses in railway standards (e.g., weakness in railway standard for REB monitoring).

Weaknesses in audit (e.g., gaps in internal audit, not formally assessing safety culture, ineffective audit programs and follow-up, insufficient oversight, inadequate inspection).

Employees performing a task infrequently (e.g., track foreman with no locomotive engineer [LE] operation background assessed fire engine post-accident).

Human error (e.g., track supervisor [TSPVR] occupied with another task and did not check the rail repair process; no physical measurement was taken by snow patrol foreman [SPF] in rail end mismatch situation).

Cold weather condition (e.g., reducing material fracture toughness and ductility in low temperature which causes rail breaks, wheel breaks).

After identifying these causes, the research team verified that the relationships between causes and gaps in SMS elements were shown in the RCA figures along with a summary of the accident reports. Example accident reports follow.

Report R13T0060: On April 3, 2013, a Canadian Pacific railway (CP) freight train was proceeding eastward on the Heron Bay Subdivision when it experienced an undesired emergency brake application near White River, Ontario. Twenty-two cars derailed, seven of which were DG tank cars loaded with petroleum crude oil. Several cars rolled down an embankment and two of the DG tank cars released approximately 101,700 L of product. There were no injuries.

The derailment occurred because of failure of the R1 wheel of the 34th car, as shown in Figure 2. The R1 wheel fractured as a result of a VSR. When the VSR crack reached a critical size, the rim could no longer support normal service loads and wheel failure occurred. The other factor that affected wheel failure was that the wheel with high impact was not removed from the service in a timely manner. Although recorded wheel impact was condemnable under Association of American Railroads (AAR) Rule 41, the WILD guidelines of CP permitted the R1 wheel to remain in service. The reason was that railway guidelines relating to WILD did not provide adequate guidance for dealing with wheel impacts that are condemnable under AAR Rule 41. In the absence of regulatory threshold and oversight for WILD technology, company guidelines for WILD thresholds may not be sufficiently robust and may increase the risk that wheels with elevated impact remain in service.

Figure 2.

Root cause analysis (RCA) for accident R13T0060.

After the train derailment, a large amount of product was released from tank car top and bottom fittings. Those fittings arrangements met design criteria; however, they were not adequately protected and resulted in the release of petroleum crude oil ( 49 ).

This accident highlights that some weaknesses in SMS elements, such as process and equipment integrity, company standards codes and regulations, and audits and corrective actions, had increased the potential for a train derailment.

Report R13D0054: On July 6, 2013, an eastward Montreal, Maine and Atlantic railway (MMA) freight train which was parked unattended for the night at Nantes, Quebec, started to roll. The train traveled approximately 7.2 mi, reaching a speed of 65 mph when it approached the center of the town of Lac-Mégantic, Quebec. Sixty-three tank cars carrying petroleum crude oil and two box cars derailed. About 6 million liters of petroleum crude oil spilled. Unfortunately, there were fires and explosions, which destroyed 40 buildings, 53 vehicles, and the railway tracks. Forty-seven people were fatally injured. There was also environmental contamination of the downtown area and of the adjacent river and lake.

There were several factors contributing to the train derailment. They are presented in detail in Figures 3 and 4. On the evening before the accident, the LE parked the train on a grade on the main track. The LE performed a hand brake effectiveness test to check if the number of hand brakes were enough to secure the train alone, but he did not implement the test properly. Although the LE released the automatic brakes, the locomotive independent brakes had not been released during the test. As a result, the train was held in place by a combination of hand brakes and independent brakes instead of being held by the hand brakes alone. Furthermore, there were no additional physical safety defenses in place to prevent uncontrolled movement of the train.

Figure 3.

Root cause analysis (RCA) for accident R13D0054: first part.

Figure 4.

Root cause analysis (RCA) for accident R13D0054: second part.

Before the time of derailment, the LE noticed that the lead locomotive engine was producing excessive amounts of black and white smoke. It was caused by the failure of a non-standard engine repair which had been done 8 months before the accident. The LE discussed the situation with the rail traffic controller (RTC) and they decided to deal with the situation in the morning. Later that night, the locomotive engine caught fire, and firefighters were sent to the location. When firefighters shut down the locomotive engine to extinguish the engine fire, no other locomotive was started. As a result, the compressor no longer supplied air to the air brake system and the effectiveness of the air brakes was reduced. The combination of air brakes and hand brakes could no longer hold the train. The train rolled down the hill and accelerated, reaching a speed of 65 mph. Since there was excessive rail wear on some of the rails in the Lac-Mégantic area, it could not bear the excessive stress of a high-speed train. As a result, the train derailed in the curve at the Mégantic West turnout.

The TSB investigation shows that some of the abovementioned issues were caused by MMA’s weak safety culture—for example, MMA management’s tolerance of non-standard repairs like the one done for the locomotive engine. Another instance was the systemic practice of leaving unattended trains on a descending grade without sufficient defenses in place to prevent an uncontrolled movement of the train.

Following the train derailment, a large amount of petroleum crude oil was released into the environment. One of the major sources of product loss was from damaged tank heads and shells. In addition, almost every derailed tank car exhibited at least one damaged stub sill or coupler. Protection of tank car fittings was also not sufficient, which led to the release of product from damaged top fittings and bottom outlet valves (BOV). Another source of product loss was from breaches caused by thermal tears. The absence of thicker steel, jackets, thermal protection on tank cars, and adequate pressure-relief capacity increases the chance of thermal tear.

A large fireball and pool fire started after the train derailment. The large quantities of spilled petroleum crude oil, the rapid rate of product release, as well as the product’s high volatility and low viscosity were major factors resulting in the large post-derailment fire ( 49 ).

The Lac-Mégantic accident again confirmed that in addition to weaknesses in the three elements that played a role in accident R13T0060, there are some other gaps in SMS elements such as process risk management, process knowledge, and documentation. Moreover, human errors such as the errors made by the LE during the hand brake test reveal that human factors can have a significant impact on rail accidents.

Report R15H0013: On February 14, 2015, a Canadian National Railway Company (CN) crude oil unit train was proceeding eastward on CN’s Ruel Subdivision when it experienced a train-initiated emergency brake application at Gladwick, near Gogama, Ontario. Twenty-nine tank cars derailed. Nineteen of the tank cars were breached, and about 1.7 million liters of petroleum crude oil were released to either the atmosphere or the earth’s surface. The released product ignited, and the fire lasted for 5 days. About 900 ft of mainline track was destroyed, but there was no evacuation or injury.

The train derailment happened when the insulated rail joint in the south rail failed beneath the head-end of the train. as shown in Figures 5 and 6. The failure of the insulated joint bars was caused by different factors. Low temperature at the time of the accidents reduced joint bar material fracture toughness and ductility and made it more susceptible to brittle failure. In addition, there were fatigue cracks which led to the REB condition in the joint bar. REB is indicative of a degrading joint support and can ultimately lead to the rail or joint failure. These factors, combined with repeated wheel impact, resulted in increased stress to track infrastructure. Another contributor to the joint failure was insufficient track maintenance while traffic tonnage was increased. This could lead to more rapidly degrading track structure and increase the risk of track infrastructure failures.

Figure 5.

Root cause analysis (RCA) for accident R15H0013: first part.

Figure 6.

Root cause analysis (RCA) for accident R15H0013: second part.

The mentioned fatigue cracks were present in the joint bar some time before the train derailment; however, they remained undetected until the rail failure occurred. The ATS who was responsible for the joint inspection did not have sufficient experience and training for performing his job. Furthermore, there were weaknesses in CN’s standard for REB monitoring. As a result, the inspection process was not performed properly by the ATS. Moreover, the use of new technologies for track inspection was not required based on existing regulations. Consequently, the chance of not identifying the rail deficiencies was much higher. These factors, as well as insufficient TC inspection, resulted in the fatigue cracks that were not detected until the rail failure occurred.

The accident occurred when the train was traveling at 38 mph. The speed of the train increased the severity of the derailment and its outcomes. As a result of damage to the tank cars (including shell breach and BOV failure), petroleum crude oil was released to the environment and caused contaminations and fire ( 49 ).

Accident R15H0013 revealed that in addition to the previously mentioned gaps in SMS elements, weakness in the training and performance element can also influence rail accidents.

Report R15H0021: On March 7, 2015, a CN crude oil unit train was proceeding eastward on CN’s Ruel Subdivision when it experienced a train-initiated emergency brake application near Gogama, Ontario. Thirty-nine tank cars were derailed. As a result, about 2.6 million L of petroleum crude oil were released to atmosphere, water, or the earth’s surface. The released product ignited and caused explosions. However, neither evacuation nor injuries were reported.

The derailment happened when the south rail failed catastrophically beneath the train, as shown in Figures 7 and 8. TSB investigations show that VSH defects had been present in the east parent rail but were not identified during the SPF inspection because a dye penetrant test was not performed. Moreover, plug rail repair was not implemented properly by the SPF. After the repair, the plug rail was higher than the parent rail; however, no physical measurements were taken. In addition, no specific guidance was provided to CN engineering employees relating to the length of grinding. Therefore, the SPF visually assessed the mismatched situation which resulted in an inaccurate estimation of the difference between plug rail and parent rail. As a result, the applied rail grinding was insufficient. On the day of the repair, the TSPVR, who was responsible for checking the repairment result, became occupied responding to another derailment and did not check the plug rail repair. On the other hand, the VSH defect was either not present or too small to be detected during the last ultrasonic test conducted on the rail. Finally, all of these issues led to train derailment while proceeding along the track.

Figure 7.

Root cause analysis (RCA) for accident R15H0021: first part.

Figure 8.

Root cause analysis (RCA) for accident R15H0021: second part.

The accident occurred at 43 mph, which was lower than the authorized track speed of 50 mph. However, the speed of the train increased the severity of the derailment. After the derailment, a large quantity of product released into the environment because of the tank car damage (stub sill damage, shell breach, BOV failure and others) ( 49 ).

This train derailment again revealed that human factors affect rail accidents significantly. Human factors are identified as one of the leading causes in occurrences in rail transportation in Canada ( 50 ). Furthermore, over the years, many of railway accidents around the world have happened because of human factor-related problems in the design and operation of railway systems ( 51 – 53 ).

In the next step, to apply ETA, the consequences of main-track derailment for petroleum crude oil train were extracted from their TSB reports. These included tank car damage, breach or rupture, DG release, explosion, fire, pool fire, property damage (track, building, etc.), environmental contamination, evacuation, and injury or death. Iranitalab et al. ( 54 ) pointed out that in case of accidents leading to release, rail transportation of large quantities of petroleum crude oil potentially expose people living in the vicinity of railways to the ill effects of hazardous materials. An ETA was constructed based on the abovementioned consequences. Through evaluation of the detailed reports for the 40 DG main-track train derailments (class 1, 2, 3 occurrences), the relative frequency of each consequence was calculated (Figure 9). For example, 23 of 40 accidents had tank car damage and the rest of the accidents had no tank car damage. As a result, within our study database, the frequency of an accident with tank car damage is 0.57 while the frequency of an accident with no tank car damage is 0.43. Among 23 accidents which had tank car damage, 17 accidents had DG release and six had no DG release. So, the frequency of an accident with tank car damage and DG release is 0.74. Also, the frequency of an accident with tank car damage and no DG release is 0.26. The relative frequency of each consequence was calculated similarly. Finally, the relative frequencies provide an approximation to the actual probabilities for each ETA branch (frequentist approach). It is acknowledged that past performance is not necessarily an indicator of future performance; however, these statistics are considered relevant given that rail operations have not seen significant changes during the period of analysis. It is noteworthy that there is no sequence between DG release, explosion, fire, pool fire, property damage, environmental contamination, evacuation, and injury or death, meaning that they can occur simultaneously.

Figure 9.

Event tree analysis (ETA) for 40 dangerous goods (DG) main-track train derailments.

Table 1 shows how the rate of DG main-track train derailment (class 1, 2, 3 occurrences) in the ETA was calculated. The second column of the table indicates originated DG carloads for each year. These were extracted from the annual report of the Railway Association of Canada (RAC) on the performance of Canada’s railway industry ( 2 , 55 ). The third column of the table represents the number of DG main-track derailments (class 1, 2, 3 occurrences) investigated and reported by the TSB each year. The accident rate was derived from the division of the third column by the second column, and multiplied by 1,000 to represent the accident rate per 1,000 DG carloads.

Table 1.

Dangerous Goods (DG) Main-Track Train Derailment (Class 1, 2, 3 Occurrences) Rate Calculation

Year	Originated DG carloads	Number of DG main-track derailments (class 1, 2, 3 occurrences) reported by TSB	Accident rate (accidents per 1,000 DG carloads)
2007	426,789	6	0.014
2008	422,764	2	0.005
2009	379,650	6	0.016
2010	400,318	7	0.017
2011	425,124	2	0.005
2012	428,660	1	0.002
2013	493,360	4	0.008
2014	576,226	6	0.010
2015	491,802	4	0.008
2016	436,053	1	0.002
2017	504,620	1	0.002
Total 2007–2017	4,985,366	40	0.008*

Note: TSB = Transportation Safety Board.

= Overall average accident rate 2007–2017.

The ETA results show that among those scenarios leading to death or injury, the most likely scenario had a probability of 0.0006 accidents per 1,000 DG carloads. This probability pertains to DG main-track train derailment with tank car damage, DG release, and property damage. Surprisingly, there was no explosion, fire, pool fire, environmental contamination, and evacuation in this scenario. The other scenarios that caused fatality or injury were less frequent. All of them had a similar probability of 0.0002 accidents per 1,000 DG carloads.

Also, ETA results reveal that there were DG main-track derailments which had none of the outcomes shown in the ETA. This means that these derailments had no tank car damage, DG release, explosion, fire, pool fire, property damage, environmental contamination, evacuation, injury, or death consequences. The probability of this branch was 0.0004 accidents per 1,000 DG carloads.

Overall, the highest total probability was 0.002 accidents per 1,000 DG carloads which was related to DG main-track train derailment with no tank car damage, DG release and fire, pool fire and explosion, environmental contamination, evacuation, and injury or death. The only negative consequence of this branch of derailment was related to property damages such as building, vehicle, and railway track destruction.

The probabilities derived from these analyses follow a frequentist approach. These are associated with significant uncertainty given the limited database available, and the way that operations evolve with time (e.g., implementation of new train handling procedures, novel technologies, changes in elements at risk, etc.). However, these probabilities provide an important quantitative description of the relative likelihoods of the different consequence scenarios that can be used for ground probability estimations of risk assessments associated with the transportation of DG by rail in Canada.

Finally, by using RCA and ETA results, a BTA diagram illustrates the relationships between the causes and consequences from a loss of containment event and proposes some useful practical mitigation and prevention measures (Figure 10).

Figure 10.

Bow tie analysis (BTA) diagram based on 40 dangerous goods (DG) main-track train derailments.

Table 2 presents several preventive strategies. Implementing these strategies can help to prevent a train derailment from reoccurring. Some of the preventive measures in the table have been inspired by TSB reports.

Table 2.

Preventive Measures

Cause	Symbol	Preventive measure
Weakness in risk assessment	A	Conducting route planning
		Documenting risk assessments
		Identifying risks and implementing mitigation measures and subsequent monitoring to assess their effectiveness
Increased traffic tonnage	B	Risk assessment when making significant operational changes on the network
		Ensuring employees are kept abreast when changes occur in rules
		Increased track maintenance demands resulting from increased traffic tonnage
Cold weather	C	Developing an extreme cold weather inspection policy
		Establishing a cold weather temporary speed restriction
Rail defect	D	Immediate remedial action
		Performing inspection by railway and TC
		Using new technologies for inspection
		Railway’s risk assessment
		Placing a slow order on the track
		Increased track maintenance demands resulting from increased traffic tonnage
		Increasing the investment for maintenance activities
Weaknesses in regulation	E	Rules promoting the use of proven new technologies for inspection
		Defining regulatory requirements for proven technologies (e.g., performance based on tool’s metrics)
Weaknesses in guidelines	F	Modifying railway track inspection guideline for joint inspection
		Improving railway guidance on rail grinding
Weaknesses in training	G	Adequate mentoring and support during training
		Having practical training alongside the online training
		Assessing crew’s ability with appropriate tests
		Providing clear rules and instructions to employees
Weakness in railway standards	H	Improving and modifying railway standards for REB monitoring
		Providing adequate guidance for dealing with wheel impacts
Weaknesses in audits	I	Auditing railway’s SMS by TC in sufficient depth and frequency
		Follow-up to verify that the corrective action plans have been implemented
		Verifying rules and instructions are being followed
		Monitoring of regional audits (external)
Employee performing a task infrequently	J	Ensuring employees have access to the necessary reference materials
		Having checklist or independent verification for performing tasks infrequently
		Adequate training
		Assessing crew’s ability with appropriate tests
Human error	K	Providing sufficient training
		Observing employees unannounced
		Proactive safety culture
		Formally assessing or documenting safety culture within regulatory inspections or audits
		Effective railway employee oversight program

Note: TC = Transport Canada; REB = rail end batter; SMS = safety management system.

Table 3 proposes some strategies to mitigate the consequences of a train derailment once it has occurred. Some of the mitigative measures in the table have been inspired by TSB reports.

Table 3.

Mitigative Measures

Consequence	Symbol	Mitigative measure
Tank car damage	L	Reducing track speed for class 3 flammable liquids (requires adequate study on speed-consequence relationships)
		Thicker steel
		Not attaching tank car stub sills directly to the tank shell
		Design improvements to BOV’s handle
		Full-height head shields
		Providing top discontinuity protection for tank car top fitting
		Jackets and thermal protection on tank cars combined with adequate pressure-relief
Property damage	M	Periodic assessments of the safety risks along the selected route
		Route planning and analysis
		Shipper developing an adequate regulator-approved Emergency Response Assistance Plan (ERAP)
DG release	N	Using tank cars that are sufficiently robust and more impact resistant
Fire, pool fire, and explosion	O	Using tank car thermal protection
Deaths and injuries	P	Periodic assessments of the safety risks along the selected route
		Route planning and analysis
		Accurate sign-in/sign-out records
		Implementing site control measures
		Constructing road access for emergency response in remote locations if it is possible
		Shipper developing an adequate regulator-approved ERAP
		Accurate information on safety data sheets (SDS) for communicating the dangers of the product
Evacuation	Q	Periodic assessments of the safety risks along the selected route
		Route planning and analysis
		Shipper developing an adequate regulator-approved ERAP
Environmental contamination	R	River and lake shoreline surface restoration
		Planting program to return the lost vegetation species
		Mobile wastewater treatment units
		Removing containment soil from derailment site

Note: BOV = bottom outlet valves; DG = dangerous goods; ERAP = emergency response assistance plan.

Applying BTA resulted in verifying the relationships between main causes as well as gaps in railway SMS elements. Table 4 demonstrates how these factors are related to each other. It is noteworthy that to better categorize the main causes for all 40 DG main-track train derailments, we chose some general expressions which have already been explained at the beginning of the Results section.

Table 4.

Relationship between Causes and Gaps in Safety Management System (SMS) Elements

Causes	Gaps in SMS element
Weakness in risk assessment	Element 4: Process risk management
Rail defect	Element 6: Process and equipment integrity
Weaknesses in regulation	Element 10: Company standards, codes, and regulations
Weaknesses in guidelines	Element 10: Company standards, codes, and regulations
Weakness in training	Element 8: Training and performance
Weakness in railway standards	Element 10: Company standards, codes, and regulations
Weakness in railway standards	Element 6: Process and equipment integrity
Weakness in audits	Element 11: Audits and corrective actions
Employee performing a task infrequently	Element 2: Process knowledge and documentation
Human error	Element 7: Human factors
Cold weather	na

Note: na = not applicable.

The consequences of a train derailment also revealed that there are some gaps in the railway SMS. Table 5 presents the relationship between those consequences and gaps in railway SMS elements.

Table 5.

Relationship between Consequences and Gaps in Safety Management System (SMS) Elements

Consequence	Gaps in SMS element
Tank car or fuel tank damage	Element 6: Process and equipment integrity
DG release	Element 6: Process and equipment integrity
Fire, pool fire, and explosion	Element 6: Process and equipment integrity
Deaths and injuries	Element 9: Incident investigation
Evacuation	Element 9: Incident investigation
Property damage	Element 9: Incident investigation
Environmental contamination	Element 9: Incident investigation

Note: DG = dangerous goods.

Moreover, to have a better and complete understanding of accidents, causes, and consequences, we expanded the results to include the entire database of 40 DG main-track train derailments. The frequency in each category was identified to prioritize causes and consequences from most frequent to least. As shown in Tables 4 and 5, each cause and consequence demonstrate weakness in at least one SMS element. By finding the frequencies of causes and consequences, the frequency of SMS element weaknesses was calculated as well. For example, by investigating the causes of 40 DG main-track train derailments, it was identified that there were 25 causes related to the rail defects. As shown in Table 4, rail defects demonstrate a gap in the process and equipment integrity element of SMS. Further investigation of the 40 accident reports revealed that there were four causes related to the weakness in railway standards. Weakness in railway standards can demonstrate weakness in two different SMS elements which are company standards, codes, and regulations or process and equipment integrity (Table 4). The accident reports confirmed that two of the four causes were related to the gap in process and equipment integrity element of SMS. As a result, the frequency of gaps in the process and equipment integrity element of the SMS was 27 (25 + 2 = 27) based on the accident causes.

Furthermore, accident reports demonstrate that there were 23 instances of tank car or fuel tank damage, 17 DG releases and 12 fire, pool fire, and explosion outcomes. All of these consequences show gaps in the process and equipment integrity element of SMS (Table 5). As a result, the frequency of gaps in the process and equipment integrity element of the SMS was 52 (23 + 17 + 12 = 52) based on the accident consequences. Therefore, the frequency of the gaps in the process and equipment integrity element of the SMS was 79 (27 + 52 = 79) in total. The frequencies of other causes, consequences, and gaps in the SMS elements were calculated in the same way. Table 6 represents those frequencies.

Table 6.

Causes, Consequences, and Safety Management System (SMS) Elements’ Rankings

Ranking	Cause	Frequency
1	Rail defect (or failure)	25
1	Weakness in the audit	25
2	Weaknesses in guidelines	15
3	Weakness in risk assessment	13
4	Weaknesses in regulation	11
5	Human errors	10
6	Weakness in training	7
7	Cold weather	4
7	Weakness in railway standards	4
8	Employee performing a task infrequently	3
Ranking	SMS element (based on causes)	Frequency
1	Element 10: Company standards, codes, and regulations	28
2	Element 6: Process and equipment integrity	27
3	Element 11: Audits and corrective actions	25
4	Element 4: Process risk management	13
5	Element 7: Human factors	10
6	Element 8: Training and performance	7
7	Element 2: Process knowledge and documentation	3
Ranking	Consequence	Frequency
1	Property damage	35
2	Tank car or fuel tank damage	23
3	DG release	17
4	Fire, pool fire, and explosion	12
4	Evacuation	12
5	Environmental contamination	9
6	Deaths and injuries	7
Ranking	SMS element (based on consequences)	Frequency
1	Element 9: Incident investigation	63
2	Element 6: Process and equipment integrity	52
Ranking	SMS element ranking (total)	Frequency
1	Element 6: Process and equipment integrity	79
2	Element 9: Incident investigation	63
3	Element 10: Company standards, codes, and regulations	28
4	Element 11: Audits and corrective actions	25
5	Element 4: Process risk management	13
6	Element 7: Human factors	10
7	Element 8: Training and performance	7
8	Element 2: Process knowledge and documentation	3

Note: DG = dangerous goods.

As shown in Table 6, the most common causes of DG main-track train derailment were rail defects or failures and weakness in audits. The next most common causes would be weaknesses in guidelines and in risk assessments. Furthermore, the three most common consequences of these accidents were property damage, tank car or fuel tank damage, and DG release. Prioritizing the weaknesses in SMS elements confirmed that process and equipment integrity is the first SMS element that needs to be improved. Incident investigation and company standards, codes, and regulations are the next SMS elements that need enhancement.

Discussion

Rail transportation is a safety-critical system ( 56 ) which experiences catastrophic incidents like train derailments. Our examination of investigated derailments shows that there are weaknesses in railway SMS.

Our aim was to find and address these deficiencies by applying BTA specifically on the DG main-track train derailments. We ranked the SMS elements to be enhanced: (1) process and equipment integrity; (2) incident investigation; (3) company standards, codes, and regulations; (4) audits and corrective actions; (5) process risk management; (6) human factors; (7) training and performance; and (8) process knowledge and documentation. Next, we present some practical recommendations to improve these SMS elements, some of which are inspired by TSB reports.

Process and equipment integrity is the first and foremost SMS element that requires enhancement. In the US, which has similar rail operating characteristics to Canada, the primary cause of train derailment on main track is also track and equipment failure ( 19 ). One of the main things that require more attention is reducing rail defects and failures or preventing them from occurring. Although ultrasonic tests are commonly used for rail inspection and are useful in rail defect detection, defects are still difficult to detect because of technical limitations and varying features of defects (type, size, and location) ( 57 ). As a consequence, other novel technologies and approaches are also being used to identify rail defects more effectively. Lanza di scalea et al. ( 58 ) worked with the Federal Railway Authority (FRA) on ultrasonic detectors combined with laser sensors to better identify transverse defects under horizontal shelling. Xiong et al. ( 59 ) proposed a three-dimensional laser profiling system (3D-LPS) to attain rail surface defects information in complex environments. Zhang et al. ( 60 ) studied acoustic emission (AE) methods to detect track cracks at high-speed. In addition, performing more frequent inspections will help to better identify rail deficiencies before track failure. Scheduling rail inspections depends on factors such as limited track availability resulting from train traffic and routine maintenance ( 61 ). Because of these challenges, some researchers have focused on finding enhancements to rail inspection. Jeong and Gordon ( 61 ) developed a Monte Carlo risk assessment model to examine the relationship between different operational factors like inspection frequency and rail failures. Liu et al. ( 62 ) worked on optimizing rail inspection frequency to maximize safety and efficiency. Their study showed that optimal rail inspection frequency varies with traffic density, rail age, and inspection technology reliability. Since rail deficiencies grow faster in colder weather, it is recommended that rail tests be conducted more frequently during colder months of the year ( 61 ). After identifying rail defects, delay in remediations can accelerate rail defect progress. Yet, for smaller, subcritical defects, the cost of immediate action outweighs the risks of failure ( 63 ). Another important factor that influences rail defect frequency and growth is increased traffic tonnage. By increasing the traffic tonnage, track maintenance activity needs to be done more frequently, and sufficient time and money should be dedicated to rail maintenance. In some cases, placing a slow order on a defect track is also useful (report R15H0021).

Another aspect of the process and equipment integrity element is the design of tank cars carrying DGs. Based on the TSB reports, a proportion of Canadian rail transportation tank cars carrying flammable liquids like petroleum crude oil are still Class 111 tank cars (e.g., report R15H0013, report R13T0060). Yet, DG release and damage to the persons, property, and the environment are still high in accidents that involve Class 111 tank cars (report R07Q0001). This report emphasizes the importance of replacing TC/Department of Transportation 111 tank cars with the TC-117 tank cars, which are more puncture resistant and equipped with a thermal protection system. The design of the BOV has also changed to address previous failure modes ( 64 ). In research done by Liu et al. ( 65 ) in the US, it is shown that in addition to enhancing tank car safety design, decreasing train speed and changing tank car placement are also useful in reducing the number of tank cars releasing per derailment.

Some measures, such as enhanced communication, improve incident investigation. Providing accurate DG information on safety data sheet (SDS) and product quantities is vital, especially when a train is transporting DG. It helps crews and emergency responders to provide appropriate control measures for those trains (report R13D0054). It is the responsibility of the shipper to develop a regulator-approved emergency response assistance plan (ERAP) which provides required resources to assist local responders (report R13D0054). Additionally, route planning and periodic risk assessment of DG routes are necessary in identifying the emergency response capability along the route, including site access in remote areas (report R15H0013).

Another important factor in incident investigation involves the reliability of the reports. In some cases, the crews are under a lot of stress after an incident and cannot assess the situation in a comprehensive and objective manner. Recognizing the significance of the need for objectivity, if another qualified person is sent to the incident site as soon as possible, this individual can provide “cold eyes” to assess the incident. Finally, the incident investigation report will document all the contributing factors and evidence. Yet, investigators may not have received standardized and comprehensive training in accident investigations. Providing a checklist of SMS and human factors elements would help those completing the report to identify contributing factors. These reports must be comprehensive and complete if we are to rely on them to identify gaps and enhance mitigation and control measures.

Our research also identified gaps in company standards, codes, and regulations. Following a railway incident, it is necessary to discover the root causes of the failures to assess whether a weakness in the company standards, codes, and regulations contributed to an increased likelihood of the accident. Furthermore, company standards, codes, and regulations must be comprehensive and consistent. Any inconsistency between them can lead to serious incidents like accident R13T0060. Although the recorded wheel impact was condemnable under AAR Rule 41, the WILD guidelines of CP permitted the wheel to remain in service until it failed later and caused the train derailment. To prevent workers’ errors related to the company standards, codes, and regulations, they should be clear and understandable so that all workers can interpret them and respond in the same manner. If workers have questions, additional references and support must be available. Unaddressed inconsistencies, ambiguities, and complexities can become embedded in workplace training and workers’ training competencies for future tasks. Therefore, standards, codes, and regulations should be continually enhanced as essential information is refined.

Our findings also suggest that audits and corrective actions require enhancement. Auditing should assure compliance with both record keeping and the adequacy of the SMS to the particular operations ( 66 ). SMS audits complement the inspection process by identifying the causes of underlying unsafe conditions to mitigate and prevent similar conditions in the future. An effective SMS audit is performed with sufficient depth and frequency. For verified deficiencies in railways’ SMS, implementation of corrective actions with follow-ups ensures that corrective actions are applied effectively so that railways are capable of managing and mitigating the risks. One of the most useful measures to improve audits and corrective actions is performing internal audits (report R13D0054) to help railways to identify and address persistent gaps in their SMS before a regulator identifies them in its audit program.

For process risk management, the transportation and catastrophic release of DGs in populated or environmentally sensitive areas results in the highest consequences. Macciotta et al. ( 67 ) present a useful hazard ranking tool for rail transport of DGs in Canada. Route planning and periodic risk assessments also play a vital role in preventing and mitigating the risk associated with such events. Route planning verifies factors that affect the probability and consequences associated with the transportation of DGs, factors such as operations, traffic, infrastructure, population density, and environmental conditions. Ideally, the route with lowest overall risk should be chosen. However, routing is difficult in countries like Canada with little route redundancy. If prevention and mitigation measures need to be applied on a route, periodic risk assessment and auditing (especially after significant operational changes) ensure that the risks associated with transporting DGs remain at an acceptable level. Furthermore, it is necessary to document risk assessments and audits to reduce missing data and errors.

Human factors continue to contribute to rail incidents. Errors that frequently cause accidents and incidents need to be identified ( 68 ). Several approaches have been developed to document incidents of this type. The computer-aided system for human error analysis and reduction (CAS-HEAR) helps analysts to find multiple levels of errors and their causal relationship ( 69 ). HFACS is one popular approach for analyzing human errors more specifically. Li et al. ( 70 ) proposed a hybrid method based on HFACS and Systems-Theoretic Accident Modeling and Processes (STAMP) to identify and analyze the role of human errors in railway accidents. Zhan et al. ( 71 ) developed another hybrid method based on the HFACS-Railway Accidents (HFACS-RAs) framework to identify and assess how human and organizational factors contribute to railway occurrences.

Following the identification of human errors, appropriate prevention and/or mitigation strategies can be developed and implemented ( 72 ). Conducting regular team meetings strengthens teamwork ( 71 ). Sufficient training for employees equips them with the resources they need to perform their jobs. Online training is beneficial in improving the knowledge of the employees; however, practical training should also be provided for the trainees alongside the online training to help them learn how to apply knowledge and skills in practice (report R15H0021). One of the situations that can cause human error is doing non-routine tasks; checklists ensure that every step has been completed. Sufficient mentoring and support for the trainees helps them to identify their weaknesses and to address them, especially for non-routine tasks ( 73 ). Supervisors also need training to ensure that they can provide appropriate guidance for workers ( 71 ). After starting the job, regular assessment of competence for both workers and supervisors can ensure that individuals are capable of properly applying their knowledge in practice. Unannounced observations of workers on the job and effective oversight ensures that workers follow standard operating procedures and do their job properly. Regular tracking of employee assessments by specific supervisors and corrective actions (including work suspensions) are also preventive measures that can be used ( 71 ). Another potential measure to prevent and mitigate human errors is enhanced systems for train control that alert crews if they do not respond appropriately to a signal or other restriction and may stop trains or reduce their speeds (report R07E0129). Zhang et al. ( 74 ) show that, in the US, positive train control (PTC) is an advanced rail safety technology. The US railway industry is spending time and resources to complete the implementation of PTC in its system.

Finally, process knowledge and documentation have prominent roles as SMS elements, and have already been discussed in each section (e.g., incident investigation, process risk management, human factors). Essential reference materials must be documented, regularly updated, and easily accessible for all employees in required situations. Organizing the company’s rules, supplements, and general operating instructions in multiple documents/platforms makes version control, interpretability, and accessibility extremely difficult (report R13D0054). When employees need to work with new equipment, any special rules, regulations, training, and competency assessments must be established in advance ( 71 ). Standardization through process documentation is essential for organizations to ensure consistency in operation. Ungan ( 75 ) suggests documenting how the best performers complete their tasks—a process which the company can then standardize.

In sum, our research leverages process safety management tools which we use to suggest methods for railway operators, contractors, suppliers, and regulators to identify leading indicators, prevention measures, and mitigation measures for DG main-track train derailments. The aim of leading indicators is to identify the potential for an incident and then to prevent it ( 76 ). For example, some rail defects are more likely to cause rail failure and derailment than others (report R14W0256). Inconsistencies between company standard operating procedures, codes, and regulations are another indicator of potential errors. By reassessing these documents, gaps in companies’ SMS can be identified and mitigated.

Conclusion

Railways play a prominent role in Canada’s economy by transporting goods to destinations that are not easily accessible by road or pipeline. While railways are one of the safest modes of transportation for DGs, the persistence of derailments demonstrates room for improvement. Enhancing railways’ SMS is seen as the path forward toward improved safety.

By applying RCA, ETA, and BTA on petroleum crude oil main-track train derailments, we identified the causes and consequences of these accidents. Additionally, by connecting the relationships between these factors and SMS elements, the associated gaps in SMS elements were identified. Then, we expanded the results to include the entire database of 40 DG main-track train derailments (class 1, 2, 3 occurrences). The frequency in each category was identified to prioritize causes and consequences and gaps in SMS elements. The results of our study revealed that the top main causes of DG main-track train derailments include rail defects/failures, weaknesses in audits, and weaknesses in guidelines. The top three SMS elements that need enhancement are process and equipment integrity, incident investigation, and company standards, codes, and regulations. Enhancing railways’ SMS will improve safe transportation of DGs and reduce potential negative impacts on people’s lives, the environment, and the global economy.

Limitations of the study are related to the probabilities derived from the ETA. Since we were restricted to the study database of 40 DG main-track train derailments (class 1, 2, 3 occurrences), there is a certain measure of variability and uncertainty. This is common when developing statistical estimates following a frequentist approach for events with low frequencies. For future studies, researchers may address this limitation by considering other types and classes of rail occurrences to increase sample size. The limitation of this is associated with increasing the number of variables when aggregating incidents from other jurisdictions or different operational characteristics. Other options include the use of subjective measurements of uncertainty associated with the probabilities in the event trees, such as defining fuzzy probabilities.

Supplemental Material

sj-docx-1-trr-10.1177_03611981211062893 – Supplemental material for Critical Analysis of Train Derailments in Canada through Process Safety Techniques and Insights into Enhanced Safety Management Systems

Supplemental material, sj-docx-1-trr-10.1177_03611981211062893 for Critical Analysis of Train Derailments in Canada through Process Safety Techniques and Insights into Enhanced Safety Management Systems by Nafiseh Esmaeeli, Fereshteh Sattari, Lianne Lefsrud and Renato Macciotta in Transportation Research Record

Supplemental Material

sj-docx-2-trr-10.1177_03611981211062893 – Supplemental material for Critical Analysis of Train Derailments in Canada through Process Safety Techniques and Insights into Enhanced Safety Management Systems

Supplemental material, sj-docx-2-trr-10.1177_03611981211062893 for Critical Analysis of Train Derailments in Canada through Process Safety Techniques and Insights into Enhanced Safety Management Systems by Nafiseh Esmaeeli, Fereshteh Sattari, Lianne Lefsrud and Renato Macciotta in Transportation Research Record

Footnotes

Author Contributions

The authors confirm contribution to the paper as follows: study conception and design: N. Esmaeeli, F. Sattari, L. Lefsrud, and R. Macciotta ; data collection: N. Esmaeeli; analysis and interpretation of results: N. Esmaeeli; draft manuscript preparation: N. Esmaeeli, F. Sattari, L. Lefsrud, and R. Macciotta . All authors reviewed the results and reviewed and approved the final version of the manuscript.

Declaration of Conflicting Interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) disclosed receipt of the following financial support for the research, authorship, and/or publication of this article: Canadian Rail Research Lab at the University of Alberta and Transport Canada. This research was also funded by Lefsrud's NSERC Discovery grant and supplement.

ORCID iDs

Fereshteh Sattari

Lianne Lefsrud

Renato Macciotta

Supplemental Material

Supplemental material for this article is available online.

References

Railway Association of Canada. Railways 101. https://www.railcan.ca/railways-101/. Accessed April 18, 2020.

Railway Association of Canada. Rail Trends. RAC, Ottawa, Canada, 2018.

Crude Oil Forecast. Canadian Association of Petroleum Producers. https://www.capp.ca/resources/crude-oil-forecast/. Accessed April 18, 2020.

Miller

Review of the Canadian Transportation Safety Regime: Transportation of Dangerous Goods and Safety. Report of the Standing Committee on Transport, Infrastructure and Communities. Parliament of Canada, 2015.

Canada Transportation Act Review Panel. Vision and Balance. Report of the Canada Transportation Act Review Panel, Ottawa, 2001, 88 p.

Parliament of Canada - House of Commons. Standing Committee on Transport, Infrastructure and Communities. 41st Parliam. 2nd Sess. Parliament of Canada, 2013.

Railway Safety Management System Regulations. Canada Gazette. Vol. 148, No. 27, Part I, 2014.

Transportation Safety Board of Canada. Railway Investigation Report R05E0059. https://www.tsb.gc.ca/eng/rapports-reports/rail/2005/r05e0059/r05e0059.html. Accessed June 29, 2020.

Transportation Safety Board of Canada. Railway Investigation Report R13D0054. https://www.tsb.gc.ca/eng/rapports-reports/rail/2013/R13D0054/R13D0054.html. Accessed June 29, 2020.

10.

Edwards

C. J.

Developing of Safety Case with an Aircraft Operator. Proc., IBC Conference on Aviation Safety Management, London, 1999.

11.

Roland

H. E.

Moriarty

System Safety Engineering and Management. John Wiley & Sons Inc., New York, NY, 1990.

12.

Center for Chemical Process Safety. Guidelines for Process Safety Documentation. American Institute of Chemical Engineers, New York, NY, 1995.

13.

Crowl

D. A.

Louvar

J. F.

Chemical Process Safety, 4th ed. Prentice Hall, Upper Saddle River, NJ, 2019.

14.

Ebrahimi

Sattari

Lefsrud

Macciotta

Analysis of Train Derailments and Collisions to Identify Leading Causes of Loss Incidents in Rail Transport of Dangerous Goods in Canada. Journal of Loss Prevention in the Process Industries, Vol. 72, 2021, p. 104517.

15.

Håvold

J. I.

Safety Culture and Safety Management aboard Tankers. Reliability Engineering & System Safety, Vol. 95, No. 5, 2010, pp. 511–519.

16.

Bielić

Predovan

Čulin

The Role of the Master in Improving Safety Culture onboard Ships. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 11, No. 1, 2017, pp. 121–124.

17.

Hsu

Y. L.

W. C.

Chen

K. W.

Structuring Critical Success Factors of Airline Safety Management System Using a Hybrid Model. Transportation Research Part E: Logistics and Transportation Review, Vol. 46, No. 2, 2010, pp. 222–235.

18.

Kyriakidis

Pak

K. T.

Majumdar

Railway Accidents Caused by Human Error: Historic Analysis of UK Railways, 1945 to 2012. Transportation Research Record: Journal of the Transportation Research Board, 2015. 2476: 126–136.

19.

Liu

Saat

M. R.

Barkan

C. P. L.

Analysis of Causes of Major Train Derailment and Their Effect on Accident Rates. Transportation Research Record: Journal of the Transportation Research Board, 2012. 2289: 154–163.

20.

Rudin-Brown

C. M.

George

M. F. S.

Stuart

J. J.

Human Factors Issues of Accidents at Passively Controlled Rural Level Crossings. Transportation Research Record: Journal of the Transportation Research Board, 2014. 2458: 96–103.

21.

Kyriakidis

Majumdar

Ochieng

W. Y.

Data Based Framework to Identify the Most Significant Performance Shaping Factors in Railway Operations. Safety Science, Vol. 78, 2015, pp. 60–76.

22.

Dindar

Kaewunruen

Bayesian Network-Based Human Error Reliability Assessment of Derailments. Reliability Engineering & System Safety, Vol. 197, 2020, p. 106825.

23.

Read

G. J. M.

Naweed

Salmon

P. M.

Complexity on the Rails: A Systems-Based Approach to Understanding Safety Management in Rail Transport. Reliability Engineering & System Safety, Vol. 188, 2019, pp. 352–365.

24.

Chen

C. F.

Chen

S. C.

Scale Development of Safety Management System Evaluation for the Airline Industry. Accident Analysis & Prevention, Vol. 47, 2012, pp. 177–181.

25.

Basso

Carpegna

Dibitonto

Gaido

Robotto

Zonato

Reviewing the Safety Management System by Incident Investigation and Performance Indicators. Journal of Loss Prevention in the Process Industries, Vol. 17, No. 3, 2004, pp. 225–231.

26.

Hale

A. R.

Heming

B. H. J.

Carthey

Kirwan

Modelling of Safety Management Systems. Safety Science, Vol. 26, No. 1–2, 1997, pp. 121–140.

27.

Hurst

From Research to Practical Tools: Developing Assessment Tools for Safety Management and Safety Culture. Journal of Loss Prevention in the Process Industries, Vol. 10, No. 1, 1997, pp. 63–66.

28.

De Dianous

Fiévez

ARAMIS Project: A More Explicit Demonstration of Risk Control through the Use of Bow-Tie Diagrams and the Evaluation of Safety Barrier Performance. Journal of Hazardous Materials, Vol. 130, No. (3 Spec. Iss.), 2006, pp. 220–233.

29.

Hughes

Shipp

Figueres-Esteban

Van Gulijk

From Free-Text to Structured Safety Management: Introduction of a Semi-Automated Classification Method of Railway Hazard Reports to Elements on a Bow-Tie Diagram. Safety Science, Vol. 110, 2018, pp. 11–19.

30.

Ferdous

Khan

Sadiq

Amyotte

Veitch

Analyzing System Safety and Risks under Uncertainty Using a Bow-Tie Diagram: An Innovative Approach. Process Safety and Environmental Protection, Vol. 91, No. 1–2, 2013, pp. 1–18.

31.

Zhang

Wei

Zhao

Hazard-Based Design of the Bow-Tie Method to Prevent and Mitigate Mine Accidents. Journal of Failure Analysis and Prevention, Vol. 18, No. 1, 2018, pp. 29–40.

32.

Transportation Safety Board of Canada. Policy on Occurrence Classification. https://www.tsb.gc.ca/eng/lois-acts/evenements-occurrences.html. Accessed June 29, 2020.

33.

Canadian Society for Chemical Engineering. PSM, Process Safety Management Guide, 4th ed. Canadian Society for Chemical Engineering, Ottawa, ON, 2012.

34.

Vollmer

C. M.

Sanchez

Gondek

McAuliffe

Kent

T. S.

Christein

J. D.

Callery

M. P.

A Root-Cause Analysis of Mortality Following Major Pancreatectomy. Journal of Gastrointestinal Surgery, Vol. 16, No. 1, 2012, pp. 89–103.

35.

Todinov

M. T.

Generic Approaches to Reducing the Likelihood of Critical Failures. In Risk-Based Reliability Analysis and Generic Principles for Risk Reduction. Elsevier, 2007, pp. 181–192. https://doi.org/10.1016/b978-008044728-5/50010-x.

36.

Barry

T. F.

Risk-Informed, Performance-Based Industrial Fire Protection: An Alternative to Prescriptive Codes. Tennessee Valley Publishing, Knoxville, TN, 2002.

37.

Crawley

Tyler

Hazard Identification Method. Institute of Chemical Engineers, London, 2003.

38.

Rubin

Dahlberg

A Dictionary of Disaster Management. Oxford University Press, Oxford, 2017.

39.

Ferdous

Khan

Sadiq

Amyotte

Veitch

Handling and Updating Uncertain Information in Bow-Tie Analysis. Journal of Loss Prevention in the Process Industries, Vol. 25, No. 1, 2012, pp. 8–19.

40.

Vileiniskis

Remenyte-Prescott

Quantitative Risk Prognostics Framework Based on Petri Net and Bow-Tie Models. Reliability Engineering & System Safety, Vol. 165, 2017, pp. 62–73.

41.

Culwick

M. D.

Merry

A. F.

Clarke

D. M.

Taraporewalla

K. J.

Gibbs

N. M.

Bow-Tie Diagrams for Risk Management in Anaesthesia. Anaesthesia and Intensive Care, Vol. 44, No. 6, 2016, pp. 712–718.

42.

de Ruijter

Guldenmund

The Bowtie Method: A Review. Safety Science, Vol. 88, 2015, pp. 211–218.

43.

Shahriar

Sadiq

Tesfamariam

Risk Analysis for Oil & Gas Pipelines: A Sustainability Assessment Approach Using Fuzzy Based Bow-Tie Analysis. Journal of Loss Prevention in the Process Industries, Vol. 25, No. 3, 2012, pp. 505–523.

44.

Papazoglou

I. A.

Bellamy

L. J.

Hale

A. R.

Aneziris

O. N.

Ale

B. J. M.

Post

J. G.

J. I. H.

I-Risk: Development of an Integrated Technical and Management Risk Methodology for Chemical Installations. Journal of Loss Prevention in the Process Industries, Vol. 16, No. 6, 2003, pp. 575–591.

45.

Abdi

Ravaghi

Abbasi

Delgoshaei

Esfandiari

Application of Bow-Tie Methodology to Improve Patient Safety. International Journal of Health Care Quality Assurance, Vol. 29, No. 4, 2016, pp. 425–440.

46.

Cormier

Elliott

Rice

Putting on a Bow-Tie to Sort Out Who Does What and Why in the Complex Arena of Marine Policy and Management. Science of the Total Environment, Vol. 648, 2019, pp. 293–305.

47.

Delmotte

A Sociotechnical Framework for the Integration of Human and Organizational Factors in Project Management and Risk Analysis. Industrial & Systems Engineering, 2003;

48.

Van Scyoc

Hughes

Rail Ruminations for Process Safety Improvement. Journal of Loss Prevention in the Process Industries, Vol. 22, No. 6, 2009, pp. 689–694.

49.

Transportation Safety Board of Canada. Rail Transportation Safety Investigations and Reports. https://www.tsb.gc.ca/eng/rapports-reports/rail/index.html. Accessed April 16, 2020.

50.

Sattari

Macciotta

Lefsrud

Process Safety Approach to Identify Opportunities for Enhancing Rail Transport Safety in Canada. Transportation Research Record Journal of the Transportation Research Board, 2020. 2675: 49–66.

51.

Reinach

Viale

Application of a Human Error Framework to Conduct Train Accident/Incident Investigations. Accident Analysis and Prevention, Vol. 38, 2006, pp. 396–406.

52.

Federal Railroad Administration. ERA Guide for Preparing Accident/Incident Reports. Report No. DOT/FRA/RRS-22. Federal Railroad Administration, Washington, DC, 2003.

53.

Whittingham

R. B.

The Blame Machine: Why Human Error Causes Accidents. Elsevier Butterworth-Heinemann, Oxford, 2004.

54.

Iranitalab

Khattak

Thompson

Statistical Modeling of Types and Consequences of Rail-Based Crude Oil Release Incidents in the United States. Reliability Engineering and System Safety, Vol. 185, No. (November 2018), 2019, pp. 232–239.

55.

Railway Association of Canada. Rail Trends. RAC, Ottawa, Canada, 2017.

56.

Wilson

J. R.

Farrington-Darby

Cox

Bye

Hockey

G. R. J.

The Railway as a Socio-Technical System: Human Factors at the Heart of Successful Rail Engineering. Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit, Vol. 221, No. 1, 2007, pp. 101–115.

57.

Orringer

Control of Rail Integrity by Self-Adaptive Scheduling of Rail Tests. Dot/Fra/Ord-90/05. The National Technical Information Service, Springfield, VA, 1990.

58.

Lanza

di scalea F.

Rizzo

Coccia

Bartoli

Fateh

Laser-Air-Coupled Hybrid Noncontact System for Defect Detection in Rail Tracks: Status of FRA Prototype Development at University of California-San Diego. Transportation Research Record Journal of the Transportation Research Board, 2006. 1943: 57–64.

59.

Xiong

Mao

Zou

A 3D Laser Profiling System for Rail Surface Defect Detection. Sensors, Vol. 17, No. 8, 2017, pp. 1–19.

60.

Zhang

Feng

Wang

Shen

Acoustic Emission Detection of Rail Defect Based on Wavelet Transform and Shannon Entropy. Journal of Sound and Vibration, Vol. 339, 2015, pp. 419–432.

61.

Jeong

D. Y.

Gordon

J. E.

Evaluation of Rail Test Frequencies Using Risk Analysis. Proc., ASME Joint Rail Conference (JRC), Pueblo, Colorado, 2009, pp. 23–30.

62.

Liu

Lovett

Dick

Rapik Saat

Barkan

C. P. L.

Optimization of Ultrasonic Rail-Defect Inspection for Improving Railway Transportation Safety and Efficiency. Journal of Transportation Engineering, Vol. 140, No. 10, 2014, pp. 1–10.

63.

Orringer

Tang

Y. H.

Jeong

D. Y.

Perlman

A. B.

Risk/Benefit Assessment of Delayed Action Concept for Rail Inspection. Dot/Fra/Ord-99/03. The National Technical Information Service, Springfield, VA, 1999.

64.

Shaun

Stéphane

Transportation of Dangerous Goods. Newsletter, Vol. 36, No. 1, 2016, 2016.

65.

Liu

Saat

M. R.

Barkan

C. P. L.

Probability Analysis of Multiple-Tank-Car Release Incidents in Railway Hazardous Materials Transportation. Journal of Hazardous Materials, Vol. 276, 2014, pp. 442–451.

66.

Lefsrud

Macciotta

Nkoro

Performance-Based Regulations for Safety Management Systems in the Canadian Railway Industry: An Analytical Discussion. Canadian Journal of Civil Engineering, Vol. 47, No. 3, 2020, pp. 248–256.

67.

Macciotta

Robitaille

Hendry

Martin

C. D.

Hazard Ranking for Railway Transport of Dangerous Goods in Canada. Case Studies on Transport Policy, Vol. 6, No. 1, 2018, pp. 43–50.

68.

Baysari

M. T.

McIntosh

A. S.

Wilson

J. R.

Understanding the Human Factors Contribution to Railway Accidents and Incidents in Australia. Accident Analysis and Prevention, Vol. 40, No. 5, 2008, pp. 1750–1757.

69.

Kim

D. S.

Baek

D. H.

Yoon

W. C.

Development and Evaluation of a Computer-Aided System for Analyzing Human Error in Railway Operations. Reliability Engineering and System Safety, Vol. 95, No. 2, 2010, pp. 87–98.

70.

Tang

Chatzimichailidou

M. M.

Jun

G. T.

Waterson

A Hybrid Human and Organisational Analysis Method for Railway Accidents Based on STAMP-HFACS and Human Information Processing. Applied Ergonomics, Vol. 79, No. (February), 2019, pp. 122–142.

71.

Zhan

Zheng

Zhao

A Hybrid Human and Organizational Analysis Method for Railway Accidents Based on HFACS-Railway Accidents (HFACS-RAs). Safety Science, Vol. 91, 2017, pp. 232–250.

72.

De Felice

Petrillo

Methodological Approach for Performing Human Reliability and Error Analysis in Railway Transportation System. International Journal of Engineering and Technology, Vol. 3, No. 5, 2011, pp. 341–353.

73.

Read

G. J. M.

Lenné

M. G.

Moss

S. A.

Associations between Task, Training and Social Environmental Factors and Error Types Involved in Rail Incidents and Accidents. Accident Analysis and Prevention, Vol. 48, 2012, pp. 416–422.

74.

Zhang

Liu

Holt

Positive Train Control (PTC) for Railway Safety in the United States: Policy Developments and Critical Issues. Utilities Policy, Vol. 51, No. (June 2017), 2018, pp. 33–40.

75.

Ungan

M. C.

Standardization through Process Documentation. Business Process Management Journal, Vol. 12, No. 2, 2006, pp. 135–148.

76.

Leveson

A Systems Approach to Risk Management through Leading Safety Indicators. Reliability Engineering and System Safety, Vol. 136, 2015, pp. 17–34.

Supplementary Material

Please find the following supplemental material available below.

For Open Access articles published under a Creative Commons License, all supplemental material carries the same license as the article it is associated with.

For non-Open Access articles published, all supplemental material carries a non-exclusive license, and permission requests for re-use of supplemental material or any part of supplemental material shall be sent directly to the copyright owner as specified in the copyright notice associated with the article.

0.00 MB

0.01 MB

0.02 MB