Four changes followed the incident. Each was designed to close a specific failure mode exposed by the investigation.
Detection
Change 1
Coolant reservoir temperature instrumented and monitored
A 50°C threshold is now used for coolant reservoir temperature across all batches. It was set from the highest recorded temperature on the 300L still, which consistently produces spirit that passes quality control. Above that level, cooling becomes less effective and product quality begins to drop. Any breach now triggers immediate investigation while the batch is still active, including checking reservoir temperature and confirming the chiller is operating as expected.
Decision Constraints
Change 2
Hard stop on weak signals before raw material commitment
Any weak signal, sensory or operational, is now enough to halt production before raw materials enter the still. Once added, the batch is committed and cannot be recovered. The stop is now a fixed rule, not a judgement call. This delays irreversible commitments until the issue is understood, while action is still possible.
Change 3
Explicit escalation trigger for threshold breaches
One person still has authority to halt production, but the trigger for review is now fixed rather than decided in the moment. Any threshold breach requires a documented review before the run continues. When one person both sees the signal and makes the decision, weak signals are easier to dismiss. The documented review removes that reliance.
Execution Controls
Change 4
SOP versioning with explicit update loop
When a batch requires a workaround or exposes ambiguity, the SOP is updated before the next batch and the previous version is archived. During the incident, key assumptions, including the belief that visible condensation was a reliable quality signal, were being held in memory rather than written down. SOP versioning records these changes and reduces the risk of reverting to outdated practice.