innova-ve entrepreneurial global 1

Similar documents
LOPA. DR. AA Process Control and Safety Group

InstrumentationTools.com

Safety Instrumented Systems

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

IEC61511 Standard Overview

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

ADIPEC 2013 Technical Conference Manuscript

Managing the Lifecycle of Independent Protection Layers

Practical Methods for Process Safety Management

This document is a preview generated by EVS

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

ANALYSIS OF HUMAN FACTORS FOR PROCESS SAFETY: APPLICATION OF LOPA-HF TO A FIRED FURNACE. Paul Baybutt Primatech Inc. and

Options for Developing a Compliant PLC-based BMS

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

INTERNATIONAL STANDARD

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

Session Number: 3 Making the Most of Alarms as a Layer of Protection

Fire and Gas Detection and Mitigation Systems

Functional Safety Application of IEC & IEC to asset protection

New requirements for IEC best practice compliance

Risk-Informed Industrial Fire Protection Engineering

Using HAZOP/LOPA to Create an Effective Mechanical Integrity Program

The SIL Concept in the process industry International standards IEC 61508/ 61511

Key Topics. Steven T. Maher, PE CSP. Using HAZOP/LOPA to Create an Effective Mechanical Integrity Program. David J. Childs

Beyond Compliance Auditing: Drill til you find the pain points and release the pressure!

2015 Functional Safety Training & Workshops

IMPLEMENTING PROCESS SAFETY KPI SUITE AT A WORLD-SCALE HFO UNIT

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design. Feng Tao

Functional Safety Solutions

ULT NE WORKSHOP ON THE PREVENTION OF WATER POLLUTION DUE TO PIPELINE ACCIDENTS

Safety lnstrumentation Simplified

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

Case Example SIL Classification

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

BRIDGING THE SAFE AUTOMATION GAP PART 1

Integrated but separate

100 & 120 Series Pressure and Temperature Switches Safety Manual

Why AC800M High Integrity is used in Burner Management System Applications?

Hazardous goods management Latest trends in petroleum industry. C. Sasi Assistant Vice President Total LPG India Limited

Addressing Challenges in HIPPS Design and Implementation

IEC an aid to COMAH and Safety Case Regulations compliance

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

Failure Rate Data, Safety System Modeling Concepts, and Fire & Gas Systems Moderator: Lori Dearman, Webinar Producer Thursday, May 16th, 2013

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

risk management and assessment for business Lessons Learned from Real World Application of Bow-tie Method 2010 International Symposium

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

doi: / _57(

Session Ten: The importance of a clear Safety Requirements Specification as part of the overall Safety Lifecycle

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Design & Use of Ground Based Pumps Guidance Document

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

An Approach towards Safety Using Safety Instrumented Systems: A Case Study

Overview of Control System Design

Benchmarking Industry Practices for the Use of Alarms as Safeguards and Layers of Protection

Where Process Safety meets Machine Safety

Emergency shutdown systems. Procedures for bypassing ESD s

High Integrity Pressure Protection System

Fuel and Energy Research Forum

Q&A Session from Alarm Management Workflow Webinar (Apr.24/2013)

SAFETY CERTIFIED MODEL FP-700 COMBUSTIBLE GAS DETECTOR

Tank protection example using Simatic

New Developments in the IEC61511 Edition 2

SAFETY MANUAL. X2200 UV, X9800 IR, X5200 UVIR SIL 2 Certified Flame Detectors

Bowties in process safety auditing

Safety in the process industry

SAFETY MANUAL. Intelligent Sensors for H 2 S Gas Applications

Is your current safety system compliant to today's safety standard?

Alarm Management Standards Are You Taking Them Seriously?

Proof Testing Level Instruments

Functional Safety Manual June pointek CLS500/LC500

Fire and Gas Mapping- Updates to ISA84 TR7

Fully configurable SIL2 addressable Fire & Gas Detection solutions

International Journal of Advance Engineering and Research Development

Karl Watson, ABB Consulting Houston LOPA. A Storage Tank Case Study. ABB Inc. September 20, 2011 Slide 1

Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

IEC PRODUCT APPROVALS VEERING OFF COURSE

2013 Honeywell Users EMEA Nice. Johan School. Concepts and Implementation of Process Risk Management using Safety Manager

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

excellence in Dependable Automation ALARM MANAGEMENT

Strathayr, Rhu-Na-Haven Road, Aboyne, AB34 5JB, Aberdeenshire, U.K. Tel: +44 (0)

Reliability and Safety Assessment in Offshore and Process Industries

Y. ORMIERES. Fire risk analysis method for nuclear installations

Safety Instrumented Systems The Smart Approach

Autronica Fire and Security AS ID:

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Quantitative Evaluation of the Safety Barriers to Prevent Fired Domino Effect

Reliability of Safety-Critical Systems Chapter 1. Introduction

Numerical Standards Listing

Bowties in process safety auditing

Failure Modes, Effects and Diagnostic Analysis

Process Safety. Allan Rentcome Director Engineering Process Safety Technologies. Insert Photo Here

Process Control & Automation

United Electric Controls One Series Safety Transmitter Safety Manual

Leak Detection - Application Note

Applying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites

Transcription:

1 www.utm.my innova-ve entrepreneurial global 1

Using redundant sensors and final redundant control elements Using multiple sensors with voting systems and redundant final control elements Testing the system components at specific intervals to reduce the PFD by detecting hidden failures Using deenergized trip system (i.e., a relayed shutdown system) www.utm.my innova-ve entrepreneurial global 2

Sufficiently independent so that the failure of one IPL does not adversely affect the probability of failure of another IPL Designed to prevent the hazardous event, or mitigate the consequences of the event Designed to perform its safety function during normal, abnormal, and design basis conditions Auditable for performance www.utm.my innova-ve entrepreneurial global 3

Unmitigated Risk PFD=0.1 PFD=0.1 PFD=0.01 Preventive Feature Preventive Feature Mitigative Feature Mitigated Risk = reduced frequency * reduced consequence Different Scenario Consequence Occurs Initiating Event Frequency = 1/yr Success = 0.9 Success = 0.9 Success= 0.99 Failure = 0.1 Failure = 0.1 Failure = 0.01 Frequency = 0.9/yr Safe Outcome Frequency = 0.09/yr Safe Outcome Frequency = 0.0099/yr Mitigated Release, tolerable outcome Frequency 0.0001/yr Consequences exceeding criteria www.utm.my innova-ve entrepreneurial global 4

COMMUNITY EMERGENCY RESPONSE Emergency Broadcasting PLANT EMERGENCY RESPONSE Evacuation Procedure MITIGATION Mechanical Mitigation System Safety Instrumented Control System Safety Instrumented Mitigation System Operator Supervision PREVENTION Mechanical Protection system Alarms with operator corrective actions Safety Instrumented Control System CONTROL & MONITORING Basic Process Control System Monitoring system (Alarms) Operator Supervision PROCESS DESIGN WHAT ARE IPL? Each layer is independent in terms of operation. The failure of one layer does not affect the next www.utm.my innova-ve entrepreneurial global 5

Independent layer of protections (IPL) are features to provide risk reductions in plant operations. Categories of IPLs: Prevention (active lower probability) Alarm with operator response Safety Instrumented System Mitigation (active lower probability/consequence) Pressure relief valve Protection (passive lower consequence) Dikes Mechanical design Barricades www.utm.my innova-ve entrepreneurial global 6

LOPA is a semi-quantitative risk analysis technique that is applied following a qualitative hazard identification tool such as HAZOP. Similar to HAZOP LOPA uses a multi-discipline team LOPA can be easily applied after the HAZOP, but before fault tree analysis LOPA focuses the risk reduction efforts toward the impact events with the highest risks. It provides a rational basis to allocate risk reduction resources efficiently. LOPA suggests the required Independent Layer of Protection (IPL) required for the system to meet the required Safety Integrity Level (SIL) www.utm.my innova-ve entrepreneurial global 7 7

Consequen ce & Severity Initiating event (cause) Initiating event challenge frequency / year Preventive independent protection layers Probability of failure on demand (PFD) Process design BPCS Operator response to alarm SIF (PLC relay) Mitigation independen t protection layer (PFD) Mitigated consequen ce frequency /year Specific Scenario Endpoint f C i = f I i Π PFDij j=1 J = f i I PFD i1 PFD i2... PFD ij Multiple Scenario Endpoint f C = I i=1 f i C i = scenario or event j = IPLlayer f C i I f i = frequency for consequence C for initiating event i = frequency requency for initiating event i PFD ij = probability of failure on demand of the jth IPL that protects against consequence C for initiating event i www.utm.my innova-ve entrepreneurial global 8 8

There are five basic steps in LOPA: 1. Identify the scenarios 2. Select an accident scenario 3. Identify the initiating event of the scenario and determine the initiating event frequency (events per year) 4. Identify the Independent Protection Layers (IPL) and estimate the probability of failure on demand of each IPL 5. Estimate the risk of scenario www.utm.my innova-ve entrepreneurial global 9 9

www.utm.my innova-ve entrepreneurial global 10

Typical Frequencies of Initiating Events (f I i) (From CCPS, 2001, Table 5.1) Initiating Event Frequency (events/year) Pressure vessel failure 10-5 to 10-7 Piping failure (full breach) 10-5 to 10-6 Piping failure (leak) 10-3 to 10-4 Atmospheric tank failure 10-3 to 10-5 Turbine/diesel engine overspeed (with casing breach) 10-3 to 10-4 Third party intervention (impact by backhoe, etc.) 10-2 to 10-4 Safety valve opens spuriously 10-2 to 10-4 Cooling water failure 1 to 10-2 Pump seal failure 10-1 to 10-2 BPCS loop failure 1 to 10-2 Pressure regulator failure 1 to 10-1 Small external fire 10-1 to 10-2 Large external fire 10-2 to 10-3 Operator failure (to execute routine procedure, assuming well trained, unstressed, not fatigued) 10-1 to 10-3 (units are events/procedure) www.utm.my innova-ve entrepreneurial global 11

www.utm.my innova-ve entrepreneurial global 12

Some surprising data for human reliability in process operations PFD Situation Description 1.0 Rapid action based on complex analysis to prevent serious accident. 10-1 Busy control room with many distractions and other demands on time and attention 10-2 Quiet local control room with time to analyze Source: Kletz (1999) www.utm.my innova-ve entrepreneurial global 13

14 www.utm.my innova-ve entrepreneurial global 14

Event Severity extensive serious minor Medium 2 Minimal 1 Minimal 1 Major 3 Medium 2 Minimal 1 low moderate high Event Likelihood Major 3 Major 3 Medium 2 Table entries word = qualitative risk description number = required safety integrity level (SIL) Safety Integrity Levels (Prob. Of failure on demand) 1 =.01 to.1 2 =.001 to.01 3 =.0001 to.001 Selection documented for legal requirements www.utm.my innova-ve entrepreneurial global 15

www.utm.my innova-ve entrepreneurial global 16

www.utm.my innova-ve entrepreneurial global 17

Often, credit is taken for good design and maintenance procedures. Proper materials of construction (reduce corrosion) Proper equipment specification (pumps, etc.) Good maintenance (monitor for corrosion, test safety systems periodically, train personnel on proper responses, etc.) A typical value is PFD = 0.10 www.utm.my innova-ve entrepreneurial global 18

The Layer of Protection Analysis (LOPA) is performed using a standard table for data entry. Conseque nce & Severity Initiatin g event (cause) Initiating event challenge frequency / year Preventive independent protection layers Probability of failure on demand (PFD) Process design BPC S Operator response to alarm SIF (PLC relay) Additional mitigation (safety valves, dikes, etc) Mitigate d event likelihoo d /year Notes Likelihood Mitigated likelihood = Probability of failure on demand f C i Π n = I max fi ( PFD) ij fi j = 1 www.utm.my innova-ve entrepreneurial global 19

Flash drum for component separation for this proposed design. cascade Split range TC-6 PC-1 PAH Vapor product Feed T1 T2 T5 Methane Ethane (LK) Propane Butane Pentane FC-1 T3 LC-1 LAL LAH F2 Process fluid F3 Steam L. Key AC-1 Liquid product www.utm.my innova-ve entrepreneurial global 20

Flash drum for component separation for this proposed design. Conseque nce & Severity Initiating event (cause) Initiatin g event frequen cy /year Preventive independent protection layers Probability of failure on demand (PFD) Process design BPC S Operato r respons e to alarm SIF (PLC relay) Additional mitigation (safety valves, dikes, etc) Mitigate d event likelihoo d /year Notes High Pressure Connection (tap) for sensor P1 plugged Pressure sensor does not measure drum pressure The target mitigated likelihood = 10-5 event/year The likelihood of the event = 10-1 events/year www.utm.my innova-ve entrepreneurial global 21

Some observations about the design. The drum pressure controller uses only one sensor; when it fails, the pressure is not controlled. The same sensor is used for control and alarming. Therefore, the alarm provides no additional protection for this initiating cause. No safety valve is provided (which is a serious design flaw). No SIS is provided for the system. (No SIS would be provided for a typical design.) www.utm.my innova-ve entrepreneurial global 22

Solution: Original design. When the connection to the sensor is plugged, the controller and alarm will fail to function on demand cascade Split range TC-6 PC-1 PA H Vapor product Feed Methane Ethane (LK) Propane Butane Pentane T1 FC-1 T2 T5 T3 LAL LAH LC-1 F2 F3 Liquid product Process fluid Steam L. Key AC-1 www.utm.my innova-ve entrepreneurial global 23

Solution using initial design and typical published values. Conseque nce & Severity High Pressure Initiating event (cause) Connection (tap) for sensor P1 plugged Initiatin g event frequen cy /year Preventive independent protection layers Probability of failure on demand (PFD) Proces s design BPCS Operato r respons e to alarm SIF (PLC relay) Additional mitigation (safety valves, dikes, etc) Mitigate d event likelihoo d /year Notes 0.1 0.1 1.0 1.0 1.0 1.0 0.01 Pressure sensor does not measure drum pressure Much too high! We must make improvements to the design. Gap = 10-2 /10-5 = 10 3 (sometimes given as the exponent 3 ) www.utm.my innova-ve entrepreneurial global 24

Split range cascade TC-6 PC-1 PAH Vapor product Feed T1 T2 T5 P-2 PAHH Methane Ethane (LK) Propane Butane Pentane FC-1 T3 LC-1 LAL LAH F2 Process fluid F3 Steam L. Key AC-1 Liquid product www.utm.my innova-ve entrepreneurial global 25

Conseque nce & Severity Initiating event (cause) Initiatin g event frequen cy /year Preventive independent protection layers Probability of failure on demand (PFD) Proces s design BPCS Operato r respons e to alarm SIF (PLC relay) Additional mitigation (safety valves, dikes, etc) Mitigate d event likelihoo d /year Notes High Pressure Connection (tap) for sensor P1 plugged 0.1 0.1 1.0 0.1 1.0 PRV 0.01 0.00001 Pressure sensor does not measure drum pressure The PRV must exhaust to a knockout and flare system Enhanced design includes separate P sensor for alarm and a pressure relief valve. The enhanced design achieves the target mitigated likelihood. Verify table entries. www.utm.my innova-ve entrepreneurial global 26

For the solution in the LOPA table and process sketch, describe some situations (equipment faults) in which the independent layers of protection are - Independent - Dependent Hints: Consider faults such as sensor, power supply, signal transmission, computing, and actuation For each situation in which the IPLs are dependent, suggest a design improvement that would remove the common cause fault, so that the LOPA analysis in the table would be correct. www.utm.my innova-ve entrepreneurial global 27

The most common are BPCS, Alarms and Pressure relief. They are typically provided in the base design. The next most common is SIS, which requires careful design and continuing maintenance The probability of failure on demand for an SIS depends on its design. Duplicated equipment (e.g., sensors, valves, transmission lines) can improve the performance A very reliable method is to design an inherently safe process, but these concepts should be applied in the base case www.utm.my innova-ve entrepreneurial global 28

The safety interlock system (SIS) must use independent sensor, calculation, and final element to be independent! We desire an SIS that functions when a fault has occurred and does not function when the fault has not occurred. SIS performance improves with the use of redundant elements; however, the systems become complex, requiring high capital cost and extensive ongoing maintenance. Use LOPA to determine the required PFD; then, design the SIS to achieve the required PFD. www.utm.my innova-ve entrepreneurial global 29

30 www.utm.my innova-ve entrepreneurial global 30

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback