LOPA. DR. AA Process Control and Safety Group

Similar documents
innova-ve entrepreneurial global 1

Safety Instrumented Systems

InstrumentationTools.com

IEC61511 Standard Overview

Options for Developing a Compliant PLC-based BMS

ANALYSIS OF HUMAN FACTORS FOR PROCESS SAFETY: APPLICATION OF LOPA-HF TO A FIRED FURNACE. Paul Baybutt Primatech Inc. and

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

Fire and Gas Detection and Mitigation Systems

ADIPEC 2013 Technical Conference Manuscript

Practical Methods for Process Safety Management

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

Managing the Lifecycle of Independent Protection Layers

Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design. Feng Tao

2015 Functional Safety Training & Workshops

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

BRIDGING THE SAFE AUTOMATION GAP PART 1

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Using HAZOP/LOPA to Create an Effective Mechanical Integrity Program

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Key Topics. Steven T. Maher, PE CSP. Using HAZOP/LOPA to Create an Effective Mechanical Integrity Program. David J. Childs

This document is a preview generated by EVS

Case Example SIL Classification

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

The SIL Concept in the process industry International standards IEC 61508/ 61511

Beyond Compliance Auditing: Drill til you find the pain points and release the pressure!

Session Number: 3 Making the Most of Alarms as a Layer of Protection

Karl Watson, ABB Consulting Houston LOPA. A Storage Tank Case Study. ABB Inc. September 20, 2011 Slide 1

Why AC800M High Integrity is used in Burner Management System Applications?

Functional Safety Application of IEC & IEC to asset protection

Integrated but separate

INTERNATIONAL STANDARD

ULT NE WORKSHOP ON THE PREVENTION OF WATER POLLUTION DUE TO PIPELINE ACCIDENTS

Strathayr, Rhu-Na-Haven Road, Aboyne, AB34 5JB, Aberdeenshire, U.K. Tel: +44 (0)

Q&A Session from Alarm Management Workflow Webinar (Apr.24/2013)

Design & Use of Ground Based Pumps Guidance Document

Is your current safety system compliant to today's safety standard?

IEC an aid to COMAH and Safety Case Regulations compliance

Safety in the process industry

Addressing Challenges in HIPPS Design and Implementation

Failure Rate Data, Safety System Modeling Concepts, and Fire & Gas Systems Moderator: Lori Dearman, Webinar Producer Thursday, May 16th, 2013

100 & 120 Series Pressure and Temperature Switches Safety Manual

New Developments in the IEC61511 Edition 2

Safety lnstrumentation Simplified

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

Retrospective Hazard Review

Autronica Fire and Security AS ID:

An Approach towards Safety Using Safety Instrumented Systems: A Case Study

Numerical Standards Listing

DIRECTIVE NO: D-B

Risk-Informed Industrial Fire Protection Engineering

Session Number: 3 SIL-Rated Fire (& Gas) Safety Functions Fact or Fiction?

Emergency shutdown systems. Procedures for bypassing ESD s

QENOS ALTONA SAFETY CASE COMMUNITY INFORMATION BULLETIN 2012

Functional Safety Solutions

Tank protection example using Simatic

Where Process Safety meets Machine Safety

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Identifying and Preventing Dust Fire and Explosion Hazards

Benchmarking Industry Practices for the Use of Alarms as Safeguards and Layers of Protection

Hazardous goods management Latest trends in petroleum industry. C. Sasi Assistant Vice President Total LPG India Limited

Alarm Management Standards Are You Taking Them Seriously?

Process Safety. Allan Rentcome Director Engineering Process Safety Technologies. Insert Photo Here

Fuel and Energy Research Forum

IMPLEMENTING PROCESS SAFETY KPI SUITE AT A WORLD-SCALE HFO UNIT

HYDROCARBONENGINEERING June June 2015

The Use of an Operator as a SIL 1 component in a Tank Overfill Protection System

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

International Journal of Advance Engineering and Research Development

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

NFPA 85 COMPLIANCES OF BMS: A CASE STUDY OF BOILER CONTROL AT SBM OFFSHORE MALAYSIA COMPANY 1. AHMED ABOUELRISH 2 Universiti Teknologi Petronas

excellence in Dependable Automation ALARM MANAGEMENT

FGR. Installation, Operation and Startup Instruction Manual FOR FLUE GAS RECIRCULATION SYSTEM. FGR-8 through FGR-22 (25 HP to 1000 HP)

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Reliability and Safety Assessment in Offshore and Process Industries

doi: / _57(

United Electric Controls One Series Safety Transmitter Safety Manual

Applying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

HAZARDS EQUAL TRIPS OR ALARMS OR BOTH

SAFETY MANUAL. IR5000 Open Path Hydrocarbon Gas Monitoring System

Numerical Standards Listing

Technical Discussion on

Purdue Process Safety & Assurance Center P2SAC. Davidson School of Chemical Engineering Purdue University

SAFETY CERTIFIED MODEL FP-700 COMBUSTIBLE GAS DETECTOR

FIRE HAZARD ASSESSMENT IN SUPPORTING FIRE PROTECTION SYSTEM DESIGN OF A CHEMICAL PROCESS FACILITY ABSTRACT

Kolmetz Handbook Of Process Equipment Design BURNER MANAGEMENT SYSTEMS (ENGINEERING DESIGN GUIDELINE)

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Enhance Alarm Management

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

Risk Assessment of large Hydrocarbon Storage tanks. G. Unnikrishnan, Kuwait Oil Company

The agri-motive safety performance integrity level Or how do you call it?

SAFETY MANUAL. X2200 UV, X9800 IR, X5200 UVIR SIL 2 Certified Flame Detectors

Proof Testing Level Instruments

SAFETY MANUAL. FL4000H and FL4000 Multi-Spectral Infrared Flame Detectors

Reliability of Safety-Critical Systems Chapter 1. Introduction

APPLICATION BULLETIN COMBUSTION TURBINE FACILITIES. Overview

Transcription:

LOPA DR. AA Process Control and Safety Group

LOPA LOPA is a semi-quantitative risk analysis technique that is applied following a qualitative hazard identification tool such as HAZOP. Similar to HAZOP LOPA uses a multi-discipline team LOPA can be easily applied after the HAZOP, but before fault tree analysis LOPA focuses the risk reduction efforts toward the impact events with the highest risks. It provides a rational basis to allocate risk reduction resources efficiently. LOPA suggests the required Independent Layer of Protection (IPL) required for the system to meet the required Safety Integrity Level (SIL)

LOPA Methodology There are five basic steps in LOPA: 1. Identify the scenarios 2. Select an accident scenario 3. Identify the initiating event of the scenario and determine the initiating event frequency (events per year) 4. Identify the Independent Protection Layers (IPL) and estimate the probability of failure on demand of each IPL 5. Estimate the risk of scenario

LOPA

LOPA Consequence & Severity Initiating event (cause) Initiating event challenge frequency /year Preventive independent protection layers Probability of failure on demand (PFD) Process design BPCS Operator response to alarm SIF (PLC relay) Mitigation independent protection layer (PFD) Mitigated consequen ce frequency /year f C i f I i J j 1 PFD ij f I i PFD i1 PFD i2... PFD ij f C i frequency for consequence C for initiating event i I fi frequency requency for initiating event i PFD probability of failure on demand of the jth IPL that ij protects against consequence C for initiating event i

Typical Initiating Cause Likelihood

Typical Initiating Event Frequency

Layers of Protection Pressure Relief Devices Flare Systems Fire Suppression Systems Safety Instrumented System (SIS) or Emergency Shutdown System Automatic action safety interlock system Basic controls, critical alarms Community emergency response Inherently safe design features Operator intervention Plant emergency response

Typical Independent Protection and Mitigation Layers PFD

Implementing LOPA One Cause One Consequence One Scenario Do not combine consequences or causes What is IPL A device, system or action that is capable of preventing a scenario from proceeding to its undesired consequence independent of the initiating event or the action of any other layer of protection associated with the scenario. Procedure and inspection cannot be considered as IPL

LOPA 1.Express target quantitatively FAR: Fatal Accident Rate - This is the number of fatalities occurring during 1000 working lifetimes (10 8 hours). This is used in the U.K. Fatality Rate = FAR * (hours worked) / 10 8 OSHA Incidence Rate - This is the number of illnesses and injuries for 100 work-years. This is used in the USA.

What is the fatality rate/year for the chemical industry? LOPA 1.Express target quantitatively FAR Data for typical Activities Activity FAR Chemical Industry 4 Steel Industry 8 Coal Mining 40 Construction 67 Uranium 70 Asbestos (old data?) 620 What is FAR for cigarette smoking? Staying home 3 Traveling by automobile 57 Traveling by airplane 240 Cigarette smoking???

LOPA 1.Express target quantitatively One standard used is to maintain the risk for involuntary activities less (much less?) than typical risks such as staying home - Results in rules, such as fatality rate < 10-6 /year - See Wells (1996) Table 9.4 - Remember that many risks exist (total risk is sum) Are current risks accepted or merely tolerated? We must consider the inaccuracies of the estimates We must consider people outside of the manufacturing site.

LOPA 1.Express target quantitatively People usually distinguish between voluntary and involuntary risk. They often accept higher risk for voluntary activities (rock climbing). People consider the number of fatalities per accident Fatalities = (frequency) (fatalities/accident).001 = (.001) (1) fatalities/time period.001 = (.0000001)(100,000) fatalities/time period We need to consider frequency and consequence

Probability or Frequency, F (events/year) LOPA 1.Express target quantitatively The decision can be presented in a F-N plot similar to the one below. (The coordinate values here are not standard ; they must be selected by the 1.00E-07 professional.) Unacceptable risk 1.00E-08 Acceptable risk 1.00E-09 1 10 100 Deaths per event, N The design must be enhanced to reduce the likelihood of death (or serious damage) and/or to mitigate the effects.

LOPA 2.Determine the risk for system In Level of Protection Analysis (LOPA), we assume that the probability of each element in the system functioning (or failing) is independent of all other elements. We consider the probability of the initiating event (root cause) occurring We consider the probability that every independent protection layer (IPL) will prevent the cause or satisfactorily mitigate the effect

LOPA 2.Determine the risk for system X is the probability of the event Yi is the probability of failure on demand (PFD) for each IPL Initiating event, X Unsafe, Y1 I P L 1 Unsafe, Y2 I P L 2 I P L 3 Unsafe, Yn I P L n unsafe Safe/ tolerable

LOPA - Determine the risk for system LOPA 2.Determine the risk for system Recall that the events are considered independent Initiating event, X Unsafe, Y1 I P L 1 Unsafe, Y2 I P L 2 I P L 3 I P L n unsafe Safe/ tolerable The probability that the unsafe consequence will occur is the product of the individual probabilities. P consequence ( X ) n i 1 Y i

LOPA 2.Determine the risk for system The Layer of Protection Analysis (LOPA) is performed using a standard table for data entry. # Initial Event Description 1 2 3 Initiating cause Cause likelihood 4 5 6 7 8 Process design Protection Layers BPCS Alarm SIS Additional mitigation (safety valves, dykes, restricted access, etc.) 9 10 Mitigated event likelihood Notes Likelihood = X Probability of failure on demand = Yi Mitigated likelihood = (X)(Y1)(Y 2) (Yn)

LOPA 2.Determine the risk for system How do we determine the initiating events? How do we determine the probability of the initiating event, X How do we determine the probability that each IPL will function successfully? How do we determine the target level for the system? HAZOP Company, industry experience Company, industry experience F-N plot, depends on consequence

LOPA 2.Determine the risk for system Some typical protection layer Probability of Failure on Demand (PFD) BPCS control loop = 0.10 Operator response to alarm = 0.10 Relief safety valve = 0.001 Vessel failure at maximum design pressure = 10-4 or better (lower) Source: A. Frederickson, Layer of Protection Analysis, www.safetyusersgroup.com, May 2006

LOPA 2.Determine the risk for system Often, credit is taken for good design and maintenance procedures. Proper materials of construction (reduce corrosion) Proper equipment specification (pumps, etc.) Good maintenance (monitor for corrosion, test safety systems periodically, train personnel on proper responses, etc.) A typical value is PFD = 0.10

LOPA 3.Reduce the risk to achieve the target The general approach is to Set the target frequency for an event leading to an unsafe situation (based on F-N plot) Calculate the frequency for a proposed design If the frequency for the design is too high, reduce it - The first approach is often to introduce or enhance the safety interlock system (SIS) system Continue with improvements until the target frequency has been achieved

LOPA Process Example The Layer of Protection Analysis (LOPA) is performed using a standard table for data entry. # Initial Event Description 1 2 3 Initiating cause Cause likelihood 4 5 6 7 8 Process design Protection Layers BPCS Alarm SIS Additional mitigation (safety valves, dykes, restricted access, etc.) 9 10 Mitigated event likelihood Notes Likelihood = X Probability of failure on demand = Yi Mitigated likelihood = (X)(Y1)(Y 2) (Yn)

LOPA Process Example Class Exercise 1: Flash drum for rough component separation for this proposed design. cascade Split range TC-6 PC-1 PAH Vapor product Feed T1 T2 T5 Methane Ethane (LK) Propane Butane Pentane FC-1 T3 LC-1 LAL LAH F2 Process fluid F3 Steam L. Key AC-1 Liquid product

LOPA Process Example Class Exercise 1: Flash drum for rough component separation. Complete the table with your best estimates of values. # Initial Event Description 1 High pressure 1 2 3 Initiating cause Connection (tap) for pressure sensor P1 becomes plugged Cause likelihood 4 5 6 7 8 Process design Protection Layers BPCS Alarm SIS Additional mitigation (safety valves, dykes, restricted access, etc.) 9 10 Mitigated event likelihood Notes Pressure sensor does not measure the drum pressure Assume that the target mitigated likelihood = 10-5 event/year

LOPA Process Example Class Exercise 1: Some observations about the design. The drum pressure controller uses only one sensor; when it fails, the pressure is not controlled. The same sensor is used for control and alarming. Therefore, the alarm provides no additional protection for this initiating cause. No safety valve is provided (which is a serious design flaw). No SIS is provided for the system. (No SIS would be provided for a typical design.)

LOPA Process Example # Initial Event Description 1 High pressure Class Exercise 1: Solution using initial design and typical published values. 1 2 3 Initiating cause Connection (tap) for pressure sensor P1 becomes plugged Cause likelihood 4 5 6 7 8 Process design Protection Layers BPCS Alarm SIS Additional mitigation (safety valves, dykes, restricted access, etc.) 9 10 Mitigated event likelihood Notes 0.10 0.10 1. 1.0 1.0 1.0.01 Pressure sensor does not measure the drum pressure Much too high! We must make improvements to the design.

LOPA Process Example Class Exercise 1: Solution using enhanced design and typical published values. # Initial Event Description 1 High pressure 1 2 3 Initiating cause Connection (tap) for pressure sensor P1 becomes plugged Cause likelihood Enhanced design includes separate P sensor for alarm and a pressure relief valve. Sketch on process drawing. 4 5 6 7 8 Process design Protection Layers BPCS Alarm SIS Additional mitigation (safety valves, dykes, restricted access, etc.) 9 10 Mitigated event likelihood Notes 0.10 0.10 1.0 0.10 1.0 PRV 0.01.00001 Pressure sensor does not measure the drum pressure The enhanced design achieves the target mitigated likelihood. Verify table entries. The PRV must exhaust to a separation (knock-out) drum and fuel or flare system.

LOPA Process Example Class Exercise 1: Solution. cascade Split range TC-6 PC-1 Vapor product Feed T1 T2 T5 P-2 PAH Methane Ethane (LK) Propane Butane Pentane FC-1 T3 LC-1 LAL LAH F2 Process fluid F3 Steam L. Key AC-1 Liquid product

LOPA Process Example Class Exercise 1: Each IPL must be independent. For the solution in the LOPA table and process sketch, describe some situations (equipment faults) in which the independent layers of protection are - Independent - Dependent Hints: Consider faults such as power supply, signal transmission, computing, and actuation For each situation in which the IPLs are dependent, suggest a design improvement that would remove the common cause fault, so that the LOPA analysis in the table would be correct.

LOPA Approaches to reducing risks The most common are BPCS, Alarms and Pressure relief. They are typically provided in the base design. The next most common is SIS, which requires careful design and continuing maintenance The probability of failure on demand for an SIS depends on its design. Duplicated equipment (e.g., sensors, valves, transmission lines) can improve the performance A very reliable method is to design an inherently safe process, but these concepts should be applied in the base case

LOPA Approaches to reducing risks The safety instrumented system (SIS) must use independent sensor, calculation, and final element to be independent! We desire an SIS that functions when a fault has occurred and does not function when the fault has not occurred. SIS performance improves with the use of redundant elements; however, the systems become complex, requiring high capital cost and extensive ongoing maintenance. Use LOPA to determine the required PFD; then, design the SIS to achieve the required PFD.

LOPA Approaches to reducing risks Performance for the four SIL s levels for a safety interlock system (SIS) Safety Integrity Level (SIL) Probability of Failure on Demand SIL-1 0.10 to 0.001 SIL-2 0.01 to 0.001 SIL-3 0.001 to 0.0001 SIL-4 Less than 0.0001

LOPA Approaches to reducing risks Two common designs for a safety interlock system (SIS) False shutdown Failure on demand T100 Better performance, more expensive 1 out of 1 must indicate failure s 5 x 10-3 5 x 10-3 T100 T101 T102 Same variable, multiple sensors! 2 out of 3 must indicate failure s 2.5 x 10-6 2.5 x 10-6

LOPA Process Examples Class Exercise 2: Fired heater to increase stream s temperature. PIC 1 Flue gas AT 1 PI 4 FT 1 TI 1 PI 5 TI 2 TI 5 feed PT 1 TI 6 TI 3 TI 4 TI 7 TI 9 TI 10 FT 2 TI 8 FI 3 TI 11 PI 2 PI 3 PI 6 air Fuel gas

LOPA Process Examples Class Exercise 2: Fired heater to increase stream s temperature. # Initial Event Description 1 Combustibles in stack, fire or explosion 1 2 3 Initiating cause Limited air supply because air blower reaches maximum power Cause likelihood 4 5 6 7 8 Process design Protection Layers BPCS Alarm SIS Additional mitigation (safety valves, dykes, restricted access, etc.) 9 10 Mitigated event likelihood Notes All equipment is functioning properly in this scenario. The feed rate is very high, beyond its design value.

LOPA - References Dowell, A. and D. Hendershoot, Simplified Risk Analysis - Layer of Protection Analysis, AIChE National Meeting, Indianapolis, Paper 281a, Nov. 3-8, 2002 Dowell, A. and T. Williams, Layer of Protection Analysis: Generating Scenarios Automatically from HAZOP Data, Process Safety Progress, 24, 1, 38-44 (March 2005). Frederickson A., Layer of Protection Analysis, www.safetyusersgroup.com, May 2006 Gulland, W., Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons, http://www.chemicalprocessing.com/whitepapers/2005/006.html Haight, J. and V. Kecojevic, Automation vs. Human Intervention: What is the Best Fit for the Best Performance?, Process Safety Progress, 24, 1, 45-51 (March 2005) Melhem, G. and P. Stickles, How Much Safety is Enough, Hydrocarbon Processing, 1999 Wiegernick, J., Introduction to the Risk-Based Design of Safety Instrumented Systems for the Process Industries, Seventh International Conference on Control, Automation, Robotics and Vision, Singapore, Dec. 2002.

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback