Practical Methods for Process Safety Management Putting Process Safety Management At The Heart Of Our Lives Canadian Chemical Engineering Conference 2006 October 18, 2006 CSChE Conference 2006
Quote Concern for man himself and his safety must always form the chief interest of all technical endeavors. Never forget this in the midst of your diagrams and equations ~Albert Einstein Quote taken from Five Past Midnight in Bhopal 2 CSChE Conference 2006
Agenda Introduction Standard Overview Defining Risk and Risk Reduction Determining if an SIS is required Proof Testing Long Term Maintenance Discussion/Questions 3 CSChE Conference 2006
Sam Kozma, C.E.T., CFSE Certified Functional Safety Expert Certified Functional Safety Expert (CFSE) with TÜV V Accreditation Instrument and Controls for over 18 years, specializing in SIS, SIL & IEC/ISA Experience with many systems including Siemens, HIMA, and Honeywell Member: Task Force on Functional Safety Canadian National Committee (IEC/SC65A) 4 CSChE Conference 2006
What are the IEC/ISA Standards? A performance based project execution method Uses a Lifecycle from cradle to grave Sets targets based on your own risk tolerances Quantitative analysis to measure success Non-prescriptive - Tailor to your own specific needs Primary objectives to protect humans and the environment Also Successful in Asset Protection, Corporate Image, etc. 5 CSChE Conference 2006
What are the IEC/ISA Standards? Developed to help prevent incidents Flixborough Seveso Bhopal Texas City 6 CSChE Conference 2006
How Many Standards Are There? IEC 61508 IEC 61513 Nuclear IEC 61511 Process Industry IEC 62061 Machine Safety ISA 84 Process Industry 7 CSChE Conference 2006
Where Does it all Start? Management Top down approach: Management support Procedures and policies shall reflect the implementation on all projects Develop a Safety Management Plan 8 CSChE Conference 2006
Primary Objective Inherently Safer Designs A good design process will use a Safety Instrumented System (SIS) as a last resort to lower the likelihood of an occurrence. 9 CSChE Conference 2006
Agenda Introduction Standard Overview Defining Risk and Risk Reduction Determining if an SIS is required Proof Testing Long Term Maintenance Discussion/Questions 10 CSChE Conference 2006
ANALYSIS PHASE Conceptual Design & Overall Scope Definition Process Hazard Assessment SIL Determination & Assessment Safety Requirements Specification Stage 1 SRS Assessment IEC PSM Lifecycle REALIZATION PHASE Operations & Maintenance Planning Overall Planning Safety Validation Planning Installation & Commissioning Planning SIS Design & Development SIS Integration SIS Operations & Maintenance Procedures Stage 2 - SIS Validation Other Safety Related Systems SIS Validation Planning External Risk Reduction: Protection/Mitigation Overall Installation & Commissioning Stage 3 PSSR - Required OPERATIONAL PHASE Decommissioning Overall Maintenance & Repair Stage 4 Regular Periodic Assessment Overall Modification & Retrofit Stage 5 Validate Modification To Appropriate Lifecycle Step 11 CSChE Conference 2006
Application PY 100 PIC 100 From Field PIT 100 Flare Downstream Processing Process Example High Pressure Hazard Undersized Flare Inlet Separator Downstream Processing Downstream Processing 12 CSChE Conference 2006
Process Hazard Assessment PHA (HAZOP) Potential Failure: PIC-100 Result: Overpressure, possible explosion and fire, toxic gas release ease Recommendation: Review vessel design, independent alarms, SIL analysis Inlet Area Node: Inlet Separator Dev. Cause Consequence 1.2 More Pressure 1.2.1 Failure of Inlet Pressure Controller PIC- 100 - Increasing pressure will cause stress on Inlet Sep., causing rupture, explosion and resulting fire. - Risk to personnel. - Risk to Environment (Toxic Gas) Safeguards Pressure Releif Valve on Inlet Sep. Recommendations - Review vessel design. - Investigate possible independent alarms. - Conduct SIL analysis to determine if HIPPS is required. 13 CSChE Conference 2006
What is SIL? SIL Safety Integrity Level IEC 61511 Defines SIL as follows: Discrete level (one out of four) for specifying the safety integrity requirements of the safety instrumented functions to be allocated to the SIS. Safety integrity level 4 has the highest level of safety integrity; safety integrity level 1 has the lowest. 14 CSChE Conference 2006
What Does That Mean? Determine risk and measure it against your risk tolerance. Risk: the measure of the consequence and frequency of an unwanted incident. The gap is the intolerable risk. Apply Layers of Protection to reduce the exposure to risk. Remaining gap requires an SIS. 15 CSChE Conference 2006
Risk Consequence RISK The measure of the consequence and frequency of an unwanted incident = RISK Frequency 16 CSChE Conference 2006
Reducing The Gap Process Risk Safety System Mitigation Layers Protection Layers Tolerable Risk Tolerable Risk Protective Layers Design Relief Valves Procedures Mitigation Fire and Gas Systems Evacuation Procedures Safety Instrumented Systems 17 CSChE Conference 2006
BPCS Layers Of Protection MECHANICAL MITIGATION SYSTEMS SAFETY INSTRUMENTED MITIGATION SYSTEMS MECHANICAL PROTECTION SYSTEMS PROCESS ALARMS WITH EXECUTIVE ACTION PROCESS ALARMS PROCESS SAFETY INSTRUMENTED PROTECTION SYSTEMS COMMUNITY EMERGENCY RESPONSE OPERATOR SUPERVISION OPERATOR SUPERVISION OPERATING PROCEDURES OPERATOR INTERVENTION FIRE AND GAS SYSTEMS 18 CSChE Conference 2006 PLANT EMERGENCY RESPONSE
Application 1oo2 Valves (Each with 1002 SOV) XY 101A XY 101B SIF-101 SIL 3 PY 100 PIC 100 1oo2 PITs From Field PIT 100 PIT 101A PIT 101B Flare Downstream Processing Process Example High Integrity Pressure Protection System (HIPPS) Inlet Separator Downstream Processing Downstream Processing 19 CSChE Conference 2006
Agenda Introduction Standard Overview Defining Risk and Risk Reduction Determining if an SIS is required Proof Testing Long Term Maintenance Discussion/Questions 20 CSChE Conference 2006
Proof Testing Testing and maintaining an SIS is critical to meeting risk reduction targets throughout the entire lifecycle. Impact of Testing on SIL Probability of Failure on Demand (PFD) increases over time without functional proof testing and can result in a declining SIL rating of your SIF thus leaving the process at risk. 21 CSChE Conference 2006
Impact of Testing on SIL SIL 2 Device 80% Test coverage Yearly Test Interval 10 Year Mission Time P F D 0.04 (RRF=25) 0.035 (RRF=28) 0.03 (RRF=33) 0.025 (RRF=40) 0.02 (RRF=50) 0.015 (RRF=67) LEGEND PFD without Proof Testing PFDavg without Proof Testing PFD with Yearly Test Interval PFDavg with yearly Test Interval SIL 1 PFD (No Testing) PFDavg (No Testing) PFDavg = 0.02 RRF = 50 0.01 (RRF=100) 0.005 (RRF=200) SIL 2 PFD (w/testing) PFDavg (w/testing) PFDavg = 0.007 RRF = 143 2 4 6 8 10 YEARS 22 CSChE Conference 2006
Maintenance Breakdown vs. Preventative Follow manufacturer s s recommendations Procedures and intervals should be included in the Safety Requirements Specification (SRS) Replace/refurbish to as new condition before wear-out Audit to measure if goals are being met Regular PHA (HAZOP, FMEA, etc.) 23 CSChE Conference 2006
Thank you! Questions Contact Information: Sam Kozma, C.E.T., CFSE Phone: (403) 333-8118 Fax: (403 637-2870 Email: sam.kozma@spectraldesign.ca sign.ca Website: www.spectraldesign.ca CSChE Conference 2006