Upload
nguyentruong
View
213
Download
0
Embed Size (px)
Citation preview
8/20/2019 H - Protection & Controls
1/121
Designing in
Engineering Risk Controls?
H - Engineering Controls
HAZARD ELIMINATION is better than
PREVENTION is better than
CONTROL is better than
MITIGATION is better than
EMERGENCY RESPONSE
Inherently Safer Design Philosophy
PASSIVE controls are more reliable thanACTIVE controls are more reliable than
OPERATIONAL or PROCEDURAL controls.
AND
Prevent/Control/Mitigation Systems
• Keep equipment within safe operating limits
– Operational controls
– Alarms
– Trips
• Minimize
escalation by
Containment > Isolation > Survival > Relieving
H
A
Z
A
R
D
C
O
N
S
E
Q
U
E
N
C
E
PREVENTION
BARRIERS
PREVENTION
BARRIERS
CONTROL - MITIGATION
ESCALATION BARRIERS
CONTROL - MITIGATION
ESCALATION BARRIERS
TOP EVENT
8/20/2019 H - Protection & Controls
2/122
• Overpressure protection
• Protective instrumentationto alert/alarm/control
• Devices to maintain SafeOperating Limits
• Ignition preventionmeasures
• Fire/gas detection,alarms
• Emergency shutdown,isolation, and flare
• Fire protection
• Evacuation/survivalequipment
Class 1 Div. 1
Prevent/Control/Mitigation Systems
TO FLARE
Emergency Isolation Valves
1. Provide isolation between different hazards within asystem.
2. Quickly interrupt flow through a system or preventgross movement of hazardous material into anexposed location.
3. Block in specific pieces of hardware that may be
involved in an incident.4. Cause an orderly shutdown of equipment.
EIV’s are typically actuated into the closed position.
Process Control
• Measure all significant variables.
• Control those variables which have
the greatest influence on the process.
Control Hazards
• Determine independent and dependent variables.
• Evaluate relative sensitivities.
• Alarm flood.
• Consider prevalent failure modes in system design,instrumentation, hardware including human error.
Instrumentation & Control
8/20/2019 H - Protection & Controls
3/123
• Incorrect sensing• Contamination of process stream• Inaccurate readings• Wrong response• Delayed response• Wrong sensor location• Defective actuator• Plugged or restricted impulse line• Process upset outside range of specified
control loop.• Control valve failure
AAA
1
Common Control Problems
PSVs: Last overpressure barrier
Process alarms/trips: The first barriers
8/20/2019 H - Protection & Controls
4/124
Plant Area
Gas
OilWater
Well Fluids
ESD Valve
HighPressure
Sensor
MechanicalRelief Valve
to Flare
Shutdown SystemLogic Solver
Control Room
Operator Interface
Separator
Safety Instrumented System
• IEC 61508 (ISA S84.01) requires all criticalinstruments to demonstrate level of integrityrequired in design.
• Analyze the reliability of the safety instrumentedfunction as an overall system
•Each instrument loop must be individually
analyzed to determine how and when failuresmight occur.
• Required reliability may be achieved throughredundancy, increased testing, use of PLCs
Safety Instrumented Systems
SAFETY INTEGRITY
LEVEL *
PROBABILITY OF THE SYSTEM
FAILING ON DEMAND (PFD)
SIL-1 10-1 TO 10-2
SIL-2 10-2 TO 10-3
SIL-3 10-3 TO 10-4
* SIL performance can be improved by th e addition of redundancy,
more frequent testing, use of diagnostic fault detection, diverse
sensors and control element selection.
Safety Integrity Level - SIL
8/20/2019 H - Protection & Controls
5/125
• Gas detection is used to determine the presenceof undesired vapors and gases at some specifiedconcentration.
• Used to support some action or decision.
• Sensor needs to be located where gas is mostlikely to accumulate.
Gas Detection
WHAT WE KNOW
Concentration oftest gas at point ofmeasurement atspecific time.
WHAT WE DON’T KNOW
1. How much gas is present.
2. How far the gas cloudextends.
3. Concentration profile withinthe cloud.
4. What other gases arepresent.
5. How fast the gas is moving.
Gas Detection – interpretation of results
• Conduct a Fire HazardAnalysis to understandresidual risk that warrantsfire protection– Type of fire, size, duration
Fire Protection
•Fireproofing onstructural and processequipment (2-4 hr) and 30minutes on critical E&Isystems.
8/20/2019 H - Protection & Controls
6/126
• Fire water pump, supply, and deliverysystems– Fire hydrants and monitors
– Deluge protection in critical areas such aspump bays.
– Sprinkler systems
– Foam Systems
– Carbon dioxide
systems
Fire Protection
Safety Critical Equipment
• Define what equipment is “Safety Critical”
– What % of all equipment?
• Define what maintenance and testing regime is
required for “Safety Critical Equipment”
– SCE needs to work when you want it to
Safety critical equipment (SCE)• Equipment that has the greatest influence on
the safety of:– People
– Environment
– Integrity of equipment
• Identifies equipment that is most critical tothe management of major accident hazards
• Allows management to optimise maintenanceand inspection of equipment to manage MAR’s
• Recorded in registers that includeperformance standards
8/20/2019 H - Protection & Controls
7/127
Critical equipment assessments
In general, static equipment, e.g. hydrocarbon duty piping,is not considered SCE unless there is a reasonableexpectation that the equipment might fail in service,e.g. due to corrosion
“80-20” Rule Equipment-Risk Distribution
Safety-Related Devices (pressure)
• Maintain Equipment in Design Envelope– Relief valves
– Bursting discs
– Vacuum breakers
– Restriction orifices
– Flame arrestors
– High integrityprotective systems
– Check valves
– Flow-limiting control valves
– Fire resistant insulation
Full Equipment
Inventory
Safety Critical
Equipment List
8/20/2019 H - Protection & Controls
8/128
Evacuation / Survival equipment is SCE
How do you ensure youget what you want?
Safe Plant?
Codes, Standards, ETPs
Design reviews
Eng and Tech Authorities
Approved contractors/vendors
Certification / Handover
BP Capital Value Process
Design and Construction Assurance
How do you ensure you getwhat you want?
8/20/2019 H - Protection & Controls
9/129
Capital Value Process
APPRAISE
DSP
Gate
DSP
GateSELECT
DSP
GateEXECUTE
Capital Value Process
DSP
GateDEFINE OPERATEDSP
Gate
Finalize project
scope, cost and
schedule and
getproject funded
Produce an
operating asset
consistent
with scope,cost and
schedule
Main ProjectCVP Staged deliverables
Front End Loading
Select the
preferred
project
option(s)
Determine
project feasibility
and alignment
with businessstrategy
Evaluate asset
to ensure
performance to
specifications andmaximum return to
the shareholders
YEAR 1 YEAR 2 YEAR 3
CONCEPTUAL
WHAT IF
TECHNOLOGY SAFETY
REVIEWS
TECHNOLOGYSCREENING STUDIES
PFD DEVELOPMENT
PLOT PLANREVIEW
CONSEQUENCEMODELING
INHERENT SAFETY
REVIEWS
FIRE CODES
FIRE PROTECTIONREVIEWS
ENGINEERING QUALITY REVIEWS
H&M BALANCESPRODUCTION
MODELING
WHAT IF ANALYSIS HAZOPS
PRE-STARTUPSAFETY REVIEWS
REVIEW OF PROCESSSAFETY CONCEPTS
REVIEW OF SPEC
DEVIATIONS
SCENARIOPLANNING
LOPA
RE-VISIT FACILITYSITING
Safety Reviews in Projects
What is a PHSSER?
Project Health, Safety, Security and Environment Review
• Seven reviews matching key gates of Projectdevelopment
• Face-to-face discussion withproject/contractor/operations personnel
• Focuses only on HSSE issues not schedule and cost• Team of independent, experienced specialists• Reports findings and recommendations to client and
project
ETP GP 48-01 HSSE Review of Projects
8/20/2019 H - Protection & Controls
10/1210
PHSSER Alignment with CVP
APPRAISE
DSP
Gate
DSP
GateSELECT
DSP
GateEXECUTE
Capital Value Process
DSP
GateDEFINE OPERATEDSP
Gate
Finalize project
scope, cost and
schedule and
getproject funded
Produce an
operating asset
consistent
with scope,cost and
schedule
Main ProjectCVP Staged deliverables
HSSE Review Requirements
Pre-Startup
PHSSER
Front End Loading
Construction
PHSSER
Operate
PHSSER
Detailed
Engineering
PHSSER
Pre-Sanction
PHSSER
Select
PHSSER
Appraise
PHSSER
Select the
preferred
project
option(s)
Determine
project feasibility
and alignment
with businessstrategy
Evaluate asset
to ensure
performance to
specifications andmaximum return to
the shareholders
BP Grangemouth - UK
Case History – CH9
Case History 9-Grangemouth Power
1999 – BP Grangemouth Refinery, UK
• New 33kV Sub Station in main power feed
• Sub Station commissioning in stages
• Full power tripped new Sub Station
• Site not able to recover and almost the entire siteexperienced an electrical shutdown.
8/20/2019 H - Protection & Controls
11/1211
The Incident
What Happened
• Two wires in the protection circuit were interchanged.
• Full Over-current protection testing not completed.
• Protection coped when first half board commissioned
• Protection tripped after second half board was switched
in took full power.
• Site not able to recover and almost the entire site
experienced an electrical shutdown.
Major Lessons Learned
• Be sure you have tested allfunctionality beforecommissioning
• Reviews may not catcheverything.
P r e - s t a r t u p S a f e t y R e v i e w s P r o c e s s S a f e t y A u d i t
8/20/2019 H - Protection & Controls
12/12
Al l Tr ip Checks have been tested???
Grangemouth July 1999Incomplete 33kV Breaker TestsComplex Shutdown