Lecture 1 – Putting Safety Into Perspective
Download
Report
Transcript Lecture 1 – Putting Safety Into Perspective
1.6 Layers of Protection in
Process Plant
Dr. AA
Layers of Protection for High Reliability
Strength in Reserve
EMERGENCY RESPONSE
CONTAINMENT
RELIEF
SIS
ALARMS
BPCS
A
U
T
O
M
A
T
I
O
N
• BPCS - Basic process
control
• Alarms - draw attention
• SIS - Safety interlock
system to stop/start
equipment
• Relief - Prevent excessive
pressure
• Containment - Prevent
materials from reaching,
workers, community or
environment
• Emergency Response evacuation, fire fighting,
health care, etc.
2
Key Concept in process Safety: REDUNDANCY
SAFETY STRENGTH IN DEPTH !
Seriousness
of event
Divert material safely
RELIEF SYSTEM
SAFETY INTERLOCK
SYSTEM
ALARM SYSTEM
Stop the operation of part of process
Bring unusual situation to attention
of a person in the plant
Four
independent
protection
layers (IPL)
In automation
BASIC PROCESS
CONTROL SYSTEM
Closed-loop control to maintain process
within acceptable operating region
PROCESS
3
Objectives of Process Control
1. Safety
2. Environmental Protection
We are emphasizing
these topics
3. Equipment Protection
4. Smooth Operation &
Production Rate
5. Product Quality
6. Profit
7. Monitoring & Diagnosis
4
Basic Process Control System (BPCS)
•
First line of defense
•
Process control maintains variables at set points, which are
fixed at some desired values
•
Technology - Multiple PIDs, cascade, feedforward, etc.
•
Guidelines
•
Always control unstable variables (Examples in flash?)
•
Always control “quick” safety related variables
Stable variables that tend to change quickly (Examples?)
•
Monitor variables that change very slowly
Corrosion, erosion, build up of materials
•
Provide safe response to critical instrumentation failures
- But, we use instrumentation in the BPCS?
5
Where could we use BPCS in the flash process?
F1
6
The pressure will
change quickly and
affect safety; it must
be controlled.
The level is
unstable; it must
be controlled.
F1
7
2. Alarm System
•
Alarm has an anunciator and visual indication
- No action is automated!
- require analysis by a person - A plant operator
must decide.
•
Digital computer stores a record of recent alarms
•
Alarms should catch sensor failures
- But, sensors are used to measure variables for
alarm checking?
8
2. Alarm System
•
Common error is to design too many alarms
- Easy to include; simple (perhaps, incorrect) fix to prevent
repeat of safety incident
- One plant had 17 alarms/h - operator acted on only 8%
•
Establish and observe clear priority ranking
- HIGH
= Hazard to people or equip., action required
- MEDIUM
= Loss of RM, close monitoring required
- LOW
= investigate when time available
9
Where could we use alarm in the Flash
Process ?
F1
10
The pressure affects
safety, add a high
alarm
PAH
A low level could
damage the pump;
a high level could
allow liquid in the
vapor line.
F1
LAH
LAL
Too much light key
could result in a large
economic loss
AAH
11
3. Safety Interlock System
•
Automatic action usually stops part of plant
operation to achieve safe conditions
- Can divert flow to containment or disposal
- Can stop potentially hazardous process, e.g.,
combustion
•
Capacity of the alternative process must be for
“worst case”
•
SIS prevents “unusual” situations
- We must be able to start up and shut down
- Very fast “blips” might not be significant
12
3. Safety Interlock System
•
Also called emergency shutdown system (ESS)
•
SIS should respond properly to instrumentation
failures
- But, instrumentation is required for SIS?
•
Extreme corrective action is required and
automated
- More aggressive than process control (BPCS)
•
Alarm to operator when an SIS takes action
13
3. Safety Interlock System
•
The automation strategy is usually simple, for example,
If L123 < L123min; then, reduce fuel to zero
steam
PC
How do we
automate this SIS
when PC is adjusting
the valve?
LC
water
fuel
14
If L123 < L123min; then, reduce fuel to zero
LS = level switch, note that separate sensor is used
s
fc = fail closed
= solenoid valve (open/closed)
steam
15 psig
PC
LC
LS
s
s
water
fuel
fc
fc
Extra valve with tight shutoff
15
3. Interlock System
•
The automation strategy may involve several variables, any one of
which could activate the SIS
If L123 < L123min; or
If T105 > T105max
…….
then, reduce fuel to zero
L123
T105
…..
SIS
100
Shown as “box”
in drawing with
details elsewhere
s
16
3. Safety Interlock System
•
The SIS saves us from hazards, but can shutdown the plant
for false reasons, e.g., instrument failure.
False
shutdown
T100
1 out of 1
must indicate
failure
s
Better
performance,
more expensive
T100
T101
T102
Same variable,
multiple sensors!
2 out of 3
must indicate
failure
Failure on
demand
5 x 10-3
5 x 10-3
2.5 x 10-6
2.5 x 10-6
s
17
3. Safety Interlock System
•
We desire independent protection layers, without commoncause failures - Separate systems
SIS and Alarms associated
with SIS
BPCS and Alarms
Digital control system
i/o
………….
sensors
i/o
SIS system
i/o
………….
i/o
sensors
18
KEY CONCEPT IN PROCESS SAFETY REDUNDANCY!
What do we do if a major incident occurs that causes
• loss of power or communication
• a computer failure (hardware or software)
SAFETY STRENGTH IN DEPTH !
Divert material safely
RELIEF SYSTEM
SAFETY INTERLOCK
SYSTEM
Stop the operation of part of process
ALARM SYSTEM
Bring unusual situation to attention
of a person in the plant
BASIC PROCESS
CONTROL SYSTEM
Closed-loop control to maintain process
within acceptable operating region
These layers require
electrical power, computing,
communication, etc.
Could these all fail due to a
common fault?
PROCESS
19
4. Safety Relief System
•
Entirely self-contained, no external power required
•
The action is automatic - does not require a person
•
Usually, goal is to achieve reasonable pressure
- Prevent high (over-) pressure
- Prevent low (under-) pressure
•
The capacity should be for the “worst case”
scenario
20
RELIEF SYSTEMS IN PROCESS PLANTS
•
Increase in pressure can lead to rupture of vessel or pipe
and release of toxic or flammable material
•
•
- Also, we must protect against unexpected vacuum!
•
Naturally, best to prevent the pressure increase
•
•
•
- large disturbances, equipment failure, human error, power
failure, ...
Relief systems provide an exit path for fluid
Benefits: safety, environmental protection, equipment
protection, reduced insurance, compliance with governmental
code
21
Location of Relief System
Identify potential for damage due to high (or low) pressure
(HAZOP Study)
In general, closed volume with ANY potential for pressure
increase
- may have exit path that should not be closed but could be
- hand valve, control valve (even fail open), blockage of line
Remember, this is the last resort, when all other safety
systems have not been adequate and a fast response is
required!
22
Standard Relief Method: Valves
BASIC PRINCIPLE: No external power required self actuating - pressure of process provides needed force!
VALVES - close when pressure returns to acceptable value
- Relief Valve - liquid systems
- Safety Valve - gas and vapor systems including steam
- Safety Relief Valve - liquid and/or vapor systems
Pressure of protected
system can exceed
the set pressure.
23
Standard Relief Method: Rupture Disk
BASIC PRINCIPLE: No external power required self acting
RUPTURE DISKS OR BURST DIAPHRAGMS must be replaced after opening
.
24
Relief Valves
Two types of designs determine influence of pressure immediately
after the valve
- Conventional Valve -pressure after the valve affects the valve lift
and opening
- Balanced Valve - pressure after the valve does not affect the valve
lift and opening
Conventional
Balanced
25
Some Information about Relief Valves
ADVANTAGES
- simple, low cost and many commercial designs
available
- regain normal process operation rapidly because
the valve closes when pressure decreases below set
value
DISADVANTAGES
- can leak after once being open (O-ring reduces)
- not for very high pressures (20,000 psi)
- if oversized, can lead to damage and failure (do not
be too conservative; the very large valve is not the
safest!)
26
Rupture Disk/Burst Diaphragm
ADVANTAGES
- no leakage until the burst
- rapid release of potentially large volumes
- high pressure applications
- corrosion leads to failure, which is safe
- materials can be slurries, viscous, and
sticky
DISADVANTAGES
- must shutdown the process to replace
- greater loss of material through relief
- poorer accuracy of relief pressure the
valve
27
Symbols used in P&I D
•
Spring-loaded safety relief valve
To effluent handling
Process
•
Rupture disc
Process
To effluent handling
28
Add Relief to the Following System
F1
29
Add Relief to the Following System
The drum can be isolated
with the control valves;
pressure relief is required.
We would like to recover
without shutdown; we
select a relief valve.
F1
30
Add Relief to the Following System
Positive
displacement
pump
31
Add Relief to the Following System
Positive
displacement
pump
The positive displacement pump
will be damaged if the flow is
stopped; we need to provide
relief.
We would like to recover without
shutdown; we select a relief
valve.
32
Add Relief to the Following System
Why are all
those valves
in the process?
33
Add Relief to the Following System
The extra “hand”`valves
enable us to isolate and
remove the heat
exchanger without
stopping the process.
The shell side of the heat
exchanger can be isolated;
we need to provide relief.
We would like to recover
without shutdown; we
select a relief valve.
34
In some cases, relief and diaphragm are used
in series – WHY?
• What is the advantage
of two in series?
• Why not have two relief
valves (diaphragms) in
series?
Why is the pressure
indicator provided?
Is it local or remotely
displayed? Why?
35
In some cases, relief and diaphragm
are used in series – WHY?
Why is the pressure
indicator provided?
If the pressure increases,
the disk has a leak and
should be replaced.
Is it local or remotely
displayed? Why?
• What is the advantage
of two in series?
The disc protects the
valve from corrosive or
sticky material. The
valve closes when the
pressure returns below
the set value.
The display is local to
reduce cost, because we
do not have to respond
immediately to a failed
disk - the situation is not
hazardous.
36
Vents required to control or direct
vapour/dust explosion effect
Structure
vent closed
Structure
explosion
37
Materials from relief must be
process or dispose safely
To environment
Vent steam, air
Holding for later processing
Waste water treating
From
relief
Recycle to process
oil, solvent
Fuel gas, fuel
Recover part to process
Immediate neutralization
Flare, toxic materials
38
5. Containment
• Use to moderate the impact of spill or an
escape
• Example
– Bund containment for storage tanks
– Location of relief valves and vents
– diversion to temporary storage /drain system
(following breakage of rupture disk)
– Safety management in containment areas.
– Containment building (if applicable)
6. Emergency Response
Management
• Also used to moderate impact on incidents
• All plants should ERP (emergency response
plan)
– Assembly, head-counts, evacuation etc…
Summary
EMERGENCY RESPONSE
CONTAINMENT
RELIEF
SIS
ALARMS
BPCS
1. Inherent design starts at project
conceptualization
2. Three main strategy
• Substitution
• Intensification
• Attenuation
3. Six Layers of Protection