Transcript ESD - Gadjah Mada University

There a lot of disasters due to failures.
Some of them are as follows
September 21, 1921: Oppau explosion in Germany.
 4,500 tones of a mixture of ammonium sulfate and
ammonium nitrate fertilizer exploded
 killing 500–600 people and injuring about 2,000 more.
1932-1968: The Minamata disaster.
 Caused by the dumping of mercury compounds in
Minamata. The Chisso Corporation, was found
responsible for polluting the bay for 37 years.
 It is estimated that over 3,000 people suffered various
deformities.
April 16, 1947: Texas City Disaster.
 At 9:15 AM an explosion occurred aboard a docked ship
named the Grandcamp.
 The worst industrial disaster in America.
 578 people lost their lives and another 3,500 were
injured.
 The blast shattered windows from as far away as 25 mi
(40 km).
March 28, 1979: Three Mile Island accident.
Partial nuclear meltdown. Mechanical failures in the
non-nuclear secondary system, followed by a stuckopen pilot-operated relief valve (PORV) in the primary
system, allowed large amounts of reactor coolant to
escape.
Plant operators initially failed to recognize the loss of
coolant, resulting in a partial meltdown. The reactor
was brought under control but not before up to 481
PBq (13 million curies) of radioactive gases were
released into the atmosphere.
December 3, 1984: The Bhopal disaster India
 the largest industrial disaster on record.
 A faulty tank containing poisonous methyl isocyanate
leaked at a Union Carbide plant.
 About 20,000 people died and about 570,000 suffered
bodily damage.
 The disaster caused the region's human and animal
populations severe health problems to the present.
April 26, 1986: Chernobyl Nuclear Power Plant disaster,
 Ukraine, a test on reactor number four goes out of





control, resulting in a nuclear meltdown.
Killed up to 50 people
Estimates up to 4,000 additional cancer deaths
Approximately 600,000 most highly exposed people.
The Chernobyl Exclusion Zone, covering portions of
Belarus and Ukraine surrounding Prypiat, remains
poisoned and mostly uninhabited.
Prypiat itself was totally evacuated and remains as a
ghost town.
July 6, 1988: Piper Alpha disaster.
 An explosion and resulting fire on a North Sea oil
production platform kills 167 men.
 Total insured loss is about US$ 3.4 billion.
 To date it is rated as the world's worst offshore oil
disaster in terms both of lives lost and impact to
industry.
March 24, 1989: Exxon Valdez oil spill.
 The Exxon Valdez, an oil tanker hits Prince William
Sound's Bligh Reef dumping an estimated 250,000
barrels of crude oil into the sea.
 It is considered to be one of the most devastating
human-caused environmental disasters ever to occur in
history.
 Overall reductions in population have been seen in
various ocean animals.
 The effects of the spill continue to be felt 20 years later.
March 23, 2005: Texas City Refinery explosion.
 An explosion occurred at a British Petroleum refinery




in Texas City, Texas, the third largest refinery in the US
Processing 433,000 barrels of crude oil per day and
accounting for 3% of that nation's gasoline supply.
Over 100 were injured, and 15 were confirmed dead.
Several level indicators failed, leading to overfilling of
a knock out drum, and light hydrocarbons
concentrated at ground level throughout the area.
A nearby running diesel truck set off the explosion.
May, 29 2006, Mud Blow Out at Sidoardjo.
 Most of expert gathering at AAPG 2008 International
Conference & Exhibition in Center, South Afrika, 26-29
Oct 2008 said that the cause was drilling by PT Lapindo
Brantas
 More than 10000 home sank in the mud
 Mud blow out still active until now.
October 4, 2010: Alumina plant accident.
 Ajka, Kolontár, Devecser and several other
settlements, Hungary.
 The dam of Magyar Aluminium Zrt.'s red mud
reservoir broke and the escaping highly toxic and
alkaline (~pH 13) sludge flooded several settlements.
 There were nine victims including a little girl and
hundreds of injuries (mostly chemical burns).
ILO CONVENTION
 The General Conference of the International Labour
Organization, having been convened at Geneva by the
Governing Body of the International Labour Office,
and having met in its 80th Session on 2 June 1993
 Adopts the Convention, which may be cited as the
Prevention of Major Industrial Accidents Convention,
1993.
SOME ARTICLE OF THE
CONVENTION
 The purpose of this Convention is the prevention of
major accidents involving hazardous substances and
the limitation of the consequences of such accidents.
 each Member shall formulate, implement and
periodically review a coherent national policy
concerning the protection of workers, the public and
the environment against the risk of major accidents.
 This policy shall be implemented through preventive
and protective measures for major hazard installations
and, where practicable, shall promote the use of the
best available safety technologies.
ILO CONVENTION
 The competent authority, establish a system for the
identification of major hazard installations, based on a
list of hazardous substances or of categories of
hazardous substances or of both, in accordance with
national laws and regulations or international
standards.
 And many more articles to be adhere by the member.
 Safety and reliability have become essential
parameters of automatic control system.
 Benefit of safe and reliable system include:
o Less cost production
o Higher product quality
o Reduced maintenance cost
o Lower risk cost
 How are the achieved?
o High strength design
o Fault tolerance design
o On line failure diagnostic
o Automatic control system
 Safety and reliability are measured using a number of
well defined parameters including:
o Reliability
o Availability
o MTTF (Mean Time to Failure)
o MTTR(Mean Time to Repair)
o MTBF(Mean Time between Failure)
o RRF (Risk Reduction Factor)
o PFD (Probability of Failure on Demand)
 This terms has been developed over 50 years by safety
engineering community
Basic Fundamentals of Safety
Instrumented Systems SIS
 The operation of many industrial processes involve
inherent risks due to the presence of dangerous
material like gases and chemicals.
 Safety Instrumented Systems SIS are specifically
designed to protect personnel, equipment and the
environment by reducing the likelihood (frequency) or
the impact severity of an identified emergency event.
PROTECTION LAYERS
 There are 6 protection layers should be used to confine
accident as minimum as possible
 The first layer is Process Control layer consisting of Basic
Process Control System (BPCS), and Safety Instrumented
System (SIS) this layer controls the plant automatically
 The second layer is alarm system announcing that BPCS
fails to control and operator should take action to override
the control.
 The third layer is Emergency shutdown systems
The 2nd and 3rd is the Safety Instrumented System
PROTECTION LAYERS
 The fourth layer is an active protection layer.
 This layer may have valves or rupture disks designed
to provide a relief point that prevents a rupture, large
spill or other uncontrolled release that can cause an
explosion or fire.
PROTECTION LAYERS
 The fifth layer is a passive protection layer. It may
consist of a dike or other passive barrier that serves to
contain a fire or channel the energy of an explosion in
a direction that minimizes the spread of damage.
 The final layer is plant and emergency response. If a
large safety event occurs this layer responds in a way
that minimizes ongoing damage, injury or loss of life.
It may include evacuation plans, fire fighting, etc.
Basics of Safety and Layers of Protection
BPCS AND SIS
4-20 mA
PIC
I/P
4-20 mA
BPCS
PT
SIS
3-15psi
Set point
process
S
S
PSHH
TSHH
ALARM
EMERGENCY SHUTDOWN AND
LOGIC SYSTEM
 Emergency shutdown system is hardware & software
system designed to shutdown a plant safely either
automatically or manually, in case of emergency.
 Emergency Shutdown System (ESD) is designed to
minimize the consequences of emergency situations,
such as:
 uncontrolled flooding,
 escape of hazardous materials
 outbreak of fire
 Process out of control
Function of ESD
 Risk analyses has concluded that the Emergency
Shutdown system is in need of a high Safety Integrity
Level, typically SIL 2 or 3.
 Basically the system consist of field-mounted sensors,
valves and trip relays, system logic for processing of
incoming signals, alarm and HMI units.
 The system is able to process input signals and
activating outputs in accordance with the Cause &
Effect charts defined for the installation.
Basics of Safety Instrumented
Systems SIS
 Typically, Safety Instrumented Systems consist of three
elements:
 a Sensor,
 a Logic Solver and
 a Final Control Element
Sensors
 Field sensors are used to collect information necessary to
determine if an emergency situation exists.
 The purpose of these sensors is to measure process
parameters (e.g. temperature, pressure, flow, etc.) used to
determine if the equipment or process is in a safe state.
 Sensor types range from simple pneumatic or electrical
switches to Smart transmitters with on-board diagnostics.
These sensors are dedicated to the Safety Instrumented
System SIS.
Logic Solver
 The purpose of this component of Safety
Instrumented Systems SIS is to determine what action
is to be taken based on the information gathered.
 Highly reliable logic solvers are used which provide
both fail-safe and fault-tolerant operation.
 It is typically a controller that reads signals from the
sensors and executes pre-programmed actions to
prevent a hazard by providing output to final control
elements.
Final Control Element
 It implements the action determined by the logic
system. This final control element is typically a
pneumatically actuated On-Off valve operated by
solenoid valves.
 It is imperative that all three elements of the SIS
system function as designed in order to safely isolate
the process plant in the event of an emergency.
Probability of Failure upon
Demand PFD
 By understanding how components of an Safety
Instrumented System SIS can fail, it is possible to
calculate a Probability of Failure on Demand PFD.
 There are two basic ways for SIS to fail.
 a spurious trip
 covert or hidden failures
a spurious trip
 Spurious trip which usually results in an unplanned
but safe process shutdown.
 While there is no danger associated with this type of
SIS failure, the operational costs can be very high.
Covert or Hidden failures
 This failure does not cause a process shutdown or
nuisance trip.
 The failure remains undetected, permitting continued
process operation in an unsafe or dangerous manner.
 If an emergency demand occurred, the SIS would be
unable to respond properly.
 These failures are contribute to the probability PFD of
the system failing in a dangerous manner on demand.
PFD CALCULATION
 The PFD for the Safety Instrumented System SIS is a
function of PFD's for each element of the system.
 In order to determine the PFD of each element, the
analyst needs documented historic failure rate data for
each element.
 This failure rate (dangerous) is used in conjunction
with the Test Interval term to calculate the PFD.
STANDARD FOR SAFETY
 ISA 84.01 Standard
 IEC 61508 Standard
 IEC 61511 Standard
PURPOSE OF THE STANDARD
 to help individual industries develop supplemental
standards, tailored specifically to those industries
based on the original standard.
 to enable the development of of E/E/PE safety-related
systems where specific application sector standards do
not already exist.
 The bottom line is to help industries reach higher
Safety Integrity level and reduce risk.
SAFETY INTEGRITY LEVEL
SIL
PFD
4
<0.0001 >10,000
3
2
1
RRF
TYPICAL APPLICATION
TRANSPORTATION,
NUCLEAR
0.001- 1000UTILITY BOILLER, OIL
0.0001 10,000
RIFENARY
0.01100-1000 INDUSTRIAL BOILER,
0.001
CHEMICAL PROCESS
0.1-0.01 10-100
Small industries having
small risk
Safety life-cycle (SLC)
 SLC is an engineering process designed to optimize
the design of the SIS and to increase safety.
 The concept of a safety life-cycle has been
incorporated into many national and international
standards, such as
 ANSI/ISA-84.00.01- 2004),
 IEC 61508 and
 IEC 61511.
 All of these standards have gained wide acceptance
and are forming the basis for compliance with local,
national and international laws and regulations.
SLC
IEC 61508 Safety Life-Cycle
IEC 61511 Safety Life-Cycle
THE THREE PHASES OF A
COMPLETE SAFETY LIFE-CYCLE
 Analysis phase
 Realization phase
 Operation Phase
Analysis phase
 Identify and estimate potential hazards and




risks.
Evaluate if tolerable risk is within industry,
corporate or regulatory standards.
Check available layers of protection.
If tolerable risk is still out of the limit, then allow
use of a safety instrumented system (SIS) with an
assigned safety integrity level (SIL).
Document the above into the safety requirement
specifications (SRS).
Realization phase
 Develop a conceptual design for technology,
architecture, periodic test interval, reliability,
safety evaluation.
 Develop a detailed design for installation
planning, commissioning, start up acceptance
testing, and design verification.
Operation Phase
 Installation, Commissioning and Validation
 Start-up review, operation and maintenance
planning
 SIS start up, operation and maintenance, periodic
functional test
 Modification
 Decommissioning
Benefits of the SLC
 provide an optimal SIS design
 Safer and more cost-effective designs
 risk will be reduced
 Proper selection of technology and correct
specification of equipment