Header Ads Widget

Google Ads Code here

The purpose of an SIS is to reduce the risk


 


The purpose of an SIS is to reduce the risk that a process may become
hazardous to a tolerable level. The SIS does this by decreasing the
frequency of unwanted accidents:
ƒ SIS senses hazardous conditions and takes action to move the
process to a safe state, preventing an accident from occurring.
ƒ The amount of risk reduction that an SIS can provide is represented
by its SIL, which is a measure of the risk reduction factor provided
by a safety function. IEC 61508 defines four levels, SIL 1-4, and the
corresponding requirements for the risk reduction factor (RFF) and
probability of failure on demand (PFD):
SIL PFD RRF
1 0.1 – 0.01 10 – 100
2 0.01 – 0.001 100 – 1000
3 0.001 – 0.0001 1000 – 10.000
4 0.0001 – 0.00001 10.000 – 100.000
The SIL for a component is given by its PFD, safe failure fraction and design
to avoid influence of systematic errors.
8.1.2 Emergency shutdown and process shutdown
The emergency shutdown (ESD) and process shutdown (PSD) systems will
take action when the process goes into a malfunction or dangerous state.
For this purpose, the system maintains four sets of limits for a process value,
LowLow (LL), Low (L), 


High (H) and HighHigh (HH). L and H are process
warning limits which alert to process disturbances. LL and HH are alarm
conditions and detect that the process is operating out of range and there is
a chance of undesirable events and malfunction.
Separate transmitters are provided for safety systems. One example is the
LTLL (level transmitter LowLow) or LSLL (level switch LowLow) alarm for the
106
oil level. When this condition
is triggered, there is a risk of
blow-by, which means gas
leaks out of the oil output and
causes high pressure in the
next separation stage or
other following process
equipment, such as a
desalter. Transmitters are
preferred over switches
because of better diagnostic
capabilities.
Emergency shutdown actions
are defined in a cause-andeffect chart based on a
HAZOP of the process. This
study identifies possible
malfunctions and how they should be handled. On the left of the chart, we
have possible emergency scenarios. On top, we find possible shutdown
actions. At an oil and gas facility, the primary response is to isolate and
depressurize. In this case, the typical action would be to close the inlet and
outlet sectioning valves (EV 0153 20, EV 0108 20 and EV 0102 20 in the
diagram), and open the blowdown valve (EV 0114 20). This will isolate the
malfunctioning unit and reduce pressure by flaring of the gas.
Events are classified on a
scale, e.g., 0 to 5, where a
full abandon platform/facility
shutdown (APS – ESD 0)
as the highest level means
a complete shutdown and
evacuation of the facility.
The next levels (ESD1,
ESD2), define emergency
complete shutdown. The
lower levels (e.g., PSD 3,
PSD 4 and PSD 5)
represent single equipment
or process section
shutdowns. A split between
APS/ESD and PSD is done
in large installations
because most signals are
107
PSD and can be handled with less strict requirements.
These actions are handled by the emergency shut down system (ESD) and
process shut down system (PSD) according to functional safety
requirements and standards. Thus, a typical ESD function might require a
SIL 3 or even SIL 4 level, while PSD loops could be SIL 2 or SIL 3.
Smaller ESD systems, e.g., on wellhead platforms, can be hydraulic or
hardwired (non-programmable).
8.1.3 Fire and gas system
The fire and gas system is not generally
related to any particular process.
Instead, it divides into fire areas by
geographical location. Each fire area
should be designed to be self-contained,
in that it should detect fire and gas by
several types of sensors, and control fire
protection and firefighting devices to
contain and fight fire within the fire area.
In the event of fire, the area will be
partially shut off through closure of
ventilation fire dampers. A fire area
protection data sheet typically shows what detection exists for each fire area,
and which fire protection action should be taken in case of an incident.
The type and number of the detection, protection and fighting devices
depends on the type of equipment and size of the fire area and will vary for
different process areas, e.g., electrical rooms and accommodation rooms.
Fire detection:
• Gas detection: Combustible and toxic gas, electro-catalytic or
optical (IR) detector
• Flame detection: Ultraviolet (UV) or infra red (IR) optical detectors
• Fire detection: Heat and ionic smoke detectors
• Manual pushbuttons
Firefighting, protection: 


• Gas-based firefighting, such as CO2
• Foam-based firefighting
• Water-based firefighting: sprinklers, mist (water spray) and deluge
• Protection: Interface to emergency shutdown and HVAC fire dampers.
108
• Warning and escape: PA systems, beacons/lights, fire door and
damper release
A separate package related to fire and gas is the diesel- or electrically-driven
fire water pumps for the sprinkler and deluge ring systems.
For fire detection, coincidence and logic are often used to identify false
alarms. In such schemes, several detectors in the same area are required to
detect a fire condition or gas leakage for automatic reaction. This will include
different detection principles, e


.g., a fire, but not welding or lightning strike.
Action is controlled by a fire and
gas system (F&G). Like the ESD
system, F&G action is specified
in a cause and action chart
called the Fire Area Protection
Datasheet. This chart shows all
detectors and fire protection
systems in a fire area and how
the system will operate.
The F&G system often provides
supervisory functions, either in
the F&G or the information
management system (IMS) to
handle such tasks as
maintenance, calibration or
replacement and hot work
permits, e.g., welding. Such
actions may require that one or
more fire and gas detectors or
systems are overridden or
bypassed. Specific work
procedures should be enforced,
such as a placing fire guards on duty, to make sure all devices are reenabled when the work permit expires or work is complete.
8.1.4 Control and safety configuration
Piping and instrumentation diagrams (P&ID) show the process. Additional
information is needed for the specification of the process control and safety
systems design and their control logic. These include: Loop diagram,
Instrument datasheet, Cable schedule and Termination list.

Post a Comment

0 Comments