24/2/2014
1
© RRC Training
NEBOSH International
Technical Certificate in Oil and Gas
Operational Safety
© RRC Training
• Failure Modes
• Other Type of Failures
• Safety Critical Equipment Controls
• Safe Storage of Hydrocarbons
• Fire Hazards, Risks and Controls
• Furnace and Boiler Operations
Element 3Hydrocarbon Process Safety 2
© RRC Training
Failure Modes
© RRC Training
Failure ModesCreep
24/2/2014
2
© RRC Training
Failure Modes
Or, more generally
Measured in Units of Pa
Dimensionless quantity
© RRC Training
Stress-Strain Curves for Tensile Loading of a wire
Strain
Stressa (elastic limit)
aa/b
c d
c (ultimate tensile strength)
dd (breaking point)
b (Yield point)
Stiff brittle material
Ductile material
Elastic material0
© RRC Training
In the ELASTIC region, Hooke’s law:
Failure Modes
© RRC Training
Stress can arise from, for example:
• Periodic fluctuations in operating pressure• Temperature cycling• Vibration• Water hammer• Periodic fluctuations of external loads
Leading to various types of failure.
Failure Modes
24/2/2014
3
© RRC Training
Needs: • a susceptible material• a corrosive environment (specific to the material)• enough tensile stress to induce the condition
Failure Modes
Stress Corrosion Cracking
Material Cracks on simultaneous exposure to stress and:
Aluminium alloys chloride
Mild steel nitrates
Copper and its alloys ammonia
Also - Corrosion Fatigue (from cyclic stresses)
© RRC Training
Thermal Shock
• Rapid and extreme temperature changes.
• Thermal differences – uneven expansion.
• Stress generated overcomes material strength –cracking and failure
• e.g. failure of weld
Failure Modes
© RRC Training
Brittle Fracture
• Very sudden – no warning.
• Due to structure of the material or timescale of loading –material does not slip
• Cracks quickly spread through the material (may be audible)
Failure Modes
Some factors that promote brittle fracture:
• Low temperature• Impact or “snatch” loading• Residual tensile stresses• Inherent material brittleness
© RRC Training
• No signs of deformation
• Fracture surface:
― ‘bright’― sometimes with ‘chevrons’ ― sometimes with lines and ridges
Failure Modes
Brittle Fracture - Characteristics
24/2/2014
4
© RRC Training
“Safe Operating Envelope”
the limits/boundaries of what is considered safe operation –specified at design stage
Failure Modes
Knowledge of Failure Modes is used to establish safe operating envelope in Initial Design, Process and Safe Operation:
- Maximum safe design loads for vessels, pipework, etc.- Calculate required material thickness- Material selection- Component shape (stress concentration)- Etc.
© RRC Training
Failure of Annular Rim of storage tank
• Corrosion from within
― Due to sea water content (leads to pitting)― Due to high sulphur content (bacterial corrosion)
• Tank settlement into/onto a foundation
― joints and protective finishes affected by the movement (corrosion).
Failure Modes
© RRC Training
Weld Failures – the need for regular inspection and NDT
Other Types of Failures
Visual Inspections
― Naked eye
― A magnifying glass
― A microscope
• Need good light source
• Protective coatings and finishes removed
© RRC Training
Other Non-Destructive Testing
Dye Penetrant
• Uses a three-part spray-can system to clean the area and highlight defects.
• Works on many non-porous materials but only detects surface flaws.
• Often used before and with other methods.
Other Types of Failures
24/2/2014
5
© RRC Training
Magnetic Particle
• Magnetises the component
• Applies magnetic particles or ink
• Defects show as magnetic field is distorted
• Defect tends to cause a concentration of the magnetic field which attracts more particles than surrounding materials
Other Types of Failures
© RRC Training
Other Types of Failures
Eddy Current
• Uses principle of electromagnetic induction.
• When high frequency AC current passed through conductor (e.g. copper coil), fluctuating magnetic field develops.
• If brought close to another electrical conductor, induces current in it.
• Defects, e.g. cracks cause variation in eddy current.
• Having second coil enables detection of changes in induced eddies (used to determine depth of crack, etc.)
© RRC Training
Ultrasonic
Other Types of Failures
Uses generator transmitting pulses of high-frequency sound (ultrasound).
Transmitted in a probe head – in contact with material surface (some contact liquid used).
Detects sound reflected from within the material - output displayed on oscilloscope.
With calibration – can indicate location and depth of defect within the material (not just surface), so access to only one side of material needed.
© RRC Training
Radiography (X-ray or Gamma)
Other Types of Failures
Rays transmitted through material onto strip of photographic film.
Image produced on film (radiograph) – indicates locations of defects as intensity differences:
• Locates internal defects.
• Provides permanent record.
• Expensive, radiation hazard, requires expertise.
24/2/2014
6
© RRC Training
Pressure Testing
• Finished pressure system subjected to pressure test (typically 1.5 x normal working pressure)
• Liquid used rather than gas
• Must be cleaned afterwards
Other Types of Failures
© RRC Training
Use of Strain Gauge (electrical sensitivity)
• A ‘strain gauge’ is attached to the item and its electrical sensitivity is measured.
Other Types of Failures
• Can be left in place to monitor – recording changing stress levels
© RRC Training
Thermal Imaging Camera
• Small variations in heat can be shown on a colour screen
• This can detect the existence of faults in an object or part
Other Types of Failures
© RRC Training
We’ll cover:
• Emergency shut-down (ESD) equipment and systems
• Safety integrity levels (SIL) for instrumentation
• Procedures for by-passing ESD
• Blow-down facilities
• Closed and open drain headers, sewers, interceptors.
Safety Critical Equipment Controls
24/2/2014
7
© RRC Training
The Fire & Gas systems:
• Can detect hazardous events (flame, smoke etc.)
• Set off alarms to alert control personnel
• Set off the ESDs to minimise consequences
• They operate through a number of fire and gas detectors
Safety Critical Equipment Controls
© RRC Training
Emergency Shut-Down Equipment and Systems
• Monitor and detect faults in process and service systems
• When detected, will shut-down to prevent escalation of hazardous event
• Will protect people and property on the installation from damage
Safety Critical Equipment Controls
© RRC Training
ESD equipment and systems
• Should be independent from normal production controls
• Control valves should be independent within ESD systems – not used for dual-control or shut-down
• Shut-down and blowdown valves should fail to safety
• Pipework isolator valves should fail closed
Safety Critical Equipment Controls
© RRC Training
• Blowdown valves should fail open if power supply or control signal is lost
• Safety case will need to justify where fail-safe is not integral to ESD system
• Where by-pass is provided around shutdown valves (for maintenance) they should be locked closed and handwheels removed
• Hydraulic return line valves should be locked open
Safety Critical Equipment Controls
24/2/2014
8
© RRC Training
Safety Integrity Levels (SIL) for Instrumentation
Safety Critical Equipment Controls
Increasing probability of failure to perform (its safety functions) on demand (PFD)SIL4 SIL1SIL3 SIL2
SIL is an index of tolerability of failure to perform
SIL needed depends on estimated risk reduction needed for acceptability/tolerability
SIL4 has highest integrity (highest probability that will perform when needed, e.g. where major accident potential)
© RRC Training
Procedures for Bypassing ESD
• Operate under permit conditions, authorised by competent person with justification
• Adequate risk assessment needed
Safety Critical Equipment Controls
• Minimise bypass time
• Continued application to be monitored and controlled
• Critical controls needed at shift hand-over
• Bypasses to be tested or correct functioning; Full testing after reversal
• Bypasses to be entered in bypass log
© RRC Training
Blowdown Facilities and Flare Types
Blowdown
• removal of liquid from process vessels and equipment (through flares or to tanks) to reduce likelihood of fires or explosions
Safety Critical Equipment Controls
© RRC Training
• Liquid blowdown should not go to flares designed for gases (flare flame-out; wide discharge spread)
• Route liquid blowdown to facilities to handle large quantities of liquids e.g. storage tank
Safety Critical Equipment Controls
Beware - gases from liquids can be released (pressure may rupture tank)
24/2/2014
9
© RRC Training
Flaring
Safety Critical Equipment Controls
Can act as a safety device that will protect vessels and pipework from overpressure.
Many different types – fixed, portable, self-supporting, some just for gas, others liquid and gas, etc.
© RRC Training
Steam-assisted flares (common in refineries)
• Single burner tips
• Elevated above ground to burn vented gas in a diffusion flame
• Steam injected into combustion zone - promotes turbulence for good mixing- introduces air into the flame
Safety Critical Equipment Controls
© RRC Training
Air-assisted flares
• Use forced air (from fan) for combustion and mixing
• Give a relatively smoke-free flame
• The burner has many small gas orifices in a spider-shaped pattern inside the top of a steel cylinder
• Fan speed can vary to alter the amount of combustion air
Safety Critical Equipment Controls
© RRC Training
Non-assisted flares
• Simple flare tip (no steam or air mixing)
• Have limited gas streams with a low heat content
• Have a low ratio of hydrogen/carbon that will burn well without producing lots of smoke
• They manage with less air to give complete combustion and have lower combustion temperatures
Safety Critical Equipment Controls
24/2/2014
10
© RRC Training
Pressure-assisted flares
• Uses vent steam pressure to assist with mixing the combustible fuels at the burner tip
• With enough vent steam pressure they can be used on flare tips that would have used steam or air to give a smokeless discharge
• They have a number of burner heads that operate depending on the amount of gas discharged
• Normally have burner at ground level – so need safe location
Safety Critical Equipment Controls
© RRC Training
Enclosed ground flares
• Burner heads enclosed in internally insulated shell
• Helps cut down smoke, noise, luminosity, heat radiation and protect from the wind
• Adequate mixing is achieved by a high nozzle pressure-drop so air or steam not needed
• Flare tip height must be adequate to create enough draught to give enough air for smokeless combustion and to disperse thermal plume
Safety Critical Equipment Controls
© RRC Training
Flare monitoring
• To ensure integrity of the emission and the flame
• Monitoring equipment, e.g. thermocouple sensors, UV flame sensors, remote flame sensors and flue analysers
• Placed in the flame for continuous monitoring
Safety Critical Equipment Controls
© RRC Training
• Clean flame, where possibly only gas is being burned.
Safety Critical Equipment Controls
24/2/2014
11
© RRC Training
• Dirty flare
• Steam is often injected into the flame at the tip of the stack to reduce the black smoke (but makes them noisier)
Safety Critical Equipment Controls
© RRC Training
Drains
• Open drains – for non/low-hazardous (e.g. rain water)
• Closed drains – hazardous, e.g. Offshore, drains
Safety Critical Equipment Controls
• Closed drains should not be interconnected with any open drain
• Sampling and monitoring needed
© RRC Training
Sewers
• Collects sewage (and organic food waste from galleys), directed through a treatment plant
• Often involves maceration and chlorination of the waste
• Treated sewage mixed with sea water and untreated ‘domestic’ water and discharged through a sewage caisson
Safety Critical Equipment Controls
© RRC Training
Safety Critical Equipment Controls
Interceptors (oil/water separators)
• Used to collect and separate oil from contaminated water (e.g. rainwater from hazardous areas)
• Have a series of settling bays Water flows through Oil stays on the top and accumulates Oil sucked out and disposed of
• ‘Cleaned’ water must meet legal limits before discharged to sea/rivers (monitoring)
24/2/2014
12
© RRC Training
Overfilling
Failure of operator to monitor filling (when filling manually)
Failure of pumping system to shut off
Failure/absence of sensors and alarms
Blockage or lack of adequate tank venting or relief systems
e.g. Buncefield fire and explosion
Safe Storage of HydrocarbonsHazards and Risks
© RRC Training
Effects of pressure and vacuum
Over-pressurisation can cause stress on joints and seals in sealed tanks
Floating roof tanks can have roofs lifted or torn
Vacuum can cause implosion of vessel
Safe Storage of Hydrocarbons
© RRC Training
Failure of Tank Shells
Explosion (ignition of flammable contents)
Wind loading and earthquakes
Corrosion (annular rim etc)
Poor construction (materials, welding) and installation
Operational errors (over-pressurisation or vacuum when filling or emptying)
Deformation of the structure can cause failure
Settlement can affect foundations and tank bases
Safe Storage of Hydrocarbons
© RRC Training
Safe Storage of Hydrocarbons
External Floating Roof Tank
24/2/2014
13
© RRC Training
Internal Floating Roof Tank
© RRC Training
Fixed Roof storage Tank
© RRC Training
Bunding of Storage Tanks- some considerations:
110% of the capacity of the largest tank in the bund
Safe Storage of Hydrocarbons
Impervious to liquid being stored
Drainage (e.g. rain water, spills) via locked valve and interceptor
Maintained (vegetation, etc.)
Electrical equipment (pumps, etc.) explosion protected
Crash barriers or bollards (collision protection)
Wall height to take account of ventilation, access, etc.© RRC Training
Tank filling:
‘Top’ filling – splashing, aeration, electrostatic charge
‘Bottom filling’ – pressure may cause tank failure
Overfilling!
Escape, fire, explosion, environmental damage (Buncefield!)
Use level sensors/alarms, shut-down, bunds, spill kits, etc.
Safe Storage of Hydrocarbons
24/2/2014
14
© RRC Training
Fire-resistant
Walls up to 15mm thick.
Pressure relief (on top)
Safe Storage of Hydrocarbons
Pressurised/Refrigerated Vessels for LPG/LNG
© RRC Training
Loss of Containment and Consequences
Jet (spray) fires
Fuels - Gas, 2-phase, flashing liquids and pure liquids
Characteristics depend on fuel, release rate, etc.
Water content may render fire more unstable
Directed onto structures can cause, e.g. vessel failure
Confined vs. Unconfined
Safe Storage of Hydrocarbons
© RRC Training
Pool Fires
Outdoor fires will be well ventilated (combustion controlled by the fuel)
Enclosed fires may become under-ventilated (combustion controlled by the ventilation)
‘static’ or ‘running’ fires
Safe Storage of Hydrocarbons
© RRC Training
1. Vaporisation of HC (e.g. LNG vessel leak)
2. Concentration build up (above LEL)
3. Ignition (source with > MIE)
4. Explosion - over-pressure, blast wave, thermal radiation, fire, debris as airborne missiles
Safe Storage of Hydrocarbons
Hydrocarbon Vapour Clouds – generation and potential effects
Explosion types: Detonation vs. Deflagration
24/2/2014
15
© RRC Training
Unconfined Vapour Cloud Explosions (UVCE)
Large quantity of flammable gas/vapour released into atmosphere
Cloud ignited before it can be dispersed below LEL
Explosion (usually a deflagration) - Shock waves and thermal radiation, damage, e.g. Flixborough
Safe Storage of Hydrocarbons
© RRC Training
Confined Vapour Cloud Explosions (CVCE)
Vapour cloud contained (e.g. vessel or building)
Ignition
Explosion pressure wave may rupture vessel/building walls
Requires only small quantity of vapour
Considerable damage – but usually localised
Safe Storage of Hydrocarbons
© RRC Training
Boiling Liquid Expanding Vapour Explosion (BLEVE)
Typical sequence of events:
Fire heats vessel containing flammable liquid (e.g. LPG)
Internal pressure rises – Relief valve operates
Vapour escape reduces vessel liquid level
Fire rapidly heats vapours above the liquid surface
Vessel wall above liquid level weakens and fails < 20 mins –sudden uncontrolled vapour release
Vapour cloud explodes – thermal radiation, blast wave, flying debris
Safe Storage of Hydrocarbons
© RRC Training
Pipeline Monitoring
Safe Storage of Hydrocarbons
Supervisory Control And Data Acquisition (SCADA) systems– industrial computer systems – that monitor and control (in this case) oil and gas transportation in pipelines.
Detection systems can detect change in flow at leak or tapping point (theft/damage)
Simplest pipeline inspection method – ‘walk the line’
CCTV
24/2/2014
16
© RRC Training
Decommissioning of Plant (an Overview)
Decontamination – using water/air, steam, detergents etc
Dismantling
Disposal (if no longer needed) – including of contaminants
Site clearance/remediation (e.g. contaminated land) and verification
Safe Storage of Hydrocarbons
Factors to consider in decommissioning plan: Health and safety, Environmental impact, Technical feasibility, Cost effectiveness
© RRC Training
Decommissioning Old Oil and Gas Wells
Obtain all relevant site information (for possible re-use of the installation)
Effect on marine environment?
Costs? (plugging and abandoning)
Select optimal disposal method and disposal contractors
Safe Storage of Hydrocarbons
© RRC Training
Decommissioning of Topside Production Equipment
Removal of deck support structures, drilling decks and plant
Processing and transportation of oil and gas pipelines
Services, welfare and accommodation facilities
Re-use should be a first choice rather than disposal
Safe Storage of Hydrocarbons
© RRC Training
Removal and Disposal of Deck and sea-bed support (Jacket) Structures
Cost of removal vs. leave where it is (may present shipping hazard, may contaminate fish stocks etc)
Deck packages can often be removed in modules
Require use of lifting vessels to load onto transporters
Possible use of explosives on pilings and legs (but consider effect on marine life)
Jacket now supports marine eco-system (‘artificial reef’), so some can be left (sea-bed removal may be difficult)
Safe Storage of Hydrocarbons
24/2/2014
17
© RRC Training
Pipeline & Power Cable Decommissioning
There are environmental as well as technical issues
Best method depends on location of pipeline, depth buried and/or depth of water
Consider other nearby pipelines, sea-bed structures and the marine environment
Consider removal of onshore-offshore power cables
Safe Storage of Hydrocarbons
© RRC Training
SIMOPs can occur due to:
Contractor/Maintenance activities -same location/time
Emergencies (fire/explosion)
Platform and vessel operations
Weather or environmental impacts
Safe Storage of Hydrocarbons
Management of Simultaneous Operations (SIMOPS)
© RRC Training
Stakeholder meeting - draw up plan of operation
Appoint overall responsible person (e.g. OIM )
Assign other specific responsibilities; how liaison is achieved; duration for each operation
Safe Storage of Hydrocarbons
Managing SIMOPS
Risk assess the project
Each party assembles own work file (covering work in their area)
Project Review meeting
© RRC Training
Each work file will include, for example:
Method statement Drawings/schematics (if applicable) Asset lists for the work The constraints identified for each activity An organisation chart identifying key personnel Main hazards and control measures Communications MoC procedures (for any deviations from plan) Emergency response Etc.
Safe Storage of HydrocarbonsManaging SIMOPS cont’d
24/2/2014
18
© RRC Training
The Project review meeting:
Hazard identification and risk assessment (HIRA)
Consider any clashes of activity
Determine hierarchy of controls
Determine roles and responsibilities for all in the operations; lines of reporting and control
Safe Storage of Hydrocarbons
Managing SIMOPS cont’d
© RRC Training
Next steps:
Create Interface documents
Conduct pre-operations briefing
Daily meetings during the work
Operated under single permit-to-work system
Close out process (including review of ‘lessons learned’)
Safe Storage of HydrocarbonsManaging SIMOPS cont’d
© RRC Training
Consider:
Lightning
The fire triangle
Static electricity
Identification of ignition sources
Hazardous area classification ‘zones’
Electrical equipment and tools for use in hazardous areas
Fire Hazards, Risks and Controls
© RRC Training
Lightning
Major static electrical discharge
Superheats surrounding air –bright flash
Audible shock wave (thunder)
Protection – grounded lightning rods
Fire Hazards, Risks and Controls
24/2/2014
19
© RRC Training
Fire Hazards, Risks and Controls
The Fire Triangle
Potential Consequences: explosion, thermal radiation, shock wave (as discussed earlier- CVCEs, etc.), fires
© RRC Training
Classification of FiresFire Hazards, Risks and Controls
© RRC Training
Stages of Fire (Combustion)
Fire Hazards, Risks and Controls
© RRC Training
Electrostatic charges
Static accumulates, e.g. from fuel flowing inside a transfer pipe
Static discharges
Ignition of fuel/air mixture in vicinity (if discharge energy is high enough)
Precautions, typically: good earthing/bonding, use of conductive materials for pipes/vessels; additives in fuels
Fire Hazards, Risks and Controls
24/2/2014
20
© RRC Training
Identifying Ignition Sources, e.g.
Open flames
Sparks (electrical switches, grinding tools, internal combustion engines)
Static
Friction
Etc.
Fire Hazards, Risks and Controls
© RRC Training
Control and Mitigation of Vapour Phase Explosions:
Building design (Structural protection for personnel; blast panels)
Plant and process design (keep conc. below LEL; eliminate ignition sources; blast resistant equipment; explosion relief/venting devices; spillage containment)
Isolation, Inerting and suppression
Segregation of flammables (storage) and minimise inventory
Procedures (mop up spills)
Monitoring (to detect vapour concentrations in flamm range)
Fire Hazards, Risks and Controls
© RRC Training
Zoning and Hazard Area Classification
Zone 0 – a place in which an explosive atmosphere consisting of a mixture of air with dangerous substances in the form of gas, vapour, mist is present continuously, or for long periods of time, or frequently (Zone 20 for dust)
Fire Hazards, Risks and Controls
© RRC Training
Fire Hazards, Risks and Controls
For DUSTS, equivalent zones are 20, 21 and 22, respectively
Zone Description: a place in which an explosive atmosphere consisting of a mixture of air with dangerous substances in the form of gas, vapour, mist is
0 present continuously, or for long periods of time, or frequently
1 likely to occur in normal operation occasionally 2 not likely to occur in normal operation but, if it does
occur, will persist for short period only
Zoning and Hazard Area Classification for gas, vapour, mist
24/2/2014
21
© RRC Training
Selection of equipment to be used in the hazardous area:
Zone 0 or zone 20 – category 1 equipment
Zone 1 or zone 21 – category 1 or 2 equipment
Zone 2 or zone 22 – category 1, 2 or 3 equipment
Fire Hazards, Risks and Controls
© RRC Training
Intrinsically Safe Equipment (Type ‘i’)
Energy level insufficient to produce incendiary spark.
Two categories:‘ia’ - allows for two simultaneous faults (more stringent)‘ib’ - allows for only one fault
Only ‘ia’ equipment can be used (exceptionally) in Zone 0 if sparking contacts are not part of the equipment.
Examples: instrumentation and low energy equipment.
Fire Hazards, Risks and Controls
© RRC Training
Flameproof Equipment (Type ‘d’)
Totally enclosed
Casing can withstand internal explosions without igniting surrounding flammable atmosphere.
Suitable for Zones 1 & 2(Not Zone 0)
Heavy and expensive; requires regular maintenance.
Examples: motors, lighting, switchgear and portable handlamps.
Fire Hazards, Risks and Controls
© RRC Training
Furnace and Boiler Operations
Boilers and furnaces are widely used to generate and distribute steam and hot water
There are hazards and risks associated with operating boilers and furnaces, including those arising from the loss of pilot supply, over-firing and flame impingement
Further problems arise from over pressurisation of the fire-box, low tube flow and the control of the tube-metal temperature (TMT)
Furnace and Boiler Operations
24/2/2014
22
© RRC Training
Furnace and Boiler Operations
Fire-tube boiler© RRC Training
Furnace and Boiler Operations
Water-tube boiler
© RRC Training
Hazards and Risks of Boiler Operations
Loss of pilot gas supply –Building up an explosive atmosphere. Flame detectors are used to ‘watch’ the pilot flame.
Low tube flow –Low flow (hot water or heated air) causes temperature & pressure rise - potential explosions
Furnace and Boiler Operations
Control of tube-metal temperature (TMT) –Otherwise excessive stresses placed on boiler tubes Need to manage water level in the boiler. Low water level can lead to explosions
© RRC Training
Boiler explosions:BLEVE – very high steam pressures
Fire box explosions:Occur after flame out when firebox is hot. Damages internal boiler tubes - structural failure, steam leakage.
Furnace and Boiler Operations
Flame impingement:Heating flame directly touches boiler surfaces (heating coils, pipework)Causes erosion, corrosion, cracking, failure. Prevention: proper adjustment of flame