Home > Documents > Ts0708 6 Shutdown

Ts0708 6 Shutdown

Date post: 02-Jun-2018
Category:
Author: userscribd2011
View: 217 times
Download: 0 times
Share this document with a friend
Embed Size (px)

of 45

Transcript
  • 8/10/2019 Ts0708 6 Shutdown

    1/45

    David RansomeP&I Design Ltd

    Automatic shut downIndustry example systems

    & Methodology

  • 8/10/2019 Ts0708 6 Shutdown

    2/45

  • 8/10/2019 Ts0708 6 Shutdown

    3/45

    BS EN 61508 BS EN 61511

    Process Sector Safety System

    Standards

    Manufacturers &Suppliers of Devices

    BS EN 61508

    Safety Instrumented System Designers,

    Integrators & Users

    BS EN 61511

  • 8/10/2019 Ts0708 6 Shutdown

    4/45

    Hazard and Risk AnalysisDefinition of Safety Functions

    Design and Development ofAlternative Means of Risk Reduction

    Safety Requirements Specificationfor Safety Instrument System(SIS)

    Design and Development of SIS

    Installation, Commissioning andValidation

    Operation and Maintenance

    Modification

    Decommissioning

    SAFETY LIFE CYCLE

    Review process

  • 8/10/2019 Ts0708 6 Shutdown

    5/45

    Hazard & Risk Assessment

    BS EN 61511-1 Clause 8

    to determine the hazardous events to determine the sequence of events leading to the hazardous event

    to determine the process risks associated with the hazardous event to determine any requirements for risk reduction to determine the safety functions required

    to determine if any of the safety functions are safety instrumentedsystems

  • 8/10/2019 Ts0708 6 Shutdown

    6/45

    Hazard and Risk AnalysisDefinition of Safety Functions

    Design and Development ofAlternative Means of Risk Reduction

    Safety Requirements Specificationfor Safety Instrument System(SIS)

    Design and Development of SIS

    Installation, Commissioning andValidation

    Operation and Maintenance

    Modification

    Decommissioning

    SAFETY LIFE CYCLE

    Review process

  • 8/10/2019 Ts0708 6 Shutdown

    7/45

    Safety Instrumented Functions &

    Safety Requirements SpecificationsDevelop safety instrument system specification

    Each safety function requires defining, stating exactly whenand what should happen, together with the timescale ofevents (timescale is important to ensure that the SIS can

    perform the function required safely and within anappropriate time frame)

    Each safety instrumented function should be allocated aSafety Integrity Level (SIL)

  • 8/10/2019 Ts0708 6 Shutdown

    8/45

    Safety Integrity Levels

    SIL 4 is not normally used in the process industry.

    SafetyIntegrity

    Level

    Probabilityof

    failureon demand

    Availability%

    NonAvailabilityContinuous

    Demand

    Risk ReductionFactor

    SIL 1 0.1 to 0.01 90 to 99% 876 to 87.6hours/year

    10 100

    SIL 2 0.01 to 0.001 99 to 99.9% 87.6 to 8.76hours/year

    100 - 1000

    SIL 3 0.001 to 0.0001 99.9 to 99.99% 8.76 to 0.876

    hours/year

    1000 - 10000

    SIL 4 0.0001 to0.00001

    99.99 to99.999%

    52 to 5.2minutes/year

    >10000

  • 8/10/2019 Ts0708 6 Shutdown

    9/45

    SENSOR

    SUBSYSTEM

    LOGIC

    SOLVER

    SUBSYSTEM

    FINAL

    ELEMENT

    SUBSYSTEM

    Safety Instrumented Function

  • 8/10/2019 Ts0708 6 Shutdown

    10/45

    Hazard and Risk AnalysisDefinition of Safety Functions

    Design and Development ofAlternative Means of Risk Reduction

    Safety Requirements Specificationfor Safety Instrument System(SIS)

    Design and Development of SIS

    Installation, Commissioning andValidation

    Operation and Maintenance

    Modification

    Decommissioning

    SAFETY LIFE CYCLE

    Review process

  • 8/10/2019 Ts0708 6 Shutdown

    11/45

    Safety Instrumented Functions &

    Safety Requirements SpecificationsBS EN 61511-1 Clause 11

    to design a system in that the Safety Instrumented Functions meet thespecified Safety Integrity Levels

  • 8/10/2019 Ts0708 6 Shutdown

    12/45

    Design of Safety

    Instrumented SystemPrepare all documentation and detailed specifications for

    the SIS

    Typical Documentation includes:

    Functional Description SpecificationLoop DrawingsLogic Drawings

    Installation DocumentationEquipment Specifications

    Failure rate Data for equipment

  • 8/10/2019 Ts0708 6 Shutdown

    13/45

    Design of Safety

    Instrumented SystemEnsure that the system complies to the standard and

    satisfies the required Safety Integrity Level

    Typically:

    Functional Safety Assessment and Design ReviewsReviews against the standard

    Calculation of Probability of Failure on Demand values

    Compliance to hardware fault tolerance criteriaAssessment for proven in use and process conditions

  • 8/10/2019 Ts0708 6 Shutdown

    14/45

    Design of Safety

    Instrumented SystemCalculate the nuisance trip levels for the system

    Nuisance tripping is when the systems trips when it is not

    in a dangerous state. Nuisance trips are much more likely than the system failingto danger, due to the relatively high safe fail fraction of the

    SIF1oo2 systems have double the nuisance trips of a 1oo1

    system.

  • 8/10/2019 Ts0708 6 Shutdown

    15/45

    Design of Safety

    Instrumented SystemPrepare testing and validation method statements

    Typical Documentation includes:SIS Panel FAT

    Equipment Failure Conditions Functional Test DocumentShutdown Conditions Functional Test DocumentProcess Conditions Functional Test Document

    Analysis and Appraisal Documentation

  • 8/10/2019 Ts0708 6 Shutdown

    16/45

    Rail Tanker off-loading

  • 8/10/2019 Ts0708 6 Shutdown

    17/45

    Rail Tanker off-loading

    Full terminal control ofoff-loading pumps and valves

  • 8/10/2019 Ts0708 6 Shutdown

    18/45

    Ship off-loading

  • 8/10/2019 Ts0708 6 Shutdown

    19/45

    Ship off-loadingSplit control

    ofoff-loading

    pumps andvalves

  • 8/10/2019 Ts0708 6 Shutdown

    20/45

    Ship off-loadingSplit control

    ofoff-loading

    pumps andvalves

    Surge Pressure Problems

  • 8/10/2019 Ts0708 6 Shutdown

    21/45

    Ship off-loadingSplit control

    ofoff-loading

    pumps andvalves

    1. Linked shutdown system between ship and shore, with correctshutdown sequence.

  • 8/10/2019 Ts0708 6 Shutdown

    22/45

    Ship off-loadingSplit control

    ofoff-loading

    pumps andvalves

    2. Closing time of valves comparable to dischargeflow rate to avoid surge pressures.

  • 8/10/2019 Ts0708 6 Shutdown

    23/45

    Ship off-loadingSplit control

    ofoff-loading

    pumps andvalves

    3. Shore to ship checklist and communications to ensure shutdown

  • 8/10/2019 Ts0708 6 Shutdown

    24/45

    Pipeline transfer

    Pipeline

    PumpingStation

  • 8/10/2019 Ts0708 6 Shutdown

    25/45

    Pipeline transfer

    Split controlof pipeline,

    pumps andvalves

    Pipeline

    PumpingStation

  • 8/10/2019 Ts0708 6 Shutdown

    26/45

    Pipeline transfer

    Split controlof pipeline,

    pumps andvalves

    Pipeline

    PumpingStation

    Surge Pressure Problems

  • 8/10/2019 Ts0708 6 Shutdown

    27/45

    Pipeline transfer

    Split controlof pipeline,

    pumps andvalves

    Pipeline

    PumpingStation

    1. Closing time of valves comparable to flowrate to avoid surge pressures.

  • 8/10/2019 Ts0708 6 Shutdown

    28/45

    Pipeline transfer

    Split controlof pipeline,

    pumps andvalves

    Pipeline

    PumpingStation

    2. Communications to pipeline

    supplier to inform of shutdown (It maynot be possible to stop transfer, as

    pipeline may be supplying multiple

    users.

  • 8/10/2019 Ts0708 6 Shutdown

    29/45

    Pipeline transfer

    Split controlof pipeline,

    pumps andvalves

    Pipeline

    PumpingStation

    3.Added complications may included slopstank for product changeover.

  • 8/10/2019 Ts0708 6 Shutdown

    30/45

    Pipeline transfer

    Split controlof pipeline,

    pumps andvalves

    Pipeline

    PumpingStation

    4. Unexpected increase in filling rate couldoccur if another pipeline user shuts

    down.

  • 8/10/2019 Ts0708 6 Shutdown

    31/45

    Jetty transfer system

    High Highlevel in any

    tank shutsJetty Valve

    SLOWCLOSING

  • 8/10/2019 Ts0708 6 Shutdown

    32/45

    Jetty transfer system

    High Highlevel in any

    tank shutsJetty Valve

    High Highlevel in a tank

    shuts itstankside valve

    SLOWCLOSING

    SLOWCLOSING

  • 8/10/2019 Ts0708 6 Shutdown

    33/45

    SLOWCLOSING

    Jetty transfer system

    High Highlevel in any

    tank shutsJetty Valve

    High Highlevel in a tank

    shuts itstankside valve

    High Highlevel in anytank stops

    ships pump

    SLOWCLOSING

  • 8/10/2019 Ts0708 6 Shutdown

    34/45

    Jetty transfer system

    High Highlevel in a tank

    shuts itstanksidevalves

    High Highlevel in anytank stops

    ships pump

    SLOWCLOSING

    Pi li t f t

  • 8/10/2019 Ts0708 6 Shutdown

    35/45

    Pipeline transfer system

    Pumpingstation

    advised ofshutdown

    High Highlevel in anytank shuts

    valve

    Pipeline valve

    not underterminal

    control, shutson high level,not fail safe

    SLOPS TANK

    P-33

    SLOWCLOSING SMALL

    TANK

    Pipeline transfer system

  • 8/10/2019 Ts0708 6 Shutdown

    36/45

    SLOPS TANK

    P-33

    Pipeline transfer system

    High Highlevel in a tank

    shuts itstankside valve

    SLOWCLOSING

    Pumpingstation

    advised ofshutdown

    High Highlevel in anytank shuts

    valve

    Pipeline valve

    not underterminal

    control, shutson high level,not fail safe

    SMALLTANK

  • 8/10/2019 Ts0708 6 Shutdown

    37/45

    Equipment

    Sensors

    Different techniques may be required for fixed roof and floating deck

    Example Techniques: Vibronics, Displacer, Radar Ensure manufacturers reliability data is fully understood, e.g it may

    be that on a Radar Gauge that the reliability data and PFD quoted areon internal relay outputs of the gauge and not necessarily on the

    analog or comms output.

  • 8/10/2019 Ts0708 6 Shutdown

    38/45

    Equipment

    Logic Solvers

    Simple systems utilise non programmable systems

    If programmable system BS EN 61511 Clause 12 applies

  • 8/10/2019 Ts0708 6 Shutdown

    39/45

    Equipment

    Final Elements

    Fail Safe actuated valves Pneumatic or electric

    Pump Motors and motor control equipment, ensure independence, if BPCS stops the pump on high level, then the system will not be

    independent if the high high level operates the same motor contactor

    If using a 1oo2 final element architecture ensure that processconditions testing tests each valve separately. If not you will not

    know the first valve has failed until the second fails

  • 8/10/2019 Ts0708 6 Shutdown

    40/45

    MIIB Recommendation 6

    If Ship off-loading, it is essential to ensure that the ship and

    loading arms etc. are protected if the terminal shuts down,remember it could be a nuisance trip where no high high levelalarm is activated

    Similarly for pipeline transfers, ensure the pipeline supplier knowsthe consequences of the terminal shutting down and that the

    shutdown will not cause off-site incidents.

  • 8/10/2019 Ts0708 6 Shutdown

    41/45

  • 8/10/2019 Ts0708 6 Shutdown

    42/45

    The End

    Thank You

  • 8/10/2019 Ts0708 6 Shutdown

    43/45

  • 8/10/2019 Ts0708 6 Shutdown

    44/45

  • 8/10/2019 Ts0708 6 Shutdown

    45/45

    Safety Integrity: - Designed to SIL 3


Recommended