1.6 Layers of Protection in Process Plant

actuallyabandonedΗλεκτρονική - Συσκευές

15 Νοε 2013 (πριν από 3 χρόνια και 1 μήνα)

74 εμφανίσεις

1.6 Layers of Protection in
Process Plant

Dr. AA

2

ALARMS

SIS

RELIEF

CONTAINMENT

EMERGENCY RESPONSE

BPCS

Strength in Reserve


BPCS

-

Basic process
control


Alarms

-

draw attention


SIS

-

Safety interlock
system to stop/start
equipment


Relief

-

Prevent excessive
pressure


Containment

-

Prevent
materials from reaching,
workers, community or
environment


Emergency Response

-

evacuation, fire fighting,
health care, etc.

A

U

T

O

M

A

T

I

O

N

Layers of Protection for High Reliability

3

SAFETY STRENGTH IN DEPTH !
PROCESS
RELIEF SYSTEM
SAFETY INTERLOCK
SYSTEM
ALARM SYSTEM
BASIC PROCESS
CONTROL SYSTEM
Closed-loop control to maintain process
within acceptable operating region
Bring unusual situation to attention
of a person in the plant
Stop the operation of part of process
Divert material safely
Seriousness
of event

Four
independent
protection
layers (IPL)

In automation

Key Concept in process Safety: REDUNDANCY

4

1. Safety

2. Environmental Protection

3. Equipment Protection

4. Smooth Operation &


Production Rate

5. Product Quality

6. Profit

7. Monitoring & Diagnosis

We are emphasizing
these topics

Objectives of Process Control

5


First line of defense


Process control maintains variables at set points, which are
fixed at some desired values


Technology
-

Multiple PIDs, cascade, feedforward, etc.


Guidelines


Always control
unstable variables

(Examples in flash?)


Always control
“quick”

safety related variables



Stable variables that tend to change quickly (Examples?)


Monitor

variables that change very slowly



Corrosion, erosion, build up of materials


Provide safe response to critical
instrumentation failures


-

But, we use instrumentation in the BPCS?

Basic Process Control System (BPCS)

6

F1

Where could we use BPCS in the flash process?


7

The level is
unstable; it must
be controlled.

The pressure will
change quickly and
affect safety; it must
be controlled.

F1

8


Alarm has an anunciator and visual indication


-

No action is automated
!


-

require analysis by a person
-

A plant operator
must decide.


Digital computer stores a record of recent alarms


Alarms should catch sensor failures


-

But, sensors are used to measure variables for
alarm checking?

2. Alarm System

9


Common error is to design
too many alarms


-

Easy to include; simple (perhaps, incorrect) fix to prevent
repeat of safety incident


-

One plant had 17 alarms/h
-

operator acted on only 8%


Establish and observe clear priority ranking

-

HIGH



= Hazard to people or equip., action required

-

MEDIUM


= Loss of RM, close monitoring required

-

LOW



= investigate when time available

2. Alarm System

10

F1

Where could we use alarm in the Flash
Process ?

11

A low level could
damage the pump;
a high level could
allow liquid in the
vapor line.

The pressure affects
safety, add a high
alarm

F1

PAH

LAH

LAL

Too much light key
could result in a large
economic loss

AAH

12


Automatic action usually stops part of plant
operation to achieve safe conditions


-

Can divert flow to containment or disposal


-

Can stop potentially hazardous process, e.g.,
combustion


Capacity of the alternative process must be for
“worst case”


SIS prevents “unusual” situations


-

We must be able to start up and shut down


-

Very fast “blips” might not be significant

3. Safety Interlock System

13


Also called emergency shutdown system (ESS)


SIS should respond properly to instrumentation
failures


-

But, instrumentation is required for SIS?


Extreme corrective action is required and
automated


-

More aggressive than process control (BPCS)


Alarm to operator when an SIS takes action

3. Safety Interlock System

14


The automation strategy is usually simple, for example,

If L123 < L123
min
; then, reduce fuel to zero

steam

water

LC

PC

fuel

How do we

automate this SIS

when PC is adjusting


the valve?

3. Safety Interlock System

15

If L123 < L123
min
; then, reduce fuel to zero

steam

water

LC

PC

fuel

LS

s

s

fc

fc

15 psig

LS = level switch, note that separate sensor is used

s

= solenoid valve (open/closed)

fc = fail closed

Extra valve with tight shutoff

16


The automation strategy may involve several variables, any one of
which could activate the SIS

If L123 < L123
min
; or

If T105 > T105
max

…….

then, reduce fuel to zero

SIS

100

L123

T105

…..

s

Shown as “box”


in drawing with

details elsewhere

3. Interlock System

17


The SIS saves us from hazards, but can shutdown the plant
for false reasons, e.g., instrument failure.

1 out of 1


must indicate

failure

T100

s

2 out of 3


must indicate

failure

T100

T101

T102

Same variable,

multiple sensors!

s

False

shutdown

Failure on
demand

5 x 10
-
3

5 x 10
-
3

2.5 x 10
-
6

2.5 x 10
-
6

Better
performance,

more expensive

3. Safety Interlock System

18


We desire
independent protection layers
, without common
-
cause failures
-

Separate systems

sensors

SIS system

i/o

i/o

………….

sensors

Digital control system

i/o

i/o

………….

BPCS and Alarms


SIS and Alarms associated
with SIS


3. Safety Interlock System

19

SAFETY STRENGTH IN DEPTH !
PROCESS
RELIEF SYSTEM
SAFETY INTERLOCK
SYSTEM
ALARM SYSTEM
BASIC PROCESS
CONTROL SYSTEM
Closed-loop control to maintain process
within acceptable operating region
Bring unusual situation to attention
of a person in the plant
Stop the operation of part of process
Divert material safely
These layers require
electrical power, computing,
communication, etc.

KEY CONCEPT IN PROCESS SAFETY
-

REDUNDANCY!

What do we do if a major incident occurs that causes


loss of power or communication


a computer failure (hardware or software)

Could these all fail due to a
common fault?

20


Entirely self
-
contained,
no external power required


The action is automatic
-

does not require a person


Usually, goal is to achieve reasonable pressure


-

Prevent high (over
-
) pressure


-

Prevent low (under
-
) pressure


The capacity should be for the “worst case”
scenario

4. Safety Relief System

21




Increase in pressure can lead to rupture of vessel or pipe
and release of toxic or flammable material






-

Also, we must protect against unexpected vacuum!




Naturally, best to prevent the pressure increase




-

large disturbances, equipment failure, human error, power
failure, ...




Relief systems provide an exit path for fluid




Benefits: safety, environmental protection, equipment
protection, reduced insurance, compliance with governmental
code

RELIEF SYSTEMS IN PROCESS PLANTS


22




Identify potential for damage due to high (or low) pressure
(HAZOP Study)



In general,
closed volume

with ANY potential for pressure
increase



-

may have exit path that should not be closed but could be


-

hand valve, control valve (even fail open), blockage of line



Remember, this is the
last resort,

when all other safety
systems have not been adequate and a fast response is
required!

Location of Relief System

23


BASIC PRINCIPLE: No external power required
-



self actuating

-

pressure of process provides needed force!



VALVES

-

close when pressure returns to acceptable value


-

Relief Valve
-

liquid systems


-

Safety Valve
-

gas and vapor systems including steam


-

Safety Relief Valve
-

liquid and/or vapor systems



Pressure of protected


system can exceed


the set pressure.

Standard Relief Method: Valves

24


BASIC PRINCIPLE: No external power required
-



self acting




RUPTURE DISKS OR BURST DIAPHRAGMS

-

must be replaced after opening

.



Standard Relief Method: Rupture Disk

25




Two types of designs determine influence of pressure immediately
after the valve



-

Conventional Valve

-
pressure after the valve affects the valve lift
and opening


-

Balanced Valve

-

pressure after the valve does not affect the valve
lift and opening

Conventional

Balanced

Relief Valves

26


ADVANTAGES



-

simple, low cost and many commercial designs
available


-

regain normal process operation rapidly because
the valve closes when pressure decreases below set
value



DISADVANTAGES



-

can leak after once being open (O
-
ring reduces)


-

not for very high pressures (20,000 psi)


-

if oversized, can
lead

to damage and failure (do not
be too conservative; the very large valve is not the
safest!)

Some Information about Relief Valves

27



ADVANTAGES


-

no leakage until the burst


-

rapid release of potentially large volumes


-

high pressure applications


-

corrosion leads to failure, which is safe


-

materials can be slurries, viscous, and
sticky



DISADVANTAGES


-

must shutdown the process to replace


-

greater loss of material through relief


-

poorer accuracy of relief pressure the
valve

Rupture Disk/Burst Diaphragm

28


Spring
-
loaded safety relief valve

Process

To effluent handling


Rupture disc

Process

To effluent handling

Symbols used in P&I D

29

F1

Add Relief to the Following System

30

F1

The drum can be isolated
with the control valves;
pressure relief is required.

We would like to recover
without shutdown; we
select a relief valve.

Add Relief to the Following System

31

Positive
displacement
pump

Add Relief to the Following System

32

Positive
displacement
pump

The positive displacement pump
will be damaged if the flow is
stopped; we need to provide
relief.

We would like to recover without
shutdown; we select a relief
valve.

Add Relief to the Following System

33

Why are all


those valves

in the process?

Add Relief to the Following System

34

The extra “hand”`valves
enable us to isolate and
remove the heat
exchanger without
stopping the process.

The shell side of the heat
exchanger can be isolated;
we need to provide relief.

We would like to recover
without shutdown; we
select a relief valve.

Add Relief to the Following System

35

Why is the pressure
indicator provided?

Is it local or remotely
displayed? Why?


What is the advantage
of two in series?


Why not have two relief
valves (diaphragms) in
series?

In some cases, relief and diaphragm are used
in series


WHY?

36

Why is the pressure
indicator provided?

If the pressure increases,
the disk has a leak and
should be replaced.

Is it local or remotely
displayed? Why?

The display is local to
reduce cost, because we
do not have to respond
immediately to a failed
disk
-

the situation is not
hazardous.


What is the advantage
of two in series?

The disc protects the
valve from corrosive or
sticky material. The
valve closes when the
pressure returns below
the set value.

In some cases, relief and diaphragm
are used in series


WHY?

37

Structure

vent closed

Structure

explosion

Vents required to control or direct
vapour/dust explosion effect

38

From

relief

To environment Vent steam, air

Holding for later processing Waste water treating

Recycle to process



Fuel gas, fuel
oil, solvent

Recover part to process



Immediate neutralization


Flare, toxic materials



Materials from relief must be
process or dispose safely

5. Containment


Use to moderate the impact of spill or an
escape


Example


Bund containment for storage tanks


Location of relief valves and vents


diversion to temporary storage /drain system
(following breakage of rupture disk)


Safety management in containment areas.


Containment building (if applicable)


6. Emergency Response
Management


Also used to moderate impact on incidents


All plants should ERP (emergency response
plan)


Assembly, head
-
counts, evacuation etc…

Summary

ALARMS

SIS

RELIEF

CONTAINMENT

EMERGENCY RESPONSE

BPCS

1.
Inherent design starts at project
conceptualization

2.
Three main strategy


Substitution


Intensification


Attenuation

3.
Six Layers of Protection