Scribd
Upload
224 views80 pages

Layer of Protection Analysis (LOPA) Workshop

This document provides an overview of Layer of Protection Analysis (LOPA) Workshop. It discusses the history and organizational structure of TUV NORD, an international technical service provider, and its subsidiary TUV NORD Iran. TUV NORD Iran offers certification services, industrial services, consulting, and training through its TUV Academy. Services include management systems certification, technical inspections, asset integrity management, and occupational health and safety training.

Uploaded by

sushant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
224 views80 pages

Layer of Protection Analysis (LOPA) Workshop

This document provides an overview of Layer of Protection Analysis (LOPA) Workshop. It discusses the history and organizational structure of TUV NORD, an international technical service provider, and its subsidiary TUV NORD Iran. TUV NORD Iran offers certification services, industrial services, consulting, and training through its TUV Academy. Services include management systems certification, technical inspections, asset integrity management, and occupational health and safety training.

Uploaded by

sushant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 80

Layer of Protection Analysis (LOPA) Workshop

Layer of Protection Analysis (LOPA)


Workshop

/ 2221Slide No. 1#

‫ﻫﻮﻳﺖ‬
‫ﺳﺎزﻣﺎﻧﻲ‬

/ 2222Slide No. 2#
‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫ﺗﺎرﻳﺨﭽﻪ‬

‫½ ‪TÜV‬ﻣﺨﻔﻒ ﺳﻪ ﻛﻠﻤﺔ‬
‫‪Technischer Überwachungs Verein‬‬
‫)ﺗ‪‬ﺸﻨﻴﺸ‪‬ﺮ اوﺑِﺮوا ُﺧُﻮﻧﮕﺰ ﻓ‪‬ﺮاﻳﻦ(‬

‫½ ﺑﻪ ﻣﻌﻨﻲ “اﺗﺤﺎدﻳﻪ ﺑﺎزرﺳﻲ و ﭘﺎﻳﺶ ﻓﻨﻲ”‬


‫½ آرم ﺛﺒﺖ ﺷﺪة ﺑﻴﻦاﻟﻤﻠﻠﻲ‬
‫½ ﺷﺨﺼﻴﺖﻫﺎي ﻣﺴﺘﻘﻞ ﺣﻘﻮﻗﻲ در ﻣﻨﺎﻃﻖ ﻣﺨﺘﻠﻒ آﻟﻤﺎن‬

‫‪/ 2223Slide No.‬‬ ‫‪3#‬‬

‫‪TÜV NORD Holding‬‬


‫ﻴﺲ ‪1869‬‬
‫ﺗﺄﺳﻴﺲ‬

‫‪/ 2224Slide No.‬‬ ‫‪4#‬‬


Layer of Protection Analysis (LOPA) Workshop

/ 2225Slide No. 5#

‫ ﺗﻨﺎﺳﺒﺎت ﺑﻴﻦ ﮔﺮوه‬TÜV NORD ‫ و‬TÜV NORD Iran

TÜV NORD Holding

Mother Company:

TÜV NORD International (TNI)

O
NORD Ü
Iran TÜV

‫ﻋﻀﻮ ﮔﺮوه‬ TÜV NORD


/ 2226Slide No. 6#
‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫‪TÜV NORD Iran‬‬

‫ﺗﺄﺳﻴﺲ از اردﻳﺒﻬﺸﺖ ‪ 1377‬ﺗﺎﻛﻨﻮن‬


‫ﺷــــﺮﻛﺖ ﻣﺸــــﺎرﻛﺘﻲ اﻳﺮاﻧــــﻲ و آﻟﻤــــﺎﻧﻲ ﺑــــﺎ ﻣﺸــــﺎرﻛﺖ ‪%49‬‬
‫‪ ،TÜV NORD‬ﺛﺒﺖ ﺷﺪه در ﺗﻬﺮان‬
‫ﺗﺄﺳﻴﺲ آﻛﺎدﻣﻲ ﺗﻮف اﻳﺮان‪ -‬آﻟﻤﺎن‬
‫‪،(TÜV‬ﺷﺮﻛﺖ ﺑﺎ ﻣﺴﺌﻮﻟﻴﺖ ﻣﺤﺪود‪،‬‬
‫)‪Ü Academy Iran-Germany‬‬
‫‪ %100‬ﻣﺘﻌﻠﻖ ﺑﻪ ‪TÜV NORD Iran‬‬

‫‪/ 2227Slide No.‬‬ ‫‪7#‬‬

‫‪TÜV NORD Iran Group‬‬


‫ﺳﺎﺧﺘﺎر ﮔﺮوه ‪TÜV NORD Iran‬‬
‫‪Organization Chart - Level 1‬‬

‫‪Certification Services‬‬
‫ﺧﺪﻣﺎت ﺻﺪور ﮔﻮاﻫﻴﻨﺎﻣﻪ‬

‫‪Industrial Services‬‬
‫ﻣﺪﻳﺮﻳﺖ‬ ‫‪TÜV Academy‬‬
‫ﺧﺪﻣﺎت ﺻﻨﻌﺘﻲ‬ ‫و‬ ‫آﻣﻮزش‬
‫ﭘﺸﺘﻴﺒﺎﻧﻲ‬

‫ﺑﺎزرﺳﻲ ﺳﺎﺧﺘﻤﺎن‬ ‫ﺑﺎزرﺳﻲ ﻓﻨﻲ‬ ‫ﭘﺮوژه ﻫﺎي‬


‫آﻣﻮزش‬
‫ﻋﻤﻠﻜﺮد‬
‫ﺮ‬ ‫ﺑﻬﺒﻮد‬
‫ﺑﻬﺒﻮ‬
‫ﻣﻬﻨﺪﺳﻲ‪ /‬ﻣﻤﻴﺰي‬ ‫ﻣﺪﻳﺮﻳﺖ‬
‫اﻧﺮژي‬ ‫ﻳﻜﭙﺎرﭼﮕﻲ داراﻳﻲ‬
‫ﻣﺪﻳﺮﻳﺖ ﭘﺮوژه ﻫﺎ‬
‫ﻣﺤﻴﻂ زﻳﺴﺖ‬
‫و ﻃﺮح ﻫﺎ‬

‫‪Status: 18.02.2013‬‬
‫‪/ 2228Slide No.‬‬ ‫‪8#‬‬
Layer of Protection Analysis (LOPA) Workshop

‫ﮔﻮاﻫﻴﻨﺎﻣﻪ‬
‫ﺧﺪﻣﺎت ﺻﺪور ﮔ ا ﺎ‬
‫ﺧ ﺎ‬
Certification Service

/ 2229Slide No. 9#

‫ﺧﺪﻣﺎت ﺻﺪور ﮔﻮاﻫﻴﻨﺎﻣﻪ‬


ISO 9001 ISO 22000
ISO 14001 HACCP
OHSAS 18001 SA 8000
EN 16001 ISO 13485
HSE- MS TÜV med
ISO/TS 16949 AS/EN 9100
ISO/TS 29001 ISO 27001
ISO 29990 ISO 39001
/ 22210Slide No. 10#
‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫آ ش‬
‫آﻣﻮزش‬
‫‪TÜV‬‬
‫‪ÜV Academy‬‬
‫‪cade y‬‬

‫‪/ 22211Slide No.‬‬ ‫‪11#‬‬

‫آﻣﻮزش‬

‫آﻣﻮزﺷﻲ ﺑﻪ‬
‫ﺑﺮﻧﺎﻣﻪرﻳﺰي و ﺑﺮﮔﺰاري ﺑﻴﺶ از ‪ 300‬ﻋﻨﻮان دوره آﻣﻮزﺷ‬
‫ﺻﻮرت ﻣﻨﻈﻢ ﺑﺎ درﻧﻈﺮﮔﻴﺮي ﻣﺤﻮرﻫﺎي ﺗﺨﺼﺼﻲ ﻣﻮرد ﻧﻴﺎز در‬
‫ﺳﺎزﻣﺎنﻫﺎي ﺻﻨﻌﺘﻲ و ﺧﺪﻣﺎﺗﻲ و اراﺋﻪ ﻣﺸﺎوره در ﺧﺼﻮص‬
‫ﺑﺮﮔﺰاري دوره ﻫﺎي ﺟﺪﻳﺪ و ارزﻳﺎﺑﻲ ﻛﻴﻔﻲ ﺳﺎزﻣﺎﻧﻬﺎ‪.‬‬

‫‪/ 22212Slide No.‬‬ ‫‪12#‬‬


‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫ﻣﺸﺎوره و اﺟﺮاي ﭘﺮوژه ﻫﺎي ﺑﻬﺒﻮد ﻋﻤﻠﻜﺮد‬


‫ﺑﺮﻧﺎﻣﻪرﻳﺰي ﺟﺎﻣﻊ ﺳﺎزﻣﺎﻧﻲ‬
‫ﻲ )‪(EFQM‬‬
‫ﻲ ﺳﺎزﻣﺎﻧﻲ‬
‫ﺗﻌﺎﻟﻲ‬
‫ﻣﺪﻳﺮﻳﺖ ‪ HSE‬و رﻳﺴﻚ‬
‫ﻣﻬﻨﺪﺳﻲ ﻋﻤﻠﻜﺮد )… ‪(5S, TPM, Benchmarking,‬‬
‫ﺧﺪﻣﺎت ﻣﺮﺗﺒﻂ ﺑﺎ آزﻣﺎﻳﺸﮕﺎهﻫﺎ )… ‪(ISO 15189, ISO 17025,‬‬
‫ﺳﻴﮕﻤﺎ ))‪((SIX SIGMA‬‬
‫ﺶ ﻴ‬‫ﺷﺶ‬
‫ﺗﻮﻟﻴﺪ ﻧﺎب‬
‫ﻣﺪﻳﺮﻳﺖ ﻣﻨﺎﺑﻊ اﻧﺴﺎﻧﻲ )… ‪(ISO 10015, ISO 29990, KM,‬‬

‫ﻣﺪﻳﺮﻳﺖ ﭘﺮوژه )‪(PMBOK‬‬


‫‪/ 22213Slide No.‬‬ ‫‪13#‬‬

‫ﺧﺪﻣﺎت ﺻﻨﻌﺘﻲ‬
‫‪Industrial Services‬‬

‫‪/ 22214Slide No.‬‬ ‫‪14#‬‬


‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫ﺧﺪﻣﺎت ﺻﻨﻌﺘﻲ‬
‫ﭘﺮوژهﻫﺎي ﺑﺎزرﺳﻲ ﻓﻨﻲ‬
‫ن‬ ‫ﻲ‬
‫ﺑﺎزرﺳﻲ ﺳﺎﺧﺘﻤﺎن‬ ‫ﭘﺮو‬
‫ﭘﺮوژ ﻫﺎي‬
‫ﻣﺪﻳﺮﻳﺖ ﻃﺮحﻫﺎ و ﭘﺮوژهﻫﺎ‬
‫ﻣﺪﻳﺮﻳﺖ ﻳﻜﭙﺎرﭼﮕﻲ داراﻳﻲ‬
‫)‪(Asset Integrity Management-AIM‬‬

‫ﻣﺤﺼﻮل )‪(Product Conformity Assessment‬‬


‫ﺎق ﺤ ل‬‫اﻧﻄﺒﺎق‬
‫ارزﻳﺎﺑﻲ اﻧﻄ‬
‫ا زﺎ‬
‫ﺑﺎزرﺳﻲ ﭘﺮوژهﻫﺎي ﻣﺮﺗﺒﻂ ﺑﺎ ‪CNG‬‬

‫ﻣﺪﻳﺮﻳﺖ ﻗﺎﺑﻠﻴﺖ اﻋﺘﻤﺎد )‪(Dependability Management‬‬

‫‪/ 22215Slide No.‬‬ ‫‪15#‬‬

‫ﺧﺪﻣﺎت ﺻﻨﻌﺘﻲ‬

‫ﺑﺎزرﺳﻲ ﻛﻴﻔﻴﺖ ﺳﺎﺧﺖ‬


‫ﺑﺎزرﺳﻲ ﻣﺮﺗﺒﻂ ﺑﺎ ﻣﻘﺎومﺳﺎزي و ﺑﻬﺴﺎزي‬
‫ارزﻳﺎﺑﻲ اﻳﻤﻨﻲ و ﺗﺤﻠﻴﻞﻫﺎي ﻓﻨﻲ ﺳﺎﺧﺘﻤﺎنﻫﺎ و ﺳﺎزهﻫﺎ‬
‫ﺑﺎزرﺳﻲ ﻛﻴﻔﻴﺖ ﺑﺮاي ﺑﻴﻤﻪ ﺳﺎﺧﺘﻤﺎن‬
‫ﻧﻈﺎرت ﻋﺎﻟﻴﻪ و ﻛﺎرﮔﺎﻫﻲ‬
‫ﭘﺮوژه ﻫﺎي ﻣﺤﻴﻂ زﻳﺴﺖ‬

‫‪/ 22216Slide No.‬‬ ‫‪16#‬‬


Layer of Protection Analysis (LOPA) Workshop

‫ﺧﺪﻣﺎت ﺻﻨﻌﺘﻲ‬

‫اﻧﺮژي‬
‫ ﻣﻬﻨﺪﺳﻲ اﻧ ژ‬/‫ ﻣﻤﻴﺰي‬/‫ﻣﺪﻳﺮﻳﺖ‬
(Energy Management/ Audit/ Engineering)

(Industrial Ecology) ‫اﻛﻮﻟﻮژي ﺻﻨﻌﺘﻲ‬

(Green Engineering) ‫ﻣﻬﻨﺪﺳﻲ ﺳﺒﺰ‬


‫ﻣﻬﻨﺪﺳ‬

/ 22217Slide No. 17#

‫ﻓﻨﺎوري اﻃﻼﻋﺎت‬
Information
T h l
Technology

/ 22218Slide No. 18#


‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫ﻓﻨﺎوري اﻃﻼﻋﺎت‬

‫ﺳﻴﺴﺘﻢﻫﺎي ﻣﺪﻳﺮﻳﺘﻲ ﺣﻮزه ﻓﻨﺎوري اﻃﻼﻋﺎت‬


‫ﺳﻴﺴﺘﻢﻫﺎي ﻓﻨﻲ ﺣﻮزه ﻓﻨﺎوري اﻃﻼﻋﺎت‬
‫ﻃﺮحرﻳﺰي ﻓﻨﺎوري اﻃﻼﻋﺎت‬
‫راه ﺣﻞﻫﺎي ﺟﺎﻣﻊ‬
‫ﻧﺮماﻓﺰار‬
‫ﺳﺨﺖاﻓﺰار‪ ،‬ﺷﺒﻜﻪ و ارﺗﺒﺎﻃﺎت‬

‫‪/ 22219Slide No.‬‬ ‫‪19#‬‬

‫ﻫﻮﻳﺖ‬
‫ﺳﺎزﻣﺎﻧﻲ‬

‫‪/ 22220Slide No.‬‬ ‫‪20#‬‬


‫‪Layer of Protection Analysis (LOPA) Workshop‬‬

‫آﺷﻨﺎﻳﻲ ﺑﺎ ﺷﺮﻛﺖ ﻛﻨﻨﺪﮔﺎن‬


‫ﻧﺎم و ﻧﺎم ﺧﺎﻧﻮادﮔﻲ‬
‫ﻣﺨﺘﺼﺮ ﺳﺎزﻣﺎن ﻣﺘﺒﻮع‬
‫ﻣﻌﺮﻓﻲ ﻣﺨﺘﺼ‬
‫ﻣﻌ ﻓ‬
‫)ﻣﺤﺼﻮﻻت‪ ،‬ﻣﺸﺘﺮﻳﺎن‪ ،‬ﻓﺮآﻳﻨﺪﻫﺎ(‬
‫ﺳﻤﺖ ﺷﻐﻠﻲ در ﺳﺎزﻣﺎن ﻣﺘﺒﻮع‬
‫ﻣﻴﺰان آﺷﻨﺎﻳﻲ ﻗﺒﻠﻲ ﺑﺎ ﻣﻮﺿﻮع دوره آﻣﻮزﺷﻲ‬
‫ﻫﺪف از ﺷﺮﻛﺖ در اﻳﻦ دوره‬

‫‪/ 22221Slide No.‬‬ ‫‪21#‬‬

‫ﻧﻜﺎت ﻻزم ﺑﺮاي اﻓﺰاﻳﺶ اﺛﺮﺑﺨﺸﻲ دوره‬

‫ﻳﻞ درر ﻛﻼس‬


‫س‬ ‫ﻣﻮﺑﺎﻳﻞ‬
‫م اﺳﺘﻔﺎده ازز ﻮﺑ‬
‫ﻋﺪم‬

‫ﻣﺸﺎرﻛﺖ ﻓﻌﺎل در ﻛﻼس و ﻛﺎرﻫﺎي ﺗﻴﻤﻲ‬

‫ﻫﻤﺮاﻫﻲ ﻛﺎﻣﻞ ﺑﺎ ﺗﻮﺟﻪ ﺑﻪ ﻣﺤﺪودﻳﺖ زﻣﺎﻧﻲ‬

‫اﺣﺘﺮام ﺑﻪ اﻓﻜﺎر و ﻋﻘﺎﻳﺪ ﺷﺮﻛﺖﻛﻨﻨﺪﮔﺎن در دوره‬

‫‪/ 22222Slide No.‬‬ ‫‪22#‬‬


Layer of Protection Analysis (LOPA) Workshop

Contents

Introduction

LOPA Concept

LOPA Process

Independent Protection Layers

LOPA results and worksheets

Complementary Issues

SIS, SIL, ESD, EDP and F&G

/ 22223Slide No. 23#

Past Oil and Gas and Processing Industry Accidents

Flixborough, 1974
Cyclohexane explosion
28 killed
Bophal, 1984
Methyl-isocyanate (MIC) release
More than 2000 killed
Pasadena, 1989
Polyethylene explosion
kill d
23 killed
Piper Alpha, 1988
Hydrocarbon explosion
167 killed

/ 22224Slide No. 24#


Layer of Protection Analysis (LOPA) Workshop

Risk Management and LOPA

Determine Risk
Review
Requirements

Identify
Hazards

Reduce
Risk
Assess
Risk
LOPA
Yes
Can the risk No Is the risk
be reduced? tolerable?

No Yes

Manage
Discontinue
Residual
Activity
Risk

/ 22225Slide No. 25#

Process Safety Management and LOPA

1. Process safety information


2. Process hazard analysis
3. Operating procedures
4.
5.
Mechanical integrity
Training
LOPA
6. Contractors
7. Safe work practices
8. Emergency plan
9. Incident investigation
10
10. M
Management off change
h
11. Pre-startup reviews
12. Audits

/ 22226Slide No. 26#


Layer of Protection Analysis (LOPA) Workshop

Process Accidents

Atmospheric
Explosion Fire
Dispersion

Spillage

/ 22227Slide No. 27#

Fire Accidents

Fire

Pool Tank Flash


Jet Fire Fire Ball
Fire Fire Fire

On Boil Over
On Water
Ground

/ 22228Slide No. 28#


Layer of Protection Analysis (LOPA) Workshop

Explosion Accidents

Explosion

BLEVE
VCE
(Boiling Liquid Physical Explosion Dust Explosion
(Vapor Cloud
Expanding Vapor
Explosion)
Explosion)
p )

/ 22229Slide No. 29#

Accident Effects

Soil & Water Pollution

Th
Thermal
l Radiation
R di ti

Toxic dose

Overpressure, missile

/ 22230Slide No. 30#


Layer of Protection Analysis (LOPA) Workshop

BLEVE
(Boiling Liquid Expanding Vapor Explosion)

P,T

Liquid boiling starts


due to temperature rise
Pressure increases P
T

missiles

Liquid level drops, wetted


surface is reduced, excess
gas is evacuated through PSV
Shell failure occurs
Sudden liquid vaporisation
Sudden vapour expansion
Ignition

/ 22231Slide No. 31#

Tank Boil-Over

/ 22232Slide No. 32#


Layer of Protection Analysis (LOPA) Workshop

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 22233Slide No. 33#

Definitions

HARM - Physical injury or damage to health, damage to the property


or/and damage to the environment

HAZARD – A source of harm to human lives

SAFETY – Freedom from danger/harm, the inverse of risk

Examples of hazard:

Ethylene inventory in storage sphere

High pressure steam

Heavy vehicle movements onsite

(Note: Loss of containment is the realization of the hazard)

/ 22234Slide No. 34#


Layer of Protection Analysis (LOPA) Workshop

Definitions

ACCIDENTS – An event resulting from the actual realisation of


a hazard, resulting in injuries and damages.

They may be due to sudden unintended deviations from normal


operating conditions, in which some degree of harm is caused.

Sometimes a neutral term “event” or “incident” is used in pplace

of “accident”

/ 22235Slide No. 35#

Definitions
RISK – The likelihood of a specific undesired event to occur
within a specified period or specified circumstances
Example:
1. Undesired Event: Car breakdown and stranded in remote area or
at night
Likelihood: Once in 5 years
Risk: Stranded in remote area/at night once in 5 years
2. Undesired Event: Gas explosion in congested processing area
j y
and injury
Likelihood: Once in 20 years
Risk: Injury from gas explosion once in 20 years

/ 22236Slide No. 36#


Layer of Protection Analysis (LOPA) Workshop

Aspects of Risk

1. Time element involved

2. Two-dimensional (Severity / Likelihood)

3. Ascribed quantity (does not exist as a measurable quantity)

4. It is a probability and hence associated with uncertainty

/ 22237Slide No. 37#

Understanding Risk
Really answering a series of questions:

What can go wrong? (Identification)

How likely is it to go wrong? (Likelihood)

How bad can it get if it does go wrong (Severity)

Do I need to worry about it?

What are my options for the Control measures?

What is my last course of action? ( quick Decision making)

Analysis of actual accidents has shown that one or more of the questions
above had not been addressed adequately by an organization.

/ 22238Slide No. 38#


Layer of Protection Analysis (LOPA) Workshop

Framework for Risk Acceptability

Unacceptable region Risk cannot be justified


Intolerable Risk save in extraordinary
circumstances

The ALARP Tolerable only if risk


demonstration DIVERGING LINES reduction is
region INDICATING impracticable
(Risk is tolerable INCREASING RISK or if its cost is grossly
only if ALARP disproportionate to the
demonstrated) improvement gained

Broadly Acceptable Necessary to maintain


region assurance that risk
(No need for detailed remains at this level. This
working to demonstrate is also part of ALARP
ALARP)
Negligible Risk

/ 22239Slide No. 39#

LOPA in the Process Life Cycle

Process Development

Maintenance Operation
LOPA

/ 22240Slide No. 40#


Layer of Protection Analysis (LOPA) Workshop

The concept of LOPA

Layer of Protection Analysis involves identifying hazardous events,


determining initiating event frequencies, establishing tolerable levels of
risk, and analyzing each independent safety layer to see if the overall
level of risk can be reached.

If the tolerable level of risk cannot be achieved, either additional safety


layers must be added, or existing layers must be strengthened

IPL1 IPL2 IPL3

/ 22241Slide No. 41#

LOPA Process

Identify the consequence to screen the scenarios

S l t an accident
Select id t scenario
i

Identify the initiating event of the scenario and determine the initiating
event frequency (events per year)

Identify the IPLs and estimate the probability of failure on demand of

each IPL.

Estimate the risk of the scenario by mathematically combining the


consequence, initiating event, and IPL data

/ 22242Slide No. 42#


Layer of Protection Analysis (LOPA) Workshop

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 22243Slide No. 43#

Identifying Candidate Scenarios

The Hazard evaluation may have already identified the initiating


t consequences andd IPLs
event, IPL for
f a given
i i but
scenario, b t enabling
bli
events and safeguards are often neglected

/ 22244Slide No. 44#


Layer of Protection Analysis (LOPA) Workshop

Hazardous Scenario Identification

Check lists

Dow Relative Ranking

HAZOP - Hazard and Operability

HAZOP
Deviations

/ 22245Slide No. 45#

What is a HAZOP study?

Systematic technique to IDENTIFY potential Hazard and


Operating problems

Involves a multi-disciplinary team methodically


“brainstorming” the plant design

A qualitative technique based on “guide-words” to help


provoke thoughts about the way deviations from the intended
operating conditions can lead to hazardous situations or
operability problems

/ 22246Slide No. 46# 1 - 46


Layer of Protection Analysis (LOPA) Workshop

Objectives of a HAZOP study


Safety Issues:

To identify scenarios that would lead to the release of hazardous or flammable material into the
atmosphere, thus exposing workers to injury

To check the safety of the design

To improve the safety of an existing and or modified facility

Operability Issues:

To decide whether and where to build

To check operating and safety procedures

To verify that safety instrumentation is working optimally

To facilitate smooth, safe prompt start-up

To minimize extensive last minute modifications

To ensure trouble-free long-term operation

“Prevention is better than control”


/ 22247Slide No. 47# 1 - 47

Process HAZOP worksheet

Node:
Deviation:

Cause Consequence Safeguards Recommendation

/ 22248Slide No. 48# 1 - 48


Layer of Protection Analysis (LOPA) Workshop

Guidewords/ Keywords

Guide-word Meaning Example


No (not, none) None of the design intent is No flow when production is
achieved expected

More (more of,


of higher) Quantitative increase in a Higher temperature than desired
parameter

Less (less of, lower) Quantitative decrease in a Lower pressure than normal
parameter

As well as (more than) An additional activity occurs Other valves closed at the same
time (logic fault or human error)

Part of Only some of the design Only part of the system is shut
intention is achieved down

Reverse Logical opposite of the design Back-flow when the system shuts
intention occurs down

Other than (Other) Complete substitution – another Liquids in the gas piping
activity takes place

/ 22249Slide No. 49# 1 - 49

Examples of process parameter

Flow Composition pH
Pressure Addition Sequence
T
Temperature S
Separation
i Si l
Signal

Mixing Time Start/stop


Stirring Phase Operate
Transfer Speed Maintain
Level Particle size Service

Viscosity Measure Communication

Reaction Control Absorb

/ 22250Slide No. 50# 1 - 50


Layer of Protection Analysis (LOPA) Workshop

Guidewords + Parameter

/ 22251Slide No. 51#

Causes of Deviations – 3 Types

Human error - which are acts of omission or commission by an operator,


designer, constructor or other person creating a hazard that could possibly result
i a release
in l off hazardous
h d fl bl material.
or flammable i l

Equipment failure - in which a mechanical, structural or operating failure


results in the release of hazardous or flammable material.

External Events - in which items outside the unit being reviewed affect the
operation of the unit to the extent that the release of hazardous or flammable
material is possible. External events include upsets on adjacent units affecting
the safe operation of the unit (or node) being studied, loss of utilities, and
exposure from weather and seismic activity.

/ 22252Slide No. 52#


Layer of Protection Analysis (LOPA) Workshop

Consequences & Safeguards

All consequences of any credible causes of a release that are identified


by tthee ggroup
oup must
ust be dete ed.
determined.

If the team concludes from the consequences that a particular cause of


a deviation results in an operability problem only, then the discussion
should end and the team should move on to the next cause, deviation or
node.

If the team determines that the cause will result in the release of
hazardous or flammable material, then safeguards should be identified.

/ 22253Slide No. 53#

Consequences & Safeguards

Safeguards should be included whenever the team determines that a


combination of cause and consequence presents a credible process
hazard.

What constitutes a safeguard can be summarized based on the


following general criteria:

1. Engineered designs and written procedures.

2. Detection, warning and shutting down

3. Emergency Management

/ 22254Slide No. 54#


Layer of Protection Analysis (LOPA) Workshop

HAZOP to LOPA

Scenario
Deviation

Cause Consequence Safeguards Recommendation

Initiating Events Consequence IPLs

/ 22255Slide No. 55#

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 22256Slide No. 56#


Layer of Protection Analysis (LOPA) Workshop

Initiating Events

External
E t l events
t

Equipment failures

Human failures

/ 22257Slide No. 57#

Initiating Cause

Process Deviation

Initiating causes
– Equipment failures
instrumentation
pumps
compressors
– human errors
– loss of mechanical integrity
Initiating cause frequency

/ 22258Slide No. 58#


Layer of Protection Analysis (LOPA) Workshop

Initiating Events
Initiating Event Frequency (per year)
BPCS loop failure 0.1
Single instrument loop failure 0.1
Control valve fail to fail-safe position 0.1
Control valve fail to non-fail-safe position 0.01

Failure of rotating equipment such as pumps, fan, compressor, etc 0.1

Strainer/filter plugging 0.1

Mechanical Regulator Valve (PCV) for Clean/Severe service 0.01/0.1

Loss of fuel supply 0.1


Loss of water supply 0. 1
TPD (Third Party Intervention) 0.01
External fire 0.01

Human error (Routine task, once/day or more 0.01/oppportunity

Human error (Routine task, once/month) 0.01/oppurtunity

Human error (Non-routine task, low stress) 0.01/oppurtunity

Human error (Non-routine task, high stress) 0.1/oppurtunity

Gasket or packing blowout 0.01

/ 22259Slide No. 59#

Failure Rate Reference

Guidelines for Chemical Process Quantitative Risk Analysis


(CCPS 1989a)
(CCPS, 1989 ) andd the
th Second
S d Edition
Editi (CCPS,
(CCPS 2000a)
2000 )

Guidelines for Process Equipment Reliability Data (CCPS, 1989b)

IEEE (1984), EuReData (1989)

OREDA (1989, 1992, 1997)

Company experience

Vendor data

/ 22260Slide No. 60#


Layer of Protection Analysis (LOPA) Workshop

Enabling Events/Conditions

Consist of operations or conditions that do not directly cause the


scenario,
i but
b t which
hi h mustt be
b presentt or active
ti ini order
d for
f the
th
scenario to proceed.

Present of spark

Present of personnel

Present of fatality

/ 22261Slide No. 61#

Scenario Path

IPL operates
Undesired
Initiating Event Consequence prevented

Enablingg Events Undesired


Consequence Occurs
IPL fails

Time
/ 22262Slide No. 62#
Layer of Protection Analysis (LOPA) Workshop

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 22263Slide No. 63#

Consequences

The potential consequences in absence of protection safeguards

Three sections including safety, environmental and assets


consequences

Release of the hazardous material, the dispersion of the hazardous


material, physical effects from fires, explosions and toxic releases;
and the losses from the impact of physical effects

Category Approach without/With Direct Reference to Human


Harm

/ 22264Slide No. 64#


Layer of Protection Analysis (LOPA) Workshop

Consequences endpoint

/ 22265Slide No. 65#

Consequence Evaluation Approaches

Release size/characterization

Simplified injury/fatality estimates

Simplified injury/fatality estimates with adjustments

Detailed injury/fatality estimates

/ 22266Slide No. 66#


Layer of Protection Analysis (LOPA) Workshop

Consequences Categories

Parameters Description

Safety SA Small release of flammable or toxic material

SB Large release of flammable or toxic material

SC Large release of flammable or toxic material also a high


probability
p y of
catching fire or highly toxic material
SD Rupture or explosion

/ 22267Slide No. 67#

Consequences Categories
Environment EA A release with minor damage that is not very severe but is large
enough to be reported to plant management

EB Release
R l within
ithi the
th fence
f with
ith significant
i ifi t damage
d

EC Release outside the fence with major damage which can be cleaned
up quickly without significant lasting consequences

ED Release outside the fence with major damage which cannot be


cleaned up quickly or with lasting consequences

Asset AA Less than $100,000


AB Between $0.1m and $ 1m
AC Between $1m and $ 10m
AD More than $10m

/ 22268Slide No. 68#


Layer of Protection Analysis (LOPA) Workshop

Consequences Categories

/ 22269Slide No. 69#

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 22270Slide No. 70#


Layer of Protection Analysis (LOPA) Workshop

Unmitigated Risk

Incident Frequency = Initiating Cause Frequency

Consequence = Scenario Consequence

Initiating Consequence
Event

Unmitigated Risk

IS IT TOLERABLE?
/ 22271Slide No. 71#

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 22272Slide No. 72#


Layer of Protection Analysis (LOPA) Workshop

Identify IPL’s – General Model

/ 22273Slide No. 73#

Identify IPL’s – IEC Model

COMMUNITY EMERGENCY RESPONSE

PLANT EMERGENCY RESPONSE

MITIGATION
Mechanical Mitigation Systems
Fire and Gas Systems

PREVENTION
Safety Critical Process Alarms
Safety Instrumented Systems

Basic Process Control Systems


Non-safety Process alarms
Operator Supervision

Process Design

/ 22274Slide No. 74#


Layer of Protection Analysis (LOPA) Workshop

Mitigated Risk – Reduce Frequency Only

IPL1 IPL2 IPL3

Mitigated Risk =
Unmitigated Risk = reduced frequency * same
frequency * consequence consequence
PFD1 PFD2 PFD3

Key:
Thickness of arrow represents frequency of Impact frequency
the consequence if later IPLs are not Event
successful

/ 22275Slide No. 75#

Mitigated Risk – Reduce Frequency and Consequence

IPL1 IPL2 CMS1

Mitigated Risk =
Mitigated Risk = reduced frequency *
Unmitigated Risk = reduced frequency * same reduced consequence
frequency * consequence PFD1 PFD2 consequence PFDN

K
Key:
Thickness of arrow represents frequency of Impact frequency
the consequence if later IPLs are not Event
successful

/ 22276Slide No. 76#


Layer of Protection Analysis (LOPA) Workshop

Independent Protection Layers (IPL)

Protection layers that perform their function with a high degree of


reliability
li bilit may qualify
lif as Independent
I d d t Protection
P t ti Layers
L (IPL)

IPL's are devices, systems, or actions that are capable of


preventing a scenario from developing into an undesired
consequence and all these layers are independent from one another
so that
th t any failure
f il off the
th layer
l will
ill nott affect
ff t the
th functioning
f ti i off the
th

other layers.

/ 22277Slide No. 77#

IPLs Rules

Effective in preventing the consequence when it functions as


d i d
designed

The PFD for an IPL is the probability that, when demanded, it will
not perform the required task.

Independent of the initiating event and the components of any


other IPL already claimed for the same scenario,

Auditable: the assumed effectiveness in terms of consequence


prevention and PFD must be capable of validation in some manner

/ 22278Slide No. 78#


Layer of Protection Analysis (LOPA) Workshop

IPLs Rules

The effectiveness of an IPL in reducing the frequency of a


consequence is
i quantified
tifi d using
i itits PFD
PFD.

The lower the value of the PFD for an IPL the greater the
confidence that it will operate correctly and interrupt a chain of

events.

/ 22279Slide No. 79#

PFD for IPLs


Protection Layer PFD (per demand)*

Basic Process Control System (BPCS), if not associated with the


0.1
initiating event being considered
Active Layer of Prootection

Operator response to alarm with sufficient time available to respond 01


0.1
Pressure relief valve 0.01
Rupture Disk 0.01
Vacuum breaker 0.01
Overflow line 0.1
Flame arrestor 0.01
Identical redundant equipment 0.1
Diverse redundant equipment 0.1 to 0.01
Passive Layer Of Prootection

Dike or Bund 0.01


F&G System 0.1
Ch i l sewer system
Chemical t 0 01
0.01
Open vent (not including valve) 0.01
Open vent (including valve) 0.1
Flame arrestor 0.01
Blast wall/bunker 0.001
Fire proofing 0.01
Fire fighting system 0.1

/ 22280Slide No. 80#


Layer of Protection Analysis (LOPA) Workshop

Process Design

The design of the process plant has significant consequences on


how
h ththe plant
l t performs.
f Productivity,
P d ti it Quality,
Q lit Safety
S f t andd
Environmental issues should be considered as important as each
other.

Example: maximum pressure for a particular scenario, batch size


might
i ht be
b limited,
li it d inventory
i t lowered,
l d chemistry
h i t modified,
difi d etc.
t

Iinherently safer design

/ 22281Slide No. 81#

Process Design- Requirements

Materials

Erection / Installation

Maintenance

Replacements

Improvements

Inspection and checking

/ 22282Slide No. 82#


Layer of Protection Analysis (LOPA) Workshop

Basic Process Control Systems

Normal manual controls.

The first level of protection during normal operation.

The failure of the BPCS can be an initiating event.

The control equipment installed to perform the normal regulatory


functions for the process (e.g., PID control and sequential control)

/ 22283Slide No. 83#

Type of BPCS

Continuous control action

State controllers (logic solver or alarm trip units)

State controllers (logic solver or control relays)

/ 22284Slide No. 84#


Layer of Protection Analysis (LOPA) Workshop

Limitation on BPCS

Little redundancy in the components,

Limited built-in testing capability

Limited security against unauthorized changes to the internal


program logic

Human error can significantly degrade the anticipated

performance of BPCS systems if security is not adequate.

/ 22285Slide No. 85#

The pressure will


change quickly and
affect safety; it must
be controlled.

The level is
unstable; it must
be controlled.

F1

/ 22286Slide No. 86#


Layer of Protection Analysis (LOPA) Workshop

Critical Alarms and Human Intervention

Second level of protection during normal operation

Activated by the BPCS

/ 22287Slide No. 87#

Critical Alarms and Human Intervention

Alarm has an anunciator and visual indication

- No action is automated!

- require analysis by a person - A plant operator must decide.

Digital computer stores a record of recent alarms

Alarms should catch sensor failures

/ 22288Slide No. 88# 88


Layer of Protection Analysis (LOPA) Workshop

The pressure affects


PAH
safety, add a high
alarm

A low
ow level
eve could
cou d
damage the pump;
a high level could
allow liquid in the
vapor line.
F1

LAH
LAL
Too much light key
could result in a large AAH
economic loss

/ 22289Slide No. 89#

Safety Instrumented Systems

A SIF is a combination of sensors, logic solver, and final elements


ith a specified
with ifi d safety
f t integrity
i t it level
l l that
th t detects
d t t an out-of-limit
t f li it
(abnormal) condition and brings the process to a functionally safe
state.

A SIF is functionally independent of the BPCS.

/ 22290Slide No. 90#


Layer of Protection Analysis (LOPA) Workshop

Standards for Safety Instrumented Systems

ISA, Instrumentation Systems and Automation Society

IEC, International Electrotechnical Commission

/ 22291Slide No. 91#

Basic Instrumentation

Sensors

Logic Solvers

Final Elements

/ 22292Slide No. 92#


Layer of Protection Analysis (LOPA) Workshop

Safety Instrumented Systems

Safety-related system - IEC 61508

Automatic risk reduction systems

safety interlocks, safety critical alarms

/ 22293Slide No. 93#

Safety Instrumented Systems

SIFs that are functionally independent from the BPCS

A safety system logic solver

Extensive use of redundant components and signal paths

Use of voting architectures

Use of self-diagnostics to detect and communicate sensor, logic


solver, and final control element faults

/ 22294Slide No. 94#


Layer of Protection Analysis (LOPA) Workshop

Safety Instrumented Systems

Automatically taking an industrial process to a safe state when


specified
ifi d conditions
diti are violated
i l t d

Permit a process to move forward in a safe manner when specified


conditions allow (permissive functions)

Taking action to mitigate the consequences of an industrial hazard.

/ 22295Slide No. 95#

Safety Instrumented Systems

Shutdown functions

Permissive functions

Consequence reduction (mitigation) functions

/ 22296Slide No. 96#


Layer of Protection Analysis (LOPA) Workshop

SIS Example

How do we
steam automate this SIS
PC when PC is adjusting
the valve?
LC

water

fuel

/ 22297Slide No. 97#

SIS Example

LS = level switch, note that separate sensor is used

s
= solenoid valve ((open/closed)
p ) FC = fail closed

steam 15 psig
PC

LC LS s s

water

fuel

FC FC

Extra valve with tight shutoff

/ 22298Slide No. 98#


Layer of Protection Analysis (LOPA) Workshop

Effect of Redundancy

False Failure on
shutdown demand
T100
1 out of 1 s
must indicate
failure

Better performance, 5 x 10-3 5 x 10-3


more expensive

T100 s

T101 2 out of 3
T102 must indicate
Same variable,
failure 2.5 x 10-6 2.5 x 10-6
multiple sensors!

/ 22299Slide No. 99#

BPCS versus SIS

Active, or dynamic.

Failures in control systems are inherently self-revealing.

Flexible enough to allow frequent changes

/ 222100Slide No. 100#


Layer of Protection Analysis (LOPA) Workshop

BPCS versus SIS

Dormant, or passive

Operate for extended periods of time doing virtually nothing

Many failures in these systems may not be selfrevealing

Access control (The Need for Restricting Changes)

Extensive diagnostics (because not all failures are self-

revealing)

/ 222101Slide No. 101#

Common Cause failure

A single stressor or failure that impacts multiple items or portions


off a system.
t

If control and safety functions are performed in the same system,

there will always be potential for common cause faults.

/ 222102Slide No. 102#


Layer of Protection Analysis (LOPA) Workshop

PFD of SIFs

The number and type of sensors, logic solvers, and final control
elements.
l t

The time interval between periodic functional tests of system

components.

/ 222103Slide No. 103#

Physical Protection

These devices, when appropriately sized, designed and


maintained, are IPLs which can provide a high degree of
protection against overpressure in clean services.

Effectiveness can be impaired in fouling or corrosive services,


if block valves are installed under the relief valves, or if the
inspection and maintenance activities are of poor quality.

/ 222104Slide No. 104#


Layer of Protection Analysis (LOPA) Workshop

Postrelease Protection

Passive devices which provide a high level of protection if


designed
d i d andd maintained
i t i d correctly.
tl

Passive fire protection such as firewall, fireproofing, etc.

Active fire protection such as automatic deluge systems, foam

systems, or gas detection systems, etc.

/ 222105Slide No. 105#

Fire Protection Systems

Active fire protection systems such as –

Water sprinkler

Drench systems

Spray systems (Foam, Water, Chemicals)

Inert Gas Systems (Enclosed Vessels/Spaces)

/ 222106Slide No. 106#


Layer of Protection Analysis (LOPA) Workshop

Fire Protection Systems

Passive fire protection can provide an effective alternative to


active
ti systems
t for
f protecting
t ti against
i t vessell failure.
f il

Fire Resistant Coating on Steels Surfaces

Fire Walls

/ 222107Slide No. 107#

Plant Emergency Response

Fire brigade, manual deluge systems, facility evacuation, etc.

/ 222108Slide No. 108#


Layer of Protection Analysis (LOPA) Workshop

Examples of Safeguards Not Usually Considered IPLs

Training and Certification

Procedures

Normal Testing and Inspection

Maintenance

Communication

Signs

Fire Protection

/ 222109Slide No. 109#

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 222110Slide No. 110#


Layer of Protection Analysis (LOPA) Workshop

Conditional Modifiers

Probability of ignition

Probability of personnel in affected area

Probability of fatal injury

/ 222111Slide No. 111#

Intermediate Event Frequency

Frequency of occurrence of the end–consequence with the


i ti / l d protection
existing/planned t ti layer
l i place
in l

Multiplying the initiating event frequency by the PFD of


protection layers and mitigation layers

/ 222112Slide No. 112#


Layer of Protection Analysis (LOPA) Workshop

Intermediate Event Frequency

/ 222113Slide No. 113#

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 222114Slide No. 114#


Layer of Protection Analysis (LOPA) Workshop

Risk of Outcome of Interest

Fatality per year

Number of fatality per year

Dollars of economic loss per month

/ 222115Slide No. 115#

Tolerable Frequency Criteria

Risk acceptance criteria are referred to Tolerable Frequency for


eachh identified
id tifi d hazards
h d

Tolerable frequency could be derived from risk matrix.

/ 222116Slide No. 116#


Layer of Protection Analysis (LOPA) Workshop

Tolerable Frequency
10-1
M M H H H

10-2
L M M H H
Probability of Occurrences

10-3
L L M M H

10-4
L L L M M

10-5
L L L M M

1 2 3 4 5
Severity of Consequences

Risk Ranking Description

L (Low) Acceptable Level of Risk

M (Medium) ALARP Region

H (High) Risk not Acceptable

/ 222117Slide No. 117#

Tolerable Frequency

Severity Category (S) Tolerable Frequency (TF)

1- Very Low 10-2

2- Low 10-3
3 Medium
3- 10-4
4- High 10-5
5- Very High 10-5

/ 222118Slide No. 118#


Layer of Protection Analysis (LOPA) Workshop

LOPA Worksheets

/ 222119Slide No. 119#

Introduction Overall Description Requirements

Define Scenario Initiating Events Consequences

Unmitigated Intermediate
Frequency IPLs Frequency

Tolerable Mitigated
Frequency Additional IPLs Frequency

/ 222120Slide No. 120#


Layer of Protection Analysis (LOPA) Workshop

Required SIL Calculation

X= IEF/TF

If X
X>= 1 So another protection layer required

If X=1 another protection layer with RRF 10 Required

If 1<X<=10 another protection layer with RRF 10 Required

If 10<X<=100 another protection layer with RRF 100 Required

Iff 100<X<=1000 another


h protection
i layer
l with
i h RRF 1000
Required

If X< 1 So No Special Safety Requirement

/ 222121Slide No. 121#

Complementary Issues

Safety Instrument System

SIL Allocation

Emergency Shutdown and Depressurizing Systems

Fire & Gas Systems

/ 222122Slide No. 122#


Layer of Protection Analysis (LOPA) Workshop

Safety Instrumented Systems

Automatically taking an industrial process to a safe state when


specified
ifi d conditions
diti are violated
i l t d

Permit a process to move forward in a safe manner when specified


conditions allow (permissive functions)

Taking action to mitigate the consequences of an industrial hazard.

/ 222123Slide No. 123#

PFD of SIFs

The number and type of sensors, logic solvers, and final control
l t
elements.

The time interval between periodic functional tests of system

components.

/ 222124Slide No. 124#


Layer of Protection Analysis (LOPA) Workshop

Risk and Safety Integrity

Risk is a measure of the frequency and consequence of a specified


hazardous
h d eventt occurring
i

Safety integrity is a measure of the likelihood that the SIF and


other protection layers will achieve the specified safety functions

/ 222125Slide No. 125#

Risk Reduction

/ 222126Slide No. 126#


Layer of Protection Analysis (LOPA) Workshop

Risk Reduction-IEC 61511 Part 3

/ 222127Slide No. 127#

Safety Integrity

Safety function with a specified safety integrity

Level which is necessary to achieve functional safety

Specific hazardous event

/ 222128Slide No. 128#


Layer of Protection Analysis (LOPA) Workshop

SIL Definition

Four safety integrity levels (1 to 4 level)

Demand mode of operation: Average probability of failure to


perform its designed function on demand

Continuous mode of Operation: Frequency of a dangerous failure


per hour

/ 222129Slide No. 129#

Safety Integrity Level (SIL)

/ 222130Slide No. 130#


Layer of Protection Analysis (LOPA) Workshop

SIL Allocation Team

Multi-disciplinary team to determine a safety instrumented


function SIL.

Operator with experience operating the process under


consideration

Process Engineer

Process control Engineer

Instrument/electrical maintenance

Risk analysis specialist.

/ 222131Slide No. 131#

Defining the SIFs

/ 222132Slide No. 132#


Layer of Protection Analysis (LOPA) Workshop

SIL Study Approaches

Safety Layer Matrix

Risk Graph

Layer of Protection Analysis (LOPA)

/ 222133Slide No. 133#

Safety Integrity Level (SIL) Allocation

The greater the level of process risk, the better the safety system
d d to
needed t control
t l it.
it

A measure of safety system performance

/ 222134Slide No. 134#


Layer of Protection Analysis (LOPA) Workshop

Overall SIL Allocation Procedure

Determine Method

Determine Initiator and SIF

Determine Hazardous Scenario Related to SIF

Analysis Risk and decide the amount of required Risk Reduction


value with respect to acceptable risk

Determine SIL level for SIF based on Required Risk Reduction

/ 222135Slide No. 135#

Failure Mode of Sensors

Fail output high

Fail output low

Fail output frozen

Fail output drifting

Failure of diagnostic

/ 222136Slide No. 136#


Layer of Protection Analysis (LOPA) Workshop

SIS Elements- Logic Solvers

Relays/Pneumatic Logic

Solid State logic

Programmable Logic Controllers

Safety Programmable Logic Controller

/ 222137Slide No. 137#

SIS Elements – Final Elements

Shutdown valves

Control valves

Relays on pumps, compressors, turbines, electrical equipment etc.

/ 222138Slide No. 138#


Layer of Protection Analysis (LOPA) Workshop

Final Elements- Remote Actuated Valve

/ 222139Slide No. 139#

Failure modes of Valves

Fail to open

Fail to close

Failure to stop

/ 222140Slide No. 140#


Layer of Protection Analysis (LOPA) Workshop

Actuator Types

Hydraulic Piston or Diaphragm

Pneumatic Piston or Diaphragm

Electrical

/ 222141Slide No. 141#

Emergency Shutdown Systems (ESD)

A safety shutdown system contains different levels

A number of levels of shutdown from Process Unit Shutdown at


the lowest level through to Process Train Shutdown, Total
Production Shutdown and Complex Abandonment at the highest

The shutdown systems are independent of any control system and


physical protection

/ 222142Slide No. 142#


Layer of Protection Analysis (LOPA) Workshop

Main purposes of ESD

To limit the loss of containment

To protect personnel

To execute automatically a set of remedial actions, upon manual


or automatic triggering,

To prevent ignition by elimination of potential sources of ignition

To reduce flammable or toxic inventory by depressurisation

through the EDP system, when appropriate.

/ 222143Slide No. 143#

ESD Levels –TOTAL GS 261

All installations within a single restricted area (level-0) = ESD-0

A given fire zone within the installation (level-1) = ESD-1

A given unit within a given fire zone (level-2) = SD-2

An individual equipment or package within a given unit (level-3)


= SD-3

/ 222144Slide No. 144#


Layer of Protection Analysis (LOPA) Workshop

ESD typical levels – Offshore Platforms

Level 4 : Process Unit Shutdown

Level 3 : Process Train Shutdown

Level 2: Total Production Shutdown (without EDP)

Level 1: Total Production Shutdown (with EDP)

Level 0: Abandon Complex

/ 222145Slide No. 145#

ESD typical levels – Onshore plants

Level 4 : Process Unit Shutdown

Level 3 : Process Train Shutdown

Level 2: Total Production Shutdown (without EDP)

Level 1: Total Production Shutdown (with EDP)

/ 222146Slide No. 146#


Layer of Protection Analysis (LOPA) Workshop

Emergency De-Pressurisation (EDP)

Upon confirmed fire and/or gas detection, for mitigation of


consequences

both isolated and exposed to fire simultaneously

/ 222147Slide No. 147#

Fire & Gas System

A safety system continuously monitors for abnormal situations


suchh as a fire,
fi or combustible
b tibl or toxic
t i gas release
l ithi the
within th plant.
l t

Provides early warning and mitigation actions to prevent


escalation of the incident and protect the process or environment.

Mitigation safety layer reduce the consequences of a hazardous

event after it has occurred.

/ 222148Slide No. 148#


Layer of Protection Analysis (LOPA) Workshop

Typical industries requiring F&G System

/ 222149Slide No. 149#

F&G System

/ 222150Slide No. 150#


Layer of Protection Analysis (LOPA) Workshop

F&G System

/ 222151Slide No. 151#

F&G Display

/ 222152Slide No. 152#


Layer of Protection Analysis (LOPA) Workshop

Flammable Gas Detector

Hydrogen Detectors

Infra Red Gas Detectors (IRGD)

Catalytic Gas Detectors (CGD)

/ 222153Slide No. 153#

Toxic Gas Detectors

Fixed toxic gas detectors

Portable individual toxic gas detectors

General

In Open Area

/ 222154Slide No. 154#


Layer of Protection Analysis (LOPA) Workshop

Fire Detectors

UV/IR detectors

Rate-of-Rise heat detectors

/ 222155Slide No. 155#

Fire Detector – Fusible Plugs

Fire detection on equipment to be deluged

Fire detection on a storage tank that to be protected with water


ring or foam ring

Networks of tubing carrying fusible plug heads; the loop is


pressurized with instrument air or nitrogen

/ 222156Slide No. 156#


Layer of Protection Analysis (LOPA) Workshop

Combined Smoke/Heat Detector

Storage rooms

Laboratory

Chemical stores

Workshops

/ 222157Slide No. 157#

Optical Smoke Detectors

Corridors and hallways

HVAC rooms

/ 222158Slide No. 158#


Layer of Protection Analysis (LOPA) Workshop

Layer of Protection Analysis (LOPA)


Workshop

/ 222159Slide No. 159#

You might also like