Presentation on theme: "Overview of Control System Design"— Presentation transcript:
1Overview of Control System Design Safety. It is imperative that industrial plants operate safely so as to promote the well-being of people and equipment within the plant and in the nearby communities. Thus, plant safety is always the most important control objective and is the subject of Chapter 10.Environmental Regulations. Industrial plants must comply with environmental regulations concerning the discharge of gases, liquids, and solids beyond the plant boundaries.Product Specifications and Production Rate. In order to be profitable, a plant must make products that meet specifications concerning product quality and production rate.Chapter 10
2Economic Plant Operation Economic Plant Operation. It is an economic reality that the plant operation over long periods of time must be profitable. Thus, the control objectives must be consistent with the economic objectives.Stable Plant Operation. The control system should facilitate smooth, stable plant operation without excessive oscillation in key process variables. Thus, it is desirable to have smooth, rapid set-point changes and rapid recovery from plant disturbances such as changes in feed composition.Chapter 10
3Operator’s View of Process Control This is Joe Sixpack, an operator in the control room. In a typical refinery, he may be looking at tags of real-time measurements such as pressure, temp, flow, controller/valve settings, set points and so on every minute.That’s a lot of information for him to process. But fortunately most of the time the processes are well-behaved and not much is going on.But when processes do misbehave, what does he see…?A Day in the Life of aPlant Operator
4Operator’s View of Process Control Pump A pumping oil has tripped - Cause UnknownYou switch to Pump B. That also trips - Cause UnknownSoon hundreds of alarms are going off – Cause(s) UnknownWith in minutes you have an explosion and a fire. Two people are killed and a few hurt at this point.It is 10:00 in the night.The plant manager is in Aberdeen, Scotland, and not available.You are on top of an off-shore oil platform in the middle of the North Sea.Did I make up this scenario? Can this really happen? Did this really happen? Unfortunately, it can and it did.This is the sequence of events that led to the Piper Alpha Disaster in the North Sea in July About 167 people were killed in this accident.When this happens, you don’t see Laplace Transforms, Transfer functions, or stability theorems. They are useless at this point.This is the “Dark Side” of control, the “Dirty Side” of control, the side that does not yield to clean and elegant mathematical approaches.You need another perspective here. The causal perspective. This complements the math perspective of control. Now, how do you design computer systems that can assist operators under such scenarios? This is the concept of intelligent control systems, systems that can perform cause-and-effect reasoning. What are the various issues and challenges in developing and maintaining such systems? This talk is an overview of these issues, challenges and future directions. This is the problem I have been interested in for the past 18 years.You are the Shift Supervisor:What do you do?
5Process Safety is a Major Concern: The BIG Ones Piper Alpha Disaster, Occidental Petroleum Scotland, 1988Off-shore oil platform explosion164 people killed$2 Billion in lossesUnion Carbide, Bhopal, India, 1984MIC release into atmosphere,000 people killed100,000 injured$ Billion in lossesIf I were to ask you to guess when did major chemical plant accidents occur given two choices:(a) way back in the past, about years agowhen plants were not automated or(b) more recently, about 10-15years agoyou are likely to choose (a).Why? Because your rationale would be, way back in the past we did not have all these great sophisticated control systems, DCS, MPC, plant-wide integrated control etc. So, it is likely that in those dark ages when plants were manually controlled we probably had the biggest disasters.Reasonable logic but you would be wrong. The biggest disasters, in terms of people affected and dollars lost, have occurred in recent times despite all the progress in control systems.Why? I will answer that in the next few minutes.
6AEM: Abnormal Event Management $20B+ impact on U.S. economy; $10B impact on petrochemical companiesPetrochemical companies have rated AEM their #1 problemModern plants are more difficult to control, diagnose and manageComplex configurations, very large scaleRunning process at its limit reduces margin for errorPlant-wide integration makes reasoning difficultAdvanced control puts process in states which operators have difficulty managing in the event of an upsetFewer experienced operating personnel due to downsizingLack of adequate training of operatorsHere are some of the main reasons why modern plants are more difficult to operate.30-50 years ago 100,000 barrels/day was a large refinery. Now, in India and elsewhere, they have close to ½-1 million barrels/day refineries (Reliance, Pathala Ganga).
8T2 Laboratories Accident BeforeAfterAt 1:33pm, 19 December 2007 a powerful explosion at T2 Laboratories in Jacksonville, Florida killed 4 employees, injured 32 (4 employees and 28 members of the public) and destroyed the facility.A runaway exothermic reaction in the production of methylcyclopentadienyl manganese tricarbonyl (MCMT) (fuel octane booster) due to cooling loss led to the explosion equivalent to 1400 pounds of TNT.
10Schematic of Reactor CAUSES OF ACCIDENT T2 did not recognize runaway reaction hazard with the MCMTit was producing despite earlierindications.2 . Cooling system was susceptibleto single-point failures due tolack of design redundancy.3. MCMT reactor relief system wasincapable of relieving the pressurefrom the runaway reaction.10
11Runaway Reactions Metalation Reaction Reaction of Sodium and Diglyme Solvent+ Na?New Test CellBurst Test Cell11
12Operating regimes for exothermic chemical reactors.
13Modeling Needs Why Simulate the Reactor? Determine cooling requirements2 . Determine conditions that leadto runaway conditions, such asincreasing batch size, change incooling water temperature, etc.(so-called parametric sensitivity)3. Size the pressure relief valveand bursting disk pressure4. Develop a training tool13
14Elements for Model Unsteady Material Balance 2 . Unsteady Energy Balance3. Reaction Rates includingtemperature dependence(must come from the lab)4. Simulation of the modelequations14
15Chapter 10 Multiple Protection Layers In modern plants, process safety relies on the principle of multiple protection layers; see Figure 10.1.Each layer of protection consists of a grouping of equipment and/or human actions, shown in the order of activation.Chapter 10
16Figure 10.1. Typical layers of protection in a modern chemical plant (CCPS 1993). Chapter 10
17Basic process control system (BPCS) is augmented with two levels of alarms and operator supervision or intervention.An alarm indicates that a measurement has exceeded its specified limits and may require operator action.Safety interlock system (SIS) is also referred to as a safety instrumented system or as an emergency shutdown (ESD) system.The SIS automatically takes corrective action when the process and BPCS layers are unable to handle an emergency, e.g., the SIS could automatically turn off the reactant pumps after a high temperature alarm occurs for a chemical reactor.Rupture discs and relief valves provide physical protection by venting a gas or vapor if over-pressurization occurs (also flares for combustibles).Chapter 10
19Chlorine VaporizerProvides chlorine vapor to a reactor that converts alkane (C12H26) to C12H25Cl, which in turn is alkylated with benzene ring.When reactor is shut down, the vaporizer undergoes a pressure surge that trips a relief valve/rupture disk (undesirable behavior). Why does it occur(modeling application)?The chlorine gas passes through the relief system and is transferred to beds of clamshells in water, which neutralizes the Cl2 to CaCl2.Analyze the P & ID and the valve failure conditions for shutdown.
21Typical Complaints from Operators Inadequate precision of temporal information (e.g., lack of true alarm order).Excessive nuisance alarmsInadequate anticipation of process disturbances.lack of real-time, root-cause analysis (symptom-based alarming).Lack of distinctions between instrument failures and true process deviations.Lack of adequate tools to measure, track, and access past records of abnormal situations.4
22Chapter 10 Types of Alarms Type 1 Alarm: Equipment status alarm. Pump is on or off, or motor is running or stopped.Type 2 Alarm: Abnormal measurement alarm. Measurement is outside of specified limits.Type 3 Alarm: An alarm switch without its own sensor. When it is not necessary to know the actual value of the process variable, only whether it is above (or below) a specified limit.Chapter 10Type 4 Alarm: An alarm switch with its own sensor. This serves as a backup in case the regular sensor fails.Type 5 Alarm: Automatic Shutdown or Startup System.
23Fig. 10.4 Two interlock configurations. Chapter 10
24Chapter 10 Safety Interlock (Instrumented) System (SIS) The SIS in Figure 10.1 serves as an emergency back-up system for the BPCS.The SIS automatically starts when a critical process variable exceeds specified alarm limits that define the allowable operating region (starting or stopping a pump or shutting down a process unit).Only used as a last resort to prevent injury to people or equipment.SIS must function independently of the BPCS; (e.g., due to a malfunction or power failure in BPCS). Thus, the SIS should be physically separated from the BPCS and have its own sensors and actuators.Chapter 10
26Chapter 10 A Final Thought… As Rinard (1990) has poignantly noted, “The regulatory control system affects the size of your paycheck; the safety control system affects whether or not you will be around to collect it.”Chapter 10