Presentation on theme: "1.6 Layers of Protection in Process Plant"— Presentation transcript:
1 1.6 Layers of Protection in Process Plant Dr. AA
2 Layers of Protection for High Reliability Strength in ReserveBPCS - Basic process controlAlarms - draw attentionSIS - Safety interlock system to stop/start equipmentRelief - Prevent excessive pressureContainment - Prevent materials from reaching, workers, community or environmentEmergency Response - evacuation, fire fighting, health care, etc.ALARMSSISRELIEFCONTAINMENTEMERGENCY RESPONSEBPCSAUTOMIN
3 Key Concept in process Safety: REDUNDANCY Seriousness of eventFour independent protection layers (IPL)In automation
4 Objectives of Process Control 1. Safety2. Environmental Protection3. Equipment Protection4. Smooth Operation &Production Rate5. Product Quality6. Profit7. Monitoring & DiagnosisWe are emphasizing these topics
5 Basic Process Control System (BPCS) First line of defenseProcess control maintains variables at set points, which are fixed at some desired valuesTechnology - Multiple PIDs, cascade, feedforward, etc.GuidelinesAlways control unstable variables (Examples in flash?)Always control “quick” safety related variablesStable variables that tend to change quickly (Examples?)Monitor variables that change very slowlyCorrosion, erosion, build up of materialsProvide safe response to critical instrumentation failures- But, we use instrumentation in the BPCS?
7 The level is unstable; it must be controlled. The pressure will change quickly and affect safety; it must be controlled.The level is unstable; it must be controlled.F1
8 2. Alarm System Alarm has an anunciator and visual indication - No action is automated!- require analysis by a person - A plant operator must decide.Digital computer stores a record of recent alarmsAlarms should catch sensor failures- But, sensors are used to measure variables for alarm checking?
9 2. Alarm System Common error is to design too many alarms - Easy to include; simple (perhaps, incorrect) fix to prevent repeat of safety incident- One plant had 17 alarms/h - operator acted on only 8%Establish and observe clear priority ranking- HIGH = Hazard to people or equip., action required- MEDIUM = Loss of RM, close monitoring required- LOW = investigate when time available
10 Where could we use alarm in the Flash Process ?
11 The pressure affects safety, add a high alarm PAH A low level could damage the pump; a high level could allow liquid in the vapor line.The pressure affects safety, add a high alarmF1PAHLAHLALToo much light key could result in a large economic lossAAH
12 3. Safety Interlock System Automatic action usually stops part of plant operation to achieve safe conditions- Can divert flow to containment or disposal- Can stop potentially hazardous process, e.g., combustionCapacity of the alternative process must be for “worst case”SIS prevents “unusual” situations- We must be able to start up and shut down- Very fast “blips” might not be significant
13 3. Safety Interlock System Also called emergency shutdown system (ESS)SIS should respond properly to instrumentation failures- But, instrumentation is required for SIS?Extreme corrective action is required and automated- More aggressive than process control (BPCS)Alarm to operator when an SIS takes action
14 3. Safety Interlock System The automation strategy is usually simple, for example,If L123 < L123min; then, reduce fuel to zeroHow do weautomate this SISwhen PC is adjustingthe valve?steamPCLCwaterfuel
15 LS = level switch, note that separate sensor is used If L123 < L123min; then, reduce fuel to zeroLS = level switch, note that separate sensor is useds= solenoid valve (open/closed)fc = fail closedsteam15 psigPCLCLSsswaterfuelfcfcExtra valve with tight shutoff
16 3. Interlock SystemThe automation strategy may involve several variables, any one of which could activate the SISIf L123 < L123min; orIf T105 > T105max…….then, reduce fuel to zeroShown as “box”in drawing withdetails elsewhereL123T105…..SIS100s
17 3. Safety Interlock System The SIS saves us from hazards, but can shutdown the plant for false reasons, e.g., instrument failure.FalseshutdownFailure on demand1 out of 1must indicatefailureT100s5 x 10-35 x 10-3Better performance,more expensiveT100T101T102Same variable,multiple sensors!2 out of 3must indicatefailures2.5 x 10-62.5 x 10-6
18 3. Safety Interlock System We desire independent protection layers, without common-cause failures - Separate systemsSIS and Alarms associated with SISBPCS and AlarmsDigital control systemSIS system………….………….i/oi/oi/oi/osensorssensors
19 KEY CONCEPT IN PROCESS SAFETY - REDUNDANCY! What do we do if a major incident occurs that causesloss of power or communicationa computer failure (hardware or software)These layers require electrical power, computing, communication, etc.Could these all fail due to a common fault?
20 4. Safety Relief SystemEntirely self-contained, no external power requiredThe action is automatic - does not require a personUsually, goal is to achieve reasonable pressure- Prevent high (over-) pressure- Prevent low (under-) pressureThe capacity should be for the “worst case” scenario
21 RELIEF SYSTEMS IN PROCESS PLANTS Increase in pressure can lead to rupture of vessel or pipe and release of toxic or flammable material- Also, we must protect against unexpected vacuum!Naturally, best to prevent the pressure increase- large disturbances, equipment failure, human error, power failure, ...Relief systems provide an exit path for fluidBenefits: safety, environmental protection, equipment protection, reduced insurance, compliance with governmental code
22 Location of Relief System Identify potential for damage due to high (or low) pressure (HAZOP Study)In general, closed volume with ANY potential for pressure increase- may have exit path that should not be closed but could be- hand valve, control valve (even fail open), blockage of lineRemember, this is the last resort, when all other safety systems have not been adequate and a fast response is required!
23 Standard Relief Method: Valves BASIC PRINCIPLE: No external power required -self actuating - pressure of process provides needed force!VALVES - close when pressure returns to acceptable value- Relief Valve - liquid systems- Safety Valve - gas and vapor systems including steam- Safety Relief Valve - liquid and/or vapor systemsPressure of protectedsystem can exceedthe set pressure.
24 Standard Relief Method: Rupture Disk BASIC PRINCIPLE: No external power required -self actingRUPTURE DISKS OR BURST DIAPHRAGMS - must be replaced after opening.
25 Relief Valves Conventional Balanced Two types of designs determine influence of pressure immediately after the valve- Conventional Valve -pressure after the valve affects the valve lift and opening- Balanced Valve - pressure after the valve does not affect the valve lift and openingConventionalBalanced
26 Some Information about Relief Valves ADVANTAGES- simple, low cost and many commercial designs available- regain normal process operation rapidly because the valve closes when pressure decreases below set valueDISADVANTAGES- can leak after once being open (O-ring reduces)- not for very high pressures (20,000 psi)- if oversized, can lead to damage and failure (do not be too conservative; the very large valve is not the safest!)
27 Rupture Disk/Burst Diaphragm ADVANTAGES- no leakage until the burst- rapid release of potentially large volumes- high pressure applications- corrosion leads to failure, which is safe- materials can be slurries, viscous, and stickyDISADVANTAGES- must shutdown the process to replace- greater loss of material through relief- poorer accuracy of relief pressure the valve
28 Symbols used in P&I D Spring-loaded safety relief valve Process To effluent handlingProcessRupture discProcessTo effluent handling
30 Add Relief to the Following System The drum can be isolated with the control valves; pressure relief is required.We would like to recover without shutdown; we select a relief valve.F1
31 Add Relief to the Following System Positive displacement pump
32 Add Relief to the Following System The positive displacement pump will be damaged if the flow is stopped; we need to provide relief.We would like to recover without shutdown; we select a relief valve.Positive displacement pump
33 Add Relief to the Following System Why are allthose valvesin the process?
34 Add Relief to the Following System The extra “hand”`valves enable us to isolate and remove the heat exchanger without stopping the process.The shell side of the heat exchanger can be isolated; we need to provide relief.We would like to recover without shutdown; we select a relief valve.
35 In some cases, relief and diaphragm are used in series – WHY? What is the advantage of two in series?Why not have two relief valves (diaphragms) in series?Why is the pressure indicator provided?Is it local or remotely displayed? Why?
36 In some cases, relief and diaphragm are used in series – WHY? Why is the pressure indicator provided?If the pressure increases, the disk has a leak and should be replaced.Is it local or remotely displayed? Why?The display is local to reduce cost, because we do not have to respond immediately to a failed disk - the situation is not hazardous.What is the advantage of two in series?The disc protects the valve from corrosive or sticky material. The valve closes when the pressure returns below the set value.
37 Vents required to control or direct vapour/dust explosion effect Structurevent closedexplosion
38 Materials from relief must be process or dispose safely To environment Vent steam, airHolding for later processing Waste water treatingFromreliefRecycle to process Fuel gas, fuel oil, solventRecover part to processImmediate neutralization Flare, toxic materials
39 5. Containment Use to moderate the impact of spill or an escape ExampleBund containment for storage tanksLocation of relief valves and ventsdiversion to temporary storage /drain system (following breakage of rupture disk)Safety management in containment areas.Containment building (if applicable)
40 6. Emergency Response Management Also used to moderate impact on incidentsAll plants should ERP (emergency response plan)Assembly, head-counts, evacuation etc…
41 Summary Inherent design starts at project conceptualization ALARMSSISRELIEFCONTAINMENTEMERGENCY RESPONSEBPCSInherent design starts at project conceptualizationThree main strategySubstitutionIntensificationAttenuationSix Layers of Protection