Safety Automation 2003 2

8/13/2019 Safety Automation 2003 2

1/25

1

ALL PROCESSES MUST HAVE SAFETYTHROUGH AUTOMATION

SAFETY MUST ACCOUNT FOR FAILURES OFEQUIPMENT ( INCLUDING CONTROL ) & PERSONNEL

MULTIPLE FAILURES MUST BE COVERED

RESPONSES SHOULD BE LIMITED, TRY TOMAINTAIN PRODUCTION, IF POSSIBLE

AUTOMATION SYSTEMS CONTRIBUTE TOSAFE OPERATION

(if they are designed and maintained properly!)


2/25

2

LETS CONSIDER A FLASH DRUM

Is this process safe and ready to operate?

Is the design compete?

F1

hint


3/25

3

Four Layers in the Safety Hierarchy

Methods and equipment required at all fourlayers

Process examples for every layer

Workshop

Whats in this topic?

SAFETY THROUGH AUTOMATION


4/25

4

ALARMS

SIS

RELIEF

CONTAINMENT

EMERGENCY RESPONSE

BPCS

Strength in Reserve BPCS - Basic process control

Alarms - draw attention

SIS - Safety interlock system

to stop/start equipment Relief - Prevent excessive

pressure

Containment - Preventmaterials from reaching,workers, community orenvironment

Emergency Response -evacuation, fire fighting,health care, etc.

SAFETY INVOLVES MANY LAYERS TO PROVIDEHIGH RELIABILITY

Co

ntrol


5/25

5

SAFETY STRENGTH IN DEPTH !

PROCESS

RELIEF SYSTEM

SAFETY INTERLOCKSYSTEM

ALARM SYSTEM

BASIC PROCESSCONTROL SYSTEM

Closed-loop control to maintain processwithin acceptable operating region

Bring unusual situation to attentionof a person in the plant

Stop the operation of part of process

Divert material safely

KEY CONCEPT IN PROCESS SAFETY -REDUNDANCY!

Seriousnessof event

Fourindependentprotectionlayers (IPL)


6/25

6

CATEGORIES OF PROCESS CONTROLOBJECTIVES

1. Safety2. Environmental Protection3. Equipment Protection 4. Smooth Operation &

Production Rate5. Product Quality6. Profit7. Monitoring & Diagnosis

We are emphasizing these topics

Since people are involved, this isalso important

Control systems are designed to achieve well-definedobjectives, grouped into seven categories.


7/25

7

1. BASIC PROCESS CONTROL SYSTEM (BPCS)

Technology - Multiple PIDs, cascade, feedforward, etc.

Always control unstable variables (Examples in flash?)

Always control quick safety related variables- Stable variables that tend to change quickly (Examples?)

Monitor variables that change very slowly

- Corrosion, erosion, build up of materials Provide safe response to critical instrumentation failures

- But, we use instrumentation in the BPCS?


8/25

8


Where could we use BPCS in the flash process?

F1


9/25

9

The level is unstable;it must be controlled.

The pressure willchange quickly andaffect safety; it must becontrolled.

F1


10/25

10


How would we protect against an error in the temperaturesensor (reading too low) causing a dangerously high reactortemperature?

TC

Coldfeed

Highly exothermic reaction.We better be sure that

temperature stays withinallowed range!


11/25

11

How would we protect against an error in the temperaturesensor (reading too low) causing a dangerously high reactortemperature?

Use multiple sensors and select most conservative!

T1

Cold

feed

T2

TYTC

Measured value

to PID controller

Controller

output

>

TY>

Selects thelargest of allinputs


12/25

12

2. ALARMS THAT REQUIRE ANALYSIS BYA PERSON

Alarm has an annunciator and visual indication

- No action is automated !

- A plant operator must decide.

Digital computer stores a record of recent alarms

Alarms should catch sensor failures

- But, sensors are used to measure variables for alarmchecking?


13/25

13

2. ALARMS THAT REQUIRE ANALYSIS BY APERSON

Common error is to design too many alarms

- Easy to include; simple (perhaps, incorrect) fix toprevent repeat of safety incident

- One plant had 17 alarms/h - operator acted on only 8%

Establish and observe clear priority ranking

- HIGH = Hazard to people or equip., action required

- MEDIUM = Loss of $$, close monitoring required

- LOW = investigate when time available


14/25

14

2. ALARMS THAT REQUIRE ANALYSIS BY A

PERSON

F1

Where couldwe use alarms

in the flash process?


15/25

15

A low level coulddamage the pump; ahigh level could allowliquid in the vaporline.

The pressure affectssafety, add a high alarm

F1

PAH

LAHLAL

Too much light keycould result in a largeeconomic loss AAH


16/25

16

3. SAFETY INTERLOCK SYSTEM (SIS)

Automatic action usually stops part of plant operation toachieve safe conditions

- Can divert flow to containment or disposal

- Can stop potentially hazardous process, e.g.,combustion

Capacity of the alternative process must be for worstcase

SIS prevents unusual situations

- We must be able to start up and shut down- Very fast blips might not be significant


17/25

17


Also called emergency shutdown system (ESS)

SIS should respond properly to instrumentation failures

- But, instrumentation is required for SIS? Extreme corrective action is required and automated

- More aggressive than process control (BPCS)

Alarm to operator when an SIS takes action


18/25

18


The automation strategy is usually simple, for example,

If L123 < L123 min ; then, reduce fuel to zero

steam

water

LC

PC

fuel

How do weautomate this SISwhen PC is adjusting

the valve?


19/25

19

If L123 < L123 min ; then, reduce fuel to zero

steam

water

LC

PC

fuel

LS s s

fc fc

15 psig

LS = level switch, note that separate sensor is used

s = solenoid valve (open/closed) fc = fail closed

Extra valve with tight shutoff


20/25

20


The automation strategy may involve several variables,any one of which could activate the SIS

If L123 < L123 min ; orIf T105 > T105 max . then, reduce fuel to zero

SIS100

L123T105..

s

Shown as box in drawing withdetails elsewhere


21/25

21


The SIS saves us from hazards, but can shutdown theplant for false reasons, e.g., instrument failure.

1 out of 1must indicate

failure

T100s

2 out of 3must indicate

failure

T100T101T102

Same variable,multiple sensors!

s

Falseshutdown

Failureondemand

5 x 10 -3 5 x 10 -3

2.5 x 10 -6 2.5 x 10 -6

Betterperformance,more expensive


22/25

22


We desire independent protection layers , withoutcommon-cause failures - Separate systems

sensors

SIS system

i/o i/o.

sensors

Digital control system

i/o i/o.

BPCS and Alarms SIS and Alarmsassociated with SIS


23/25

23

SAFETY STRENGTH IN DEPTH !

PROCESS

RELIEF SYSTEM

SAFETY INTERLOCKSYSTEM

ALARM SYSTEM

BASIC PROCESSCONTROL SYSTEM Closed-loop control to maintain processwithin acceptable operating region

Bring unusual situation to attentionof a person in the plant

Stop the operation of part of process

Divert material safely

These layers requireelectrical power,computing,communication, etc.

KEY CONCEPT IN PROCESS SAFETY -REDUNDANCY!

What do we do if a major incident occurs that causes

loss of power or communication a computer failure (hardware or software)


24/25

24

4. SAFETY RELIEF SYSTEM

Entirely self-contained, no external power required

The action is automatic - does not require a person

Usually, goal is to achieve reasonable pressure- Prevent high (over-) pressure- Prevent low (under-) pressure

The capacity should be for the worst case scenario


25/25

25

4. SAFETY RELIEF SYSTEM

Two general classes of devices

- Self-Closing : design provides forclosing of flow path when the system

pressure returns within its acceptablerange; operation can resume

Example: Spring safety valve

- Non-self-closing : Remains open.Typically, the process must beshutdown and the device replaced

Example: Burst diaphragm

Documents

Safety Automation 2003 2