Safety Instrumented Systems in Regulator Station Design. SIL Verification of Standard Design Alan Burt

Similar documents
High Integrity Pressure Protection Systems HIPPS

Implementing IEC Standards for Safety Instrumented Systems

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No.

Every things under control High-Integrity Pressure Protection System (HIPPS)

innova-ve entrepreneurial global 1

EMERGENCY SHUT-DOWN RELIABILITY ADVANTAGE

This manual provides necessary requirements for meeting the IEC or IEC functional safety standards.

Solenoid Valves used in Safety Instrumented Systems

SIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6

Valve Communication Solutions. Safety instrumented systems

Safety manual for Fisher GX Control Valve and Actuator

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

DeZURIK. KSV Knife Gate Valve. Safety Manual

Achieving Compliance in Hardware Fault Tolerance

Instrumented Safety Systems

RESILIENT SEATED BUTTERFLY VALVES FUNCTIONAL SAFETY MANUAL

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

Ultima. X Series Gas Monitor

Section 1: Multiple Choice

DeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System (HIPPS) to IEC 61511

DeZURIK. KGC Cast Knife Gate Valve. Safety Manual

Partial Stroke Testing for SRD991 and SRD960

SPR - Pneumatic Spool Valve

TRI LOK SAFETY MANUAL TRI LOK TRIPLE OFFSET BUTTERFLY VALVE. The High Performance Company

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

Solenoid Valves For Gas Service FP02G & FP05G

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis

YT-3300 / 3301 / 3302 / 3303 / 3350 / 3400 /

Neles ValvGuard VG9000H Rev 2.0. Safety Manual

Hydraulic (Subsea) Shuttle Valves

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

Neles trunnion mounted ball valve Series D Rev. 2. Safety Manual

A large Layer of Protection Analysis for a Gas terminal scenarios/ cause consequence pairs

Partial Stroke Testing. A.F.M. Prins

New Thinking in Control Reliability

PREDICTING HEALTH OF FINAL CONTROL ELEMENT OF SAFETY INSTRUMENTED SYSTEM BY DIGITAL VALVE CONTROLLER

Session One: A Practical Approach to Managing Safety Critical Equipment and Systems in Process Plants

The Key Variables Needed for PFDavg Calculation

EXPERIMENT 1 AIR PRESSURE CONTROL SYSTEM

Failure Modes, Effects and Diagnostic Analysis

Industrial Compressor Controls Standard Custom

High performance disc valves Series Type BA, BK, BW, BM, BN, BO, BE, BH Rev Safety Manual

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511

The IEC61508 Operators' hymn sheet

Bespoke Hydraulic Manifold Assembly

Safety Manual VEGAVIB series 60

VALIDATE LOPA ASSUMPTIONS WITH DATA FROM YOUR OWN PROCESS

Jamesbury Pneumatic Rack and Pinion Actuator

Section 1: Multiple Choice Explained EXAMPLE

Safety Manual OPTISWITCH series relay (DPDT)

SIL Safety Manual for Fisherr ED, ES, ET, EZ, HP, or HPA Valves with 657 / 667 Actuator

A Complete Solution For HIPPS

Fuel Gas Pressure Control Solutions for Fired Heaters and Boilers

Safety Manual VEGAVIB series 60

Understanding safety life cycles

IE011: Process Control & Instrumentation Technology

Failure Modes, Effects and Diagnostic Analysis

Rosemount 2130 Level Switch

SPECIAL PRINT. Innovative Control Technology. Safety in the Process Industry. SAMSON AG Manuel Hinkelmann Marcel Richter Monika Schneider

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

Knowledge, Certification, Networking

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems

SIL Allocation. - Deterministic vs. risk-based approach - Layer Of Protection Analysis (LOPA) overview

FUEL GAS FIRING CONTROL RJ (Dick) Perry Safety Systems Consultant 6 June 2016

Commissioning and safety manual

4-sight Consulting. IEC case study.doc

Understanding the How, Why, and What of a Safety Integrity Level (SIL)

Functional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards

IE039: Practical Process Instrumentation & Automatic Control

COMPARING PLUG & SEAT REGULATORS & CONTROL VALVES. Lamar Jones. Equipment Controls Company 4555 South Berkeley Lake Road Norcross, GA 30071

The Risk of LOPA and SIL Classification in the process industry

Reliability Assessment of the Whistler Propane Vaporizers

CHANGE HISTORY DISTRIBUTION LIST

HIPPS Development Project

Failure Modes, Effects and Diagnostic Analysis

Proposed Abstract for the 2011 Texas A&M Instrumentation Symposium for the Process Industries

The IEC61508 Inspection and QA Engineer s hymn sheet

Mass Flow Controller (MFC) for Gases

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

IE068: Process Instrumentation Technology

Case study. Rotating Equipment Engineer Qatargas Operating Company. Sr. Rotating Equipment Engineer

UNDERSTANDING SAFETY INTEGRITY LEVEL

Series 3730 and Series 3731 EXPERTplus Valve Diagnostics with Partial Stroke Test (PST)

EDUCATION DEPARTMENT ACCU-TEST

Failure Modes, Effects and Diagnostic Analysis

CONTROL SOLUTIONS DESIGNED TO FIT RIGHT IN. Energy Control Technologies

BUBBLER CONTROL SYSTEM

GAS FUEL VALVE FORM AGV5 OM 8-03

YT-300 / 305 / 310 / 315 / 320 / 325 Series

Deltaflux Control Valve

Advanced LOPA Topics

Continuous Gas Analysis. ULTRAMAT 6, OXYMAT 6 Safety Manual. Introduction 1. General description of functional safety 2

IGEM/SR/15 Edition 5 Communication 1746 Integrity of safety-related systems in the gas industry

Service & Support. Questions and Answers about the Proof Test Interval. Proof Test According to IEC FAQ August Answers for industry.

Impact on People. A minor injury with no permanent health damage

Accelerometer mod. TA18-S. SIL Safety Report

The Future of Hydraulic Control in Water-Systems

Transcription:

Safety Instrumented Systems in Regulator Station Design SIL Verification of Standard Design Alan Burt

Presentation Overview Safety standards Victorian gas transmission network Melbourne supply History of Dandenong City Gate and design issues Project concept and objectives AS2885 requirements for pipeline pressure control Safety targets and standardised components (SIL) Achieving both safety and high availability Layers of Protection Analysis of alternate designs Conclusions APA Group Presentation 2

Definitions BLP Brooklyn Lara Pipeline City Gate gas pressure regulating facility feeding a city LOPA Layer Of Protection Analysis MAOP Maximum Allowable Operating Pressure PES Programmable Electronic Systems PLC Programmable Logic Controller PSV Pressure Safety Valve RTU Remote Terminal Unit SIF Safety Instrumented Function SIL Safety Integrity Level SSV Slamshut valve TMR PLC Triple Mode Redundant PLC APA Group Presentation 3

Acknowledgement and Disclaimer The author wishes to acknowledge the technical information provided by Invensys Premier Consulting Services in their report SIL Assignment and Verification Report prepared for GasNet for the Brooklyn Lara City Gate. The concepts provided herein should not be taken to be endorsement of specific products or design implementation for pressure reduction stations. Designers should assess their specific designs to ensure safety critical and functional control meets the owner s and technical regulators requirements. APA Group Presentation 4

Victorian Natural Gas System APA Group Presentation 5

Safety Standards AS/NZS 61508 AS 61508.1-1999 Functional safety of electrical/electronic/programmable electronic safety-related systems General requirements AS 61508.2-2001 Functional safety of electrical/electronic/programmable electronic safety-related systems Requirements for electrical/electronic/programmable electronic safety-related systems AS 61508.3-1999 Functional safety of electrical/electronic/programmable electronic safety-related systems Software requirements AS 61508.4-1999 Functional safety of electrical/electronic/programmable electronic safety-related systems Definition and abbreviations AS 61508.5-1999 Functional safety of electrical/electronic/programmable electronic safety-related systems Examples of methods for the determination of safety integrity levels AS 61508.6-2001 Functional safety of electrical/electronic/programmable electronic safety-related systems Guidelines on the application of AS 61508.2 and AS 61508.3 AS 61508.7-2001 Functional safety of electrical/electronic/programmable electronic safety-related systems Overview of techniques and measures APA Group Presentation 6

Safety Standards - AS/NZS 61511, AS 3814 AS IEC 61511.1 Functional safety - Safety instrumented systems for the process industry sector - Framework, definitions, systems, hardware and software requirements AS IEC 61511.2 Functional safety - Safety instrumented systems for the process industry sector - Guidelines for the application of AS IEC 61511-1 AS IEC 61511.3 Functional safety - Safety instrumented systems for the process industry sector - Guidance for the determination of the required safety integrity levels AS 3814-2005 Appliances Industrial and Commercial Gas Fired APA Group Presentation 7

Safety Instrumented Systems Safety systems have been used for many years in process industries to perform safety instrumented functions. If instrumentation is to be effectively used for safety, it is essential that this instrumentation achieve certain minimum standards and performance levels. AS NZS 61508 addresses Safety Instrumented Systems for all types of industrial applications. A Safety Instrumented System includes all components and subsystems necessary to carry out the safety instrumented function from sensor(s) to final element(s). IEC61511 addresses Safety Instrumented Systems applicable the Process Industries only. AS NZS 61511 applies to Safety Instrumented Systems for the Process Industry that is based on electrical / electronic / programmable electronic technology. Where other technologies are used for logic solvers, the basic principles of this standard should be applied. This standard also addresses the Safety Instrumented System s sensors and final elements regardless of the applied technology. IEC61508 and IEC61511 were recognized by the Australian Standards in the year 2000 APA Group Presentation 8

AS/NZS 2885.1 AS NZS 2885 does NOT currently call up AS NZS 61508 nor AS NZS 61511. However, specific levels of control for pressure reduction stations are mandated in AS/NZS 2885.1 clauses 7.2.1 and 7.2.3 Safety systems are now commonly used in the gas industry for safety functions in compressor stations, LNG facilities and processing plant, as well as certain Type B appliances: AS/NZS 3814 requires compliance to AS/NZS 61508 and 61511 for Type B fuel-fired appliances controlled by programmable electronic systems. This applies to the following appliances Gas turbine engines (eg Solar Saturns, Centaurs, Taurus, Mars) Standby generators Waterbath heaters For gas pipeline operators, assessment of compliance to engineering principles in AS/NZS 3814, as with other aspects of design for the gas pipeline control, is managed under the Pipeline Safety Case APA Group Presentation 9

Large multi-run pressure reduction stations Overpressure protection of pipelines at pressure reduction stations using pressure relief valves may not be acceptable due to offsite hazards. Functional requirements for large multi-run pressure reduction stations in Victoria are becoming more demanding due to 4-hourly gas market demands, including frequent remote pressure setpoint control, stop/start operation and interaction with gas compressors Increased pipeline operating pressure, leading to higher pressure drops and potential low temperatures due to Joule-Thompson cooling APA Group Presentation 10

Multi-run stations Major Victorian multi-run stations (planned capacity) Dandenong City Gate (7 runs) Wollert City Gate (4 runs) Brooklyn Corio Pipeline (BCP) City Gate (5 runs) Brooklyn Lara Pipeline (BLP) City Gate (5 runs) Lara SWP City Gate (5 runs) Wollert and Brooklyn projects are currently under construction Design is complete for Dandenong and Lara projects APA Group Presentation 11

APA Group Presentation 12

APA Group Presentation 13

APA Group Presentation 14

APA Group Presentation 15

APA Group Presentation 16

Future Brooklyn Ballan Pipeline (BBP CG) (currently Brooklyn PL) Brooklyn Lara Pipeline (BLP CG) Brooklyn Corio Pipeline (BCP CG) (previously BCG) APA Group Presentation 17

APA Group Presentation 18

Dandenong City Gate Commissioned in 1969 Initially 2 regulator runs, each with active and monitor regulators and station PSVs Growth led to current 7 regulator runs RTU to monitor and control pressure PSVs replaced with electrical relay over-pressure trip of run inlet valves circa 1979 (ie PSHH trips the station) PSVs removed due to proximity of flare Slamshut controller replaced with separate RTU circa 1985 Approximately 65% of Melbourne s daily gas flows through the station (about 80% annually). The station operates continuously. APA Group Presentation 19

Design Issues Regulators fail-open design Inlet valves fail-last design Common mode failure concern Undetected regulator failure Operator should not have to open/close runs to avoid overpressure Additional heater differential pressure losses affect capacity Control algorithms different at other sites AS2885.1 requires max MAOP tolerance 1% Flow imbalance between runs may lead to noise, erosion and filter failure APA Group Presentation 20

Design Concept Maintain multi-run station concept (ie retain headers) Single active regulator, fail-closed Upstream slamshut valve (SSV), fail-closed Standardised control algorithm Standardised test program (routine run safety verification tests) Remote outlet pressure setpoint control Provide improved operator interface (HMI) for maintenance APA Group Presentation 21

Project Objectives Meet safety objectives per AS61511 Minimise capital expense Pressure control per AS2885.1:2007 High station availability 99.99% Retain contract station differential pressure and peak flowrate design basis Maintainability using common sub-components APA Group Presentation 22

AS2885.1:2007 Clause 7.2.1 Pipeline Pressure Control The following requirements shall be implemented in design and operation of the pipeline pressure control. MAOP under steady state conditions For pipelines intended to be operated at a set point equal to MAOP, the control system shall control the maximum pressure within a tolerance of 1%. Pressure control and a second pressure limiting system are mandatory. The second (pressure limiting) system may be a second pressure control or an overpressure shut-off system or pressure relief. Pressure control system performance Pressure control and overpressure protection systems and their components shall have performance characteristics and properties necessary for their reliable and adequate operation during the design life of the pipeline. APA Group Presentation 23

AS2885.1:2007 Clause 7.2.3 Pipeline Facility Control Most facilities are remote from their point of operation and generally designed for unattended operation. Each facility shall be designed with a local control system to manage the safe operation of the facility. The local control system shall. (a) Continue to operate in the event of a communications failure; (b) If electric powered, be provided with an uninterruptible power supply with sufficient capacity to ensure continuous operation through a reasonable power outage; (c) Use reliable technology; (d) Be designed to fail in a safe manner; and (e) Be designed with appropriate security. Each facility may also be configured to enable remote monitoring or control of the facility. APA Group Presentation 24

SIL Assignment and Verification Analyse SIF overpressure downstream pipeline Determine SIL achieved using current design with the existing RTUs and regulators Determine SIL achievable using proposed design with single FC regulator, SSV and TMR PLC Identify required maintenance regime Select current BLP project as test case Use standard GasNet panels Use BLP regulator PID design APA Group Presentation 25

Control Schematic for Regulator APA Group Presentation 26

PID for Regulator Run APA Group Presentation 27

Active Regulator APA Group Presentation 28

Regulator characteristics Fail closed valve Electronic and pneumatic positioner (fails to pneumatic on loss of PES) Common station backup pneumatic controller (balances load across runs) Diagnostic inputs include closed limit switch and position feedback Level 1 fault - valve detected faulty (eg sticky) with persistent control position discrepancy. Run inlet valve closes. Level 2 fault high outlet pressure and control valve not fully closed. Run inlet valve closes. Level 3 fault high outlet pressure. Close all run inlet valves. Level 4 fault high high outlet pressure. Inlet valve closes under pneumatic control. APA Group Presentation 29

Fault Tree Models Pressure Control Electronic Pressure Control SIF-10 Fisher DVC6000 (4-20mA) Positioner Bristol Control Wave (Defined by AS61508) FPCY-62154 6.571E-4 RTU 4.257E-2 2 3 GATE-6-12 GATE-6-13 GATE-6-14 GATE-6-15 Impulse Line - Clean Service Generic Pressure Transmitter Impulse Line - Clean Service Generic Pressure Transmitter Impulse Line - Clean Service Generic Pressure Transmitter 1.095E-3 2.625E-3 1.095E-3 2.625E-3 1.095E-3 2.625E-3 IMPULSE-LINE-(CLEAN)-PTA PT-62755A IMPULSE-LINE-(CLEAN)-PTB PT-62755B IMPULSE-LINE-(CLEAN)-PTC PT-62755C SIF-10 - Electronic Pressure Control APA 2007/02/21 Group Presentation Page 6 30

Fault Tree Model TMR Based Control Site Wide Pressure Control (Tricon) RF-24A Triconex Tricon TRICON 3.520E-7 2 3 GATE-32-0 GATE-27-1 GATE-27-2 GATE-27-3 Impulse Line - Clean Service Generic Pressure Transmitter Impulse Line - Clean Service Generic Pressure Transmitter Impulse Line - Clean Service Generic Pressure Transmitter 2.500E-7 9.500E-7 2.500E-7 9.500E-7 2.500E-7 9.500E-7 IMPULSE-LINE-(R)-PTA PT-62755A(R) IMPULSE-LINE-(R)-PTB PT-62755B(R) IMPULSE-LINE-(R)-PTC PT-62755C(R) RF-24A - Site Wide Pressure Control (Tricon) APA 2007/02/20 Group Presentation Page 33 31

Slamshut valve APA Group Presentation 32

Slamshut valve characteristics Fail closed valve Independent pneumatic high high and low low pressure trip will close the valve Electronic open (option) and close control: Open is conditional on outlet pressure Close on PSHH or manual command from DCS or HMI Auto/Manual control on slamshut panel. Alarm active while in manual. APA Group Presentation 33

Standard Panel for Slamshut APA Group Presentation 34

Fault Tree Slamshut system Slam Shut RF-28 Fisher 4660 Pressure Switch Pneumatic (OREDA 84) (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way 5.700E-6 2.095E-6 2.095E-6 PSH-62151 PYH-62151A PYH-62151B GATE-37-0 Trunnion Ball UV-62151 9.800E-7 Bettis CB Series Valve Actuator (Exida) UZ-62151 1.630E-6 RF-28 - Slam Shut APA 2007/02/21 Group Presentation Page 37 35

Pneumatic (OREDA 84) PSH-62151 5.700E-6 PYH-62151A 2.095E-6 GATE-31-10 PYH-62151B 2.095E-6 UV-62151 9.800E-7 GATE-31-28 GATE-31-0 GATE-31-5 (Exida) UZ-62151 1.630E-6 FPCY-62154(R) Pressure Reducing FPCV-62154A(R) 9.150E-7 1.981E-5 GATE-31-29 GATE-31-11 Site Wide Pressure Control 32 RF-24 2.500E-7 IMPULSE-LINE-(CLEAN)-PCA GATE-31-27 (Foxboro Data) PC-62154 5.620E-7 GATE-31-30 GATE-31-31 Pneumatic (OREDA 84) PSH-62251 5.700E-6 Burkert 6014 / exida) 2.390E-7 UY-62154-(FAIL-ON) PYH-62251A 2.095E-6 Pneumatic Relay (US DOE) 2.000E-5 UY-62154A-(FAIL-ON) GATE-31-12 PYH-62251B 2.095E-6 UV-62251 9.800E-7 GATE-31-26 GATE-31-1 GATE-31-6 (Exida) UZ-62251 2.500E-7 IMPULSE-LINE-(CLEAN)-PCB 1.630E-6 (Foxboro Data) PC-62254 Pressure Reducing FPCV-62254A(R) 5.620E-7 1.981E-5 GATE-31-32 GATE-31-33 GATE-31-13 Burkert 6014 / exida) GATE-31-25 2.390E-7 UY-62254-(FAIL-ON) FPCY-62254(R) 9.150E-7 GATE-31-34 Pneumatic Relay (US DOE) 2.000E-5 UY-62254A-(FAIL-ON) Pneumatic (OREDA 84) PSH-62351 5.700E-6 Site Wide Pressure Control 32 RF-24 PYH-62351A 2.095E-6 GATE-31-14 PYH-62351B 2.095E-6 UV-62351 9.800E-7 GATE-31-24 Valve) Tot al Failures RF-26 GATE-31-2 GATE-31-7 (Exida) UZ-62351 2.500E-7 IMPULSE-LINE-(CLEAN)-PCC 1.630E-6 (Foxboro Data) PC-62354 Pressure Reducing FPCV-62354A(R) 5.620E-7 1.981E-5 GATE-31-35 GATE-31-36 GATE-31-15 Burkert 6014 / exida) GATE-31-23 2.390E-7 UY-62354-(FAIL-ON) FPCY-62354(R) 9.150E-7 GATE-31-37 Pneumatic Relay (US DOE) 2.000E-5 UY-62354A-(FAIL-ON) Pneumatic (OREDA 84) PSH-62451 5.700E-6 Site Wide Pressure Control 32 RF-24 PYH-62451A 2.095E-6 GATE-31-16 PYH-62451B 2.095E-6 UV-62451 9.800E-7 GATE-31-39 GATE-31-3 GATE-31-8 (Exida) UZ-62451 2.500E-7 IMPULSE-LINE-(CLEAN)-PCD 1.630E-6 (Foxboro Data) PC-62454 Pressure Reducing FPCV-62454A(R) 5.620E-7 1.981E-5 GATE-31-38 GATE-31-40 GATE-31-17 Burkert 6014 / exida) GATE-31-22 2.390E-7 UY-62454-(FAIL-ON) FPCY-62454(R) 9.150E-7 GATE-31-41 Pneumatic Relay (US DOE) 2.000E-5 UY-62454A-(FAIL-ON) Pneumatic (OREDA 84) PSH-62551 5.700E-6 Site Wide Pressure Control 32 RF-24 PYH-62551A 2.095E-6 GATE-31-18 PYH-62551B 2.095E-6 UV-62551 9.800E-7 GATE-31-21 GATE-31-4 GATE-31-9 (Exida) UZ-62551 2.500E-7 IMPULSE-LINE-(CLEAN)-PCE 1.630E-6 (Foxboro Data) PC-62554 Pressure Reducing FPCV-62554A(R) 5.620E-7 1.981E-5 GATE-31-42 GATE-31-43 GATE-31-19 Burkert 6014 / exida) GATE-31-20 2.390E-7 UY-62554-(FAIL-ON) FPCY-62554(R) 9.150E-7 GATE-31-44 Pneumatic Relay (US DOE) 2.000E-5 UY-62554A-(FAIL-ON) Site Wide Pressure Control 32 RF-24 Fault Tree Model RTU Whole System Site Wide Train Controls (Single Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Trunnion Ball Bettis CB Series Valve Actuator Trunnion Ball Bettis CB Series Valve Actuator Trunnion Ball Bettis CB Series Valve Act uat or Trunnion Ball Bettis CB Series Valve Act uat or Trunnion Ball Bettis CB Series Valve Act uat or Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert RF-26 - Site Wide Train Controls (Single Valve) Total Failures 2007/02/20 Page 31 APA Group Presentation 36

Pneumatic (OREDA 84) PSH-62151 5.700E-6 PYH-62151A 2.095E-6 GATE-31-10 PYH-62151B 2.095E-6 UV-62151 9.800E-7 GATE-31-28 GATE-31-0 GATE-31-5 (Exida) UZ-62151 1.630E-6 FPCY-62154(R) Pressure Reducing FPCV-62154A(R) 9.150E-7 1.981E-5 GATE-31-29 GATE-31-11 Site Wide Pressure Control 32 RF-24 2.500E-7 IMPULSE-LINE-(CLEAN)-PCA GATE-31-27 (Foxboro Data) PC-62154 5.620E-7 GATE-31-30 GATE-31-31 Pneumatic (OREDA 84) PSH-62251 5.700E-6 Burkert 6014 / exida) 2.390E-7 UY-62154-(FAIL-ON) PYH-62251A 2.095E-6 Pneumatic Relay (US DOE) 2.000E-5 UY-62154A-(FAIL-ON) GATE-31-12 PYH-62251B 2.095E-6 UV-62251 9.800E-7 GATE-31-26 GATE-31-1 GATE-31-6 (Exida) UZ-62251 2.500E-7 IMPULSE-LINE-(CLEAN)-PCB 1.630E-6 (Foxboro Data) PC-62254 Pressure Reducing FPCV-62254A(R) 5.620E-7 1.981E-5 GATE-31-32 GATE-31-33 GATE-31-13 Burkert 6014 / exida) GATE-31-25 2.390E-7 UY-62254-(FAIL-ON) FPCY-62254(R) 9.150E-7 GATE-31-34 Pneumatic Relay (US DOE) 2.000E-5 UY-62254A-(FAIL-ON) Pneumatic (OREDA 84) PSH-62351 5.700E-6 Site Wide Pressure Control 32 RF-24 PYH-62351A 2.095E-6 GATE-31-14 PYH-62351B 2.095E-6 UV-62351 9.800E-7 GATE-31-24 RF-26A GATE-31-2 GATE-31-7 (Exida) UZ-62351 2.500E-7 IMPULSE-LINE-(CLEAN)-PCC 1.630E-6 (Foxboro Data) PC-62354 Pressure Reducing FPCV-62354A(R) 5.620E-7 1.981E-5 GATE-31-35 GATE-31-36 GATE-31-15 Burkert 6014 / exida) GATE-31-23 2.390E-7 UY-62354-(FAIL-ON) FPCY-62354(R) 9.150E-7 GATE-31-37 Pneumatic Relay (US DOE) 2.000E-5 UY-62354A-(FAIL-ON) Pneumatic (OREDA 84) PSH-62451 5.700E-6 Site Wide Pressure Control 32 RF-24 PYH-62451A 2.095E-6 GATE-31-16 PYH-62451B 2.095E-6 UV-62451 9.800E-7 GATE-31-39 GATE-31-3 GATE-31-8 (Exida) UZ-62451 2.500E-7 IMPULSE-LINE-(CLEAN)-PCD 1.630E-6 (Foxboro Data) PC-62454 Pressure Reducing FPCV-62454A(R) 5.620E-7 1.981E-5 GATE-31-38 GATE-31-40 GATE-31-17 Burkert 6014 / exida) GATE-31-22 2.390E-7 UY-62454-(FAIL-ON) FPCY-62454(R) 9.150E-7 GATE-31-41 Pneumatic Relay (US DOE) 2.000E-5 UY-62454A-(FAIL-ON) Pneumatic (OREDA 84) PSH-62551 5.700E-6 Site Wide Pressure Control 32 RF-24 PYH-62551A 2.095E-6 GATE-31-18 PYH-62551B 2.095E-6 UV-62551 9.800E-7 GATE-31-21 GATE-31-4 GATE-31-9 (Exida) UZ-62551 2.500E-7 IMPULSE-LINE-(CLEAN)-PCE 1.630E-6 (Foxboro Data) PC-62554 Pressure Reducing FPCV-62554A(R) 5.620E-7 1.981E-5 GATE-31-42 GATE-31-43 GATE-31-19 Burkert 6014 / exida) GATE-31-20 2.390E-7 UY-62554-(FAIL-ON) FPCY-62554(R) 9.150E-7 GATE-31-44 Pneumatic Relay (US DOE) 2.000E-5 UY-62554A-(FAIL-ON) Site Wide Pressure Control 32 RF-24 Fault Tree Model TMR Whole System Site Wide Train Controls (Single Valve) Total Failures (Tricon) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Fisher 4660 Pressure Switch (Pilot Booster) Generic 2/3 Way (Valve Actuator) Generic 2/3 Way Valve (Oreda 2002 pp 757) Trunnion Ball Bettis CB Series Valve Actuator Trunnion Ball Bettis CB Series Valve Actuator Trunnion Ball Bettis CB Series Valve Act uat or Trunnion Ball Bettis CB Series Valve Act uat or Trunnion Ball Bettis CB Series Valve Act uat or Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Fisher DVC6000 (4-20mA) Positioner Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert Impulse Line - Clean Service Foxboro 43APG Pneumatic Controller Solenoid (Failed Energised) (Burkert RF-26A - Site Wide Train Controls (Single Valve) Total Failures (Tricon) 2007/02/20 Page 34 APA Group Presentation 37

Layers Of Protection Analysis Project: Gasnet Brooklyn Control System Rebuild SIF Identifier: SIF-001 SIF Gas High Pressure Description Area P& ID 1 2 3 7 5 6 Safety Econ. Impact Event Initiating Initiating Category Envir. Category Description Cause Likelihood and Target Category and and Target Target Risk Risk Risk 7a 7b 7c 7d 7e 8 9 10 11 11 12 Layers of Protection SIF Integrity Level Compliance Inter Additional IPL additional General Basic Process Alarms mediate SIL Mitigated EIL Actual PFD of Conclusion Economical Safety Event Envir onm e ntal the SIF mitigation, mitigation, event Process Control & Operator restricted dikes, pressure Likelihood Design System Response Likelihood access relief /Year A$ Occupancy Ignition Fatality Factor Factor 1 1 Regulation Train Over Pressure Supply Regulator Valve Mechanical Failure 0.0133152 10 Fatalities Minor 10,000,000 Not Designed to No Protection Contain Possible from Pressure Off Redundant Site (GPU Pneumatic Gasnet) Controls Alarms Downstream Slam Shut Pressure Relief Capacity Inadequate Occupancy assumed to be less than 876 man hours per year. Ignition data from Oreda Fire and Gas Study Target Target Target 0.1 0.3 1 1 1 1.0E-06 1.0E-02 1.0E-05 3.0E+00 9.1E+02 1.3E-02 0 0.0E+00 1.0E-01 8.3E-03 0.0E+00 1.1E-05 9.1E-01 SIL 0 EIL 0 AIL 0 8.3E-03 2.73E-09 2 Regulation Train Over Pressure Supply Regulator Electronic Control System Failure 0.0876 10 Fatalities Minor 10,000,000 Not Designed to Protection Contain Possible from Pressure Off Redundant Site (GPU Pneumatic Gasnet) Controls Alarms Downstream Slam Shut Pressure Relief Capacity Inadequate Occupancy assumed to be less than 876 man hours per year. Ignition data from Oreda Fire and Gas Study Target Target Target 0.1 0.3 1 1.0E-06 1.0E-02 1.0E-05 1.0E+01 8.8E-02 0 4.5E-02 1.0E-01 8.3E-03 0.0E+00 3.3E-06 3.1E+03 3.1E+00 SIL 0 EIL 0 AIL 0 8.3E-03 8.10E-10 3 Regulation Train Over Pressure Process Back Pressure 0.2 10 Fatalities Minor 10,000,000 Not Designed to Contain Pressure Off Site (GPU Gasnet) Yes Alarms Downstream Slam Shut Pressure Relief Capacity Inadequate Occupancy assumed to be less than 876 man hours per year. Ignition data from Oreda Fire and Gas Study Target Target Target 0.1 0.3 1 1.0E-06 1.0E-02 1.0E-05 4.5E+00 2.0E-01 0 4.5E-02 1.0E-01 8.3E-03 0.0E+00 7.5E-06 1.3E+03 1.3E+00 SIL 0 EIL 0 AIL 0 8.3E-03 1.85E-09 Prepared by: Reviewed Summary SIL EIL AIL by: 1.53E+00 Title Name Signature Date Title Name Signature Date 4.6E+02 4.6E-01 SIF-001 FS Engineer Allan Gibson 16-Mar-07 Process Alan Burt SIL 0 EIL 0 AIL 0 Manager Title Name Signature Date Process David Little Engineer Total Mitigated Safety Event Likelihood 5.383E-09 Less than target Yes APA Group Presentation 38

Safety The safety system for these valves is primarily pneumatic, with the ability to be remotely operated from the network control room and as such is subject to the failure rates of these components and the low accuracy of switching compared to the electronic equivalents. Adding the electronic diagnostics reduces the failure rate for the pneumatic safety system from 3.6E-2 to 1.05E-2 for the RTU based solution improving slightly to 9.3E- 003 for a TMR based solution by bypassing some of the pneumatic logic and providing a parallel trip path. These are however again limited by the reliability of the safety system valves which places a floor under the possible shutdown system performance. The actual experienced failure rate for the slam shut system has been in excess of 8.26E-3 based on proven in use data received from GasNet and this has been used in the above event trees. APA Group Presentation 39

Control system implementation Assuming the reliability of the Bristol RTU is inline with industrial standards a spurious trip can be expected due to a control system failure at approximately 11.5 year intervals. This means that a failure will probably occur during the life of the plant due to this cause. Replacing the Bristol RTU with a typical TMR based system will raise this to the 300 to 3000 year range. The probability of a failure of a 2oo3 voting system for the pressure transmitters used in control of either system is so low as to be irrelevant, at 10-12 per year unless a common cause is considered such as a lighting strike or miss-calibration. These causes are still far less likely than an RTU failure which dominates the probability of failure. APA Group Presentation 40

Control and Slamshut Valve Reliability Single Control Valve: The Single Control Valve control implementation will result in a failure requiring unscheduled maintenance about every 0.7 years for a station with 5 trains, primarily driven by control valve failures. Installing a TMR based control system will raise this to 0.8 years. Dual Control Valve The Dual Control Valve control implementation will result in a failure requiring unscheduled maintenance about every 0.41 years for a station with 5 trains, again primary driven by control valve failures (ie about double the rate for single control valve installation). Installing a TMR based control system will raise this to 0.42 years, a barely noticeable change. Slam Shut Valve It is estimated that an individual slam shut valve will close spuriously about every 10 years APA Group Presentation 41

Conclusions Safety target is met with one regulator per run provided a TMR PLC is used TMR + Reg + SSV = 2*RTU + 2*Reg + SSV For multi-run stations, use of the TMR is more economic because of the cost savings of the regulators. For the same station capacity: Dandenong single regulator solution requires 7 regulators and 7 SSVs Dandenong dual regulator solution requires 20 regulators and 10 SSVs For dual run (primary and standby runs) a simpler instrumented design is likely to be more economic. Diagnostic systems are required to detect failed/faulty regulator Records of failure data or SIL rating are required for all components in the safety system APA Group Presentation 42

Program Rollout Tricon selected for initial city gate sites at Brooklyn and Wollert 2*Trident selected for 4 ea Brooklyn heater BMS Interface via TUV serial link to Compressor Station Tricons at Brooklyn and Wollert Standard function blocks Standard field devices APA Group Presentation 43

We Deliver Energy www.pipelinetrust.com.au APA Group Presentation 44

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback