VALIDATE LOPA ASSUMPTIONS WITH DATA FROM YOUR OWN PROCESS

Similar documents
innova-ve entrepreneurial global 1

Advanced LOPA Topics

A large Layer of Protection Analysis for a Gas terminal scenarios/ cause consequence pairs

Impact on People. A minor injury with no permanent health damage

SIL Allocation. - Deterministic vs. risk-based approach - Layer Of Protection Analysis (LOPA) overview

Understanding the How, Why, and What of a Safety Integrity Level (SIL)

SAFETY SEMINAR Rio de Janeiro, Brazil - August 3-7, Authors: Francisco Carlos da Costa Barros Edson Romano Marins

Using LOPA for Other Applications

The Risk of LOPA and SIL Classification in the process industry

Section 1: Multiple Choice

Knowledge, Certification, Networking

4-sight Consulting. IEC case study.doc

Section 1: Multiple Choice Explained EXAMPLE

Session One: A Practical Approach to Managing Safety Critical Equipment and Systems in Process Plants

Valve Communication Solutions. Safety instrumented systems

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

Risk reducing outcomes from the use of LOPA in plant design and operation

The IEC61508 Operators' hymn sheet

Every things under control High-Integrity Pressure Protection System (HIPPS)

Hydraulic (Subsea) Shuttle Valves

SYMPOSIUM SERIES NO 160 HAZARDS ABB

PREDICTING HEALTH OF FINAL CONTROL ELEMENT OF SAFETY INSTRUMENTED SYSTEM BY DIGITAL VALVE CONTROLLER

Solenoid Valves For Gas Service FP02G & FP05G

Ultima. X Series Gas Monitor

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

The IEC61508 Inspection and QA Engineer s hymn sheet

SPR - Pneumatic Spool Valve

Analysis of Instrumentation Failure Data

Expert System for LOPA - Incident Scenario Development -

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems

High Integrity Pressure Protection Systems HIPPS

Bespoke Hydraulic Manifold Assembly

Solenoid Valves used in Safety Instrumented Systems

DeZURIK. KGC Cast Knife Gate Valve. Safety Manual

DeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual

DeZURIK. KSV Knife Gate Valve. Safety Manual

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

This manual provides necessary requirements for meeting the IEC or IEC functional safety standards.

Proposal title: Biogas robust processing with combined catalytic reformer and trap. Acronym: BioRobur

COMMON MISUNDERSTANDINGS ABOUT THE PRACTICAL APPLICATION OF IEC 61508

Understanding IPL Boundaries

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

Failure Modes, Effects and Diagnostic Analysis

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508

New Thinking in Control Reliability

Understanding safety life cycles

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No.

Combining disturbance simulation and safety analysis techniques for improvement of process safety and reliability

Identification and Screening of Scenarios for LOPA. Ken First Dow Chemical Company Midland, MI

Safety manual for Fisher GX Control Valve and Actuator

Partial Stroke Testing. A.F.M. Prins

Designing to proposed API WHB tube failure document

Safety Engineering - Hazard Identification Techniques - M. Jahoda

RESILIENT SEATED BUTTERFLY VALVES FUNCTIONAL SAFETY MANUAL

Implementing IEC Standards for Safety Instrumented Systems

Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons

The IEC61508 Project Manager's & Project Engineer's hymn sheet

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis

Quantitative Risk Analysis (QRA)

Instrumented Safety Systems

TRI LOK SAFETY MANUAL TRI LOK TRIPLE OFFSET BUTTERFLY VALVE. The High Performance Company

The Relationship Between Automation Complexity and Operator Error

The Key Variables Needed for PFDavg Calculation

QUANTIFYING THE TOLERABILITY OF POTENTIAL IGNITION SOURCES FROM UNCERTIFIED MECHANICAL EQUIPMENT INSTALLED IN HAZARDOUS AREAS

Rosemount 2130 Level Switch

Failure Modes, Effects and Diagnostic Analysis

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

HOW LAYER OF PROTECTION ANALYSIS IN EUROPE IS AFFECTED BY THE GUIDANCE DRAWN UP AFTER THE BUNCEFIELD ACCIDENT

Enterprise. Chapter 3. 1 Manufacturing Process Management. Automatic Control System. works in real time; checks the safety;

Accelerometer mod. TA18-S. SIL Safety Report

SIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6

Transmitter mod. TR-A/V. SIL Safety Report

FUNCTIONAL SAFETY: SIL DETERMINATION AND BEYOND A CASE STUDY FROM A CHEMICAL MANUFACTURING SITE

A study on the relation between safety analysis process and system engineering process of train control system

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System (HIPPS) to IEC 61511

Operational Risk Using BowTie Methodology

EMERGENCY SHUT-DOWN RELIABILITY ADVANTAGE

Safe management of industrial steam and hot water boilers A guide for owners, managers and supervisors of boilers, boiler houses and boiler plant

Hazard Operability Analysis

Failure Modes, Effects and Diagnostic Analysis

Jamesbury Pneumatic Rack and Pinion Actuator

Engineering Safety into the Design

UNDERSTANDING SAFETY INTEGRITY LEVEL

PSM TRAINING COURSES. Courses can be conducted in multi-languages

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Failure Modes, Effects and Diagnostic Analysis

PART 1.2 HARDWARE SYSTEM. Dr. AA, Process Control & Safety

Neles trunnion mounted ball valve Series D Rev. 2. Safety Manual

Workshop Functional Safety

SIL Safety Manual for Fisherr ED, ES, ET, EZ, HP, or HPA Valves with 657 / 667 Actuator

Major Hazard Facilities. Control Measures and Adequacy

FUEL GAS FIRING CONTROL RJ (Dick) Perry Safety Systems Consultant 6 June 2016

Major Hazard Facilities. Major Accident Identification and Risk Assessment

A Complete Solution For HIPPS

Steam System Best Practices 14 Best Practices for Guide Lines for Boiler Plant Log Books

Safety Manual VEGAVIB series 60

Failure Modes, Effects and Diagnostic Analysis

Process Safety Journey

FAULT DIAGNOSIS IN DEAERATOR USING FUZZY LOGIC

YT-300 / 305 / 310 / 315 / 320 / 325 Series

Transcription:

Honeywell Advanced Materials new Low-Global-Warming Refrigerant Plant in Geismar, LA Tony Downes Sept 2018 VALIDATE LOPA ASSUMPTIONS WITH DATA FROM YOUR OWN PROCESS

A little about the presenter 1 Led over 100 PHAs Did first LOPA in 1999 Led over 100 Incident Investigations Launched 4 Risk Reduction programs A.M. (Tony) Downes Global Process Safety Advisor 1978-1988 DuPont Canada. Project Eng, Process Eng, Product Development, Maintenance Eng, Project Manager 1988-1992 Bayer Canada, Supervisor LPE 1992-2001 Westlake Group, Principle PS Eng. 2001-2010 FMC. Global Safety & Sec. Mgr 2010-date Honeywell PMT Global PS Advisor CCPS Tech Steering and Planning Cmtes CCPS Certified Process Safety Engineer Everything I know about Process Safety, I learned in an investigation

LOPA and the Integrity of the Layers Focus on the Control and Safety Layers 2 COMMUNITY EMERGENCY RESPONSE PLANT EMERGENCY RESPONSE MITIGATION Mechanical Mitigation Systems Safety Instrumented Control Systems Safety Instrumented Mitigation Systems PREVENTION Mechanical Protection System Process Alarms Operator Supervision Safety Instrumented Control Systems Safety Instrumented Prevention Systems Basic Process Control Systems Monitoring Systems (process alarms) Operator Supervision Process Design Two key questions: 1. Is the SIS Prevention layer ready? - Is it Degraded in any way today? - How did it perform during last Demand (Real or Spurious)? - What is the RRF/PFDavg over the past year or so? 2. How steady is the control system (BPCS Layer)? - Any critical control loops Degraded? - What is the Initiating Event Frequency really? - Flat-line diagnosis Initiating Event + SIF not ready Serious incident

What happens if/when the Layers/barriers don t work? 3 Example: Gasoline Tank Overflow Fire Initiating Event: LIT Error. IEF ~1/10 years 1 Safety Interlock: LSHH XZV SIL2 2 Conditional Modifier: Prob. Of Ignition ~0.99 3 Combined Probability of Fire ~ 0.001/year 1. Typical failure rate from CCPS LOPA Book. 2. Assumed RRF of 100 (PFD = 0.01 3. CCPS POI Tool for heptane at 60degF:POII ~.01; PODI ~0.99 POEGI ~0.5 Some potential problems Process measuring device faults (sticking) XZV fails to shut XZV closes, but slowly (degraded) LSHH Fail-dangerous unrevealed LSHH left in bypass after trip test LSHH HHH HH H LIT Level Transmitter + PSSuite or Equivalent Monitoring software instead HV XZV Most LSHH faults can t be diagnosed remotely. Only a proof-test will do. Turn your Process Historian data into Safety Insights

Calculating & Summing Risks 4 Riskfrom Scenario = Consequence x Likelihood Likelihood = (IEF x PFD1 x PFD2 etc) 100 x 0.01 = 1 99 x 0.01 +1 = 1.99 Total Corporate Risk = # Sites # Units at site # Hazards Site k Unit j Consequence i Likelihood i 1 1 1 Enterprise data systems support Corporate Risk Management

It s really an estimate of Risk 5 1. PHA/LOPA teams estimate the Initiating Event Frequency (IEF) - Likely based on typical industry probabilities. - A number of good references available these days New CCPS LOPA database Usually OK within an order of magnitude - Teams have a bias towards Underestimating likelihood 2. Independent Protection Layer (IPL)/ Safety Instrumented Function (SIF) reliability. 3. Maintain: Not simple to keep SIL2 PFD better than 0.01 forever Can we get more accurate numbers from our own facilities?

Example of a LOPA taking credits for various IPLs 6 Need: TMEL = 100,000 PFD = 1/RRF So PFD of : BPCS = 0.1 PSV = 0.01 SIF = 0.01 PFD = 0.1 x 0.01 x 0.01 =0.00001 RRF = 100,000 Order depends on process design, etc.

New HFO Unit (Overpressure Protection) Initiating Event (IE): The LOPA - Pressure Control loop fails Overpressure & Rupture, Major Hazard Frequency (IEF): 1 Failure / 10 years = 0.1/yr Independent Protection Layers (IPL): 1. Overpressure SIF102 closes XZV102 PFD = 0.01 2. Pressure Safety Valve (PSV) PFD = 0.01? Mitigated Event Likelihood - MEL = 0.1/yr * 0.01 * 0.01 = 0.00001 = 1E -5 Design meets criteria? SIF 102 SIL2 Steam XZV 102 Reboiler E101 PZIT 102 PSH PSV Condensate Column C101 PIC 101 PCV 101 How can we assure we are in the Green year after year? 7

Insights from a Recent Analysis 8 From LOPA1: Pressure Control System From LOPA2: HtEx Leak Monitoring Demand rate (IEF) From HAZOP/LOPA: - Expected fault rate between 1/year 1/10 years - Actual control system fault rate: 1 amongst 10 PIT loops in 3+ years better than expected - No reason to suspect the PIT fault was related to process application Safeguard SIL affirmation - Target Availability SIL-2 (>99%) - Actual outage/unavailable time for 2 PZIT loops <48 hours in 3+ years (>99.9%) better than expected Demand rate (IEF) From HAZOP/LOPA: - Special tubes. Special precautions. New service - Expected tube failure rate about 1/year - Actual Heat Exchanger tube-leak-through rate: 0 amongst 10 exchangers in similar* service over 3+ years better than expected Safeguards SIL - Combination of Conductivity and ph analyzers arrayed in voting systems - Target RRF ~10 for each analyzer - ACTUAL on next few slides

100AZIT4101A 100AZIT4101B 100AZIT4001A 100AZIT4001B 100AZIT4002A 100AZIT4002B Example LOPA2 High SIF Demand Rate 9 SIL2 SIF 101 OR Steam XZV 102 Reboiler E101 AIT 101A AIT 101B Condensate In Low Demand Rate designs, we assume the Safety Instrumented Function (SIF) will get a demand less than once per year More than once per year indicates the design needs expert diagnosis and may need to be more robust A few times per week??? Week Number Grand Total 40 3 3 6 41 2 2 44 1 1 10 8 20 45 1 1 46 1 1 Grand Total 7 3 1 1 10 8 30 There has never been a real Demand. ALL of these were Spurious. PSS Workbench showed 2oo3 Voting System is better choice

Valve Stroke Duration Evolves Over Time 10 This XZV is performing well within the required Process Safety Time, BUT Stroke time is trending up for both Opening and Closing. Will your plants notice when stroke time is getting close to Process Safety Time? NOTE: This spreadsheet, pivot and graph originally took about 1 hour in Excel

Diagnosing a Flat-Lined Transmitter 11 Transmitter signals (PV s) generally change over time If the signal is not varying in any way for a long time, like 100AZI4001A, the transmitter may have developed a fault Maintenance Inspection/ recalibration appropriate (once diagnosed) Hard to do Manually. Easier with Analytic Tools

Conclusions 12 While the Design of the Safety Instrumented Functions provides the target amount of protection, the actual field performance of a few SIFs did not. This didn t matter as the Initiating Event Frequency was actually much better than anticipated by the HAZOP/LOPA team. Analytics from field performance showed a number of opportunities to improve the system. The issues and opportunities were not apparent at first. Having the LOPA, Cause & Effect Matrix and Historian Analytics in a Single Data System simplifies analysis dramatically Analytics compares Intended design vs Actual performance

Process Safety Suite enables System Behavior from LOPA / SOL Track SIF overrides, bypasses across units and sites Expected SIF Behavior from Cause&Effects Matrix DCS/SIS Process Data, & Event Log Cloud Analytics Cloud Data Consolidation Provide Demand Rate and SIL/RRF estimates to PHA Capture proven-in-use data for SIF elements, and more Device information 2015 by Honeywell International Inc. All rights reserved. Identify Bad Actors. * On-premise solution if preferred Real-time Risk Management

15 Consensus Standards give guidance but don t say HOW IEC61511: 16.2.2 tells us to develop the information which needs to be maintained on system failure and demand rates on the SIS and the information which needs to be maintained showing results of audits and tests on the SIS and have procedures for analysing systematic failures. 16.2.6 Discrepancies between expected behaviour and actual behaviour of the SIS shall be Analysed This shall include monitoring the following: the actions taken following a demand on the system; the failures of equipment forming part of the SIS established during routine testing or actual demand; the cause of the demands; the cause of false trips. 16.3.1.5 At some periodic interval (determined by the user), the frequency of testing shall be reevaluated based on various factors including historical test data, plant experience, hardware degradation, and software reliability.

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback