Practical Methods for Process Safety Management
Transcript of Practical Methods for Process Safety Management
CSChE Conference 2006Sherbrooke, Quebec, Canada
Practical Methods for Process Practical Methods for Process Safety ManagementSafety Management
Putting Process Safety ManagementPutting Process Safety Management““At The Heart Of Our LivesAt The Heart Of Our Lives””
Canadian Chemical EngineeringCanadian Chemical EngineeringConference 2006Conference 2006
Sherbrooke, Quebec, CanadaSherbrooke, Quebec, CanadaOctober 18, 2006October 18, 2006
2 CSChE Conference 2006Sherbrooke, Quebec, Canada
QuoteQuote
““Concern for man himself and his safety must Concern for man himself and his safety must always form the chief interest of all technical always form the chief interest of all technical endeavors. Never forget this in the midst of endeavors. Never forget this in the midst of your diagrams and equationsyour diagrams and equations””
~Albert Einstein~Albert EinsteinQuote taken from Quote taken from ““Five Past Midnight in BhopalFive Past Midnight in Bhopal””
3 CSChE Conference 2006Sherbrooke, Quebec, Canada
IntroductionIntroductionStandard OverviewStandard OverviewDefining Risk and Risk ReductionDefining Risk and Risk Reduction
Determining if an SIS is requiredDetermining if an SIS is required
Proof TestingProof TestingLong Term MaintenanceLong Term Maintenance
Discussion/QuestionsDiscussion/Questions
AgendaAgenda
4 CSChE Conference 2006Sherbrooke, Quebec, Canada
Sam Kozma,Sam Kozma, C.E.T., CFSEC.E.T., CFSE
Certified Functional Safety ExpertCertified Functional Safety Expert
Certified Functional Safety Expert (CFSE) with Certified Functional Safety Expert (CFSE) with TTÜÜV AccreditationV AccreditationInstrument and Controls for over 18 years, Instrument and Controls for over 18 years, specializing in SIS, SIL & IEC/ISAspecializing in SIS, SIL & IEC/ISAExperience with many systems including Experience with many systems including Siemens, HIMA, and HoneywellSiemens, HIMA, and HoneywellMember:Member:
Task Force on Functional SafetyTask Force on Functional SafetyCanadian National Committee (IEC/SC65A)Canadian National Committee (IEC/SC65A)
5 CSChE Conference 2006Sherbrooke, Quebec, Canada
What are the IEC/ISA What are the IEC/ISA Standards?Standards?
A performance based project execution A performance based project execution methodmethod
Uses a Uses a ““LifecycleLifecycle”” from from ““cradle to gravecradle to grave””Sets targets based on your own risk tolerancesSets targets based on your own risk tolerancesQuantitative analysis to measure successQuantitative analysis to measure successNonNon--prescriptive prescriptive -- Tailor to your own specific needsTailor to your own specific needs
Primary objectives to protect humans and the Primary objectives to protect humans and the environmentenvironment
Also Successful in Asset Protection, Corporate Image, Also Successful in Asset Protection, Corporate Image, etc.etc.
6 CSChE Conference 2006Sherbrooke, Quebec, Canada
What are the IEC/ISA What are the IEC/ISA Standards?Standards?
Developed to help prevent incidentsDeveloped to help prevent incidentsFlixboroughFlixboroughSevesoSevesoBhopalBhopalTexas CityTexas City
7 CSChE Conference 2006Sherbrooke, Quebec, Canada
How Many Standards Are How Many Standards Are There?There?
IEC 61513Nuclear
IEC 62061Machine Safety
ISA 84Process Industry
IEC 61511Process Industry
IEC 61508
8 CSChE Conference 2006Sherbrooke, Quebec, Canada
Where Does it all Start?Where Does it all Start?
ManagementManagementTop down approach:Top down approach:
Management supportManagement supportProcedures and policies shall reflect the Procedures and policies shall reflect the implementation on all projectsimplementation on all projectsDevelop a Safety Management PlanDevelop a Safety Management Plan
9 CSChE Conference 2006Sherbrooke, Quebec, Canada
Primary ObjectivePrimary Objective
Inherently Safer DesignsInherently Safer Designs
A good design process will use a Safety A good design process will use a Safety Instrumented System (SIS) as a Instrumented System (SIS) as a last resortlast resort to to lower the likelihood of an occurrence.lower the likelihood of an occurrence.
10 CSChE Conference 2006Sherbrooke, Quebec, Canada
IntroductionIntroductionStandard OverviewStandard OverviewDefining Risk and Risk ReductionDefining Risk and Risk Reduction
Determining if an SIS is requiredDetermining if an SIS is required
Proof TestingProof TestingLong Term MaintenanceLong Term Maintenance
Discussion/QuestionsDiscussion/Questions
AgendaAgenda
11 CSChE Conference 2006Sherbrooke, Quebec, Canada
Conceptual Design& Overall Scope
Definition
Process HazardAssessment
SIL Determination& Assessment
SafetyRequirementsSpecification
Stage 1SRS Assessment
External RiskReduction:
Protection/Mitigation
Other SafetyRelatedSystems
Overall PlanningInstallation &
CommissioningPlanning
SafetyValidationPlanning
Operations &Maintenance
Planning
AN
ALY
SIS
PHA
SERE
ALI
ZATIO
N P
HASE
OPE
RATIO
NA
L PH
ASE
SIS IntegrationSIS
ValidationPlanning
SIS Operations& Maintenance
Procedures
SIS Design&
DevelopmentStage 2 - SIS Validation
Overall Installation& Commissioning
Stage 3PSSR - Required
OverallMaintenance
& RepairStage 4
Regular PeriodicAssessment
To AppropriateLifecycle Step
OverallModification
& Retrofit
Decommissioning
Stage 5Validate
Modification
IEC PSM IEC PSM LifecycleLifecycle
12 CSChE Conference 2006Sherbrooke, Quebec, Canada
ApplicationApplication
Process ExampleProcess ExampleHigh Pressure HazardHigh Pressure HazardUndersized FlareUndersized Flare
InletSeparator
PIC100
PIT100
PY100
From Field
DownstreamProcessing
DownstreamProcessing
DownstreamProcessing
Flare
13 CSChE Conference 2006Sherbrooke, Quebec, Canada
Process Hazard Process Hazard AssessmentAssessment
PHA (HAZOP)PHA (HAZOP)Potential Failure: PICPotential Failure: PIC--100100Result: Overpressure, possible explosion and fire, toxic gas relResult: Overpressure, possible explosion and fire, toxic gas releaseeaseRecommendation: Review vessel design, independent alarms, SIL Recommendation: Review vessel design, independent alarms, SIL analysisanalysis
Inlet Area Node: Inlet SeparatorDev.
1.2.1
Cause
Failure of InletPressureController PIC-100
1.2 More Pressure
Consequence
- Increasing pressurewill cause stress onInlet Sep., causingrupture, explosionand resulting fire.- Risk to personnel.- Risk to Environment(Toxic Gas)
Safeguards
Pressure Releif Valveon Inlet Sep.
Recommendations
- Review vessel design.- Investigate possibleindependent alarms.- Conduct SIL analysis todetermine if HIPPS isrequired.
14 CSChE Conference 2006Sherbrooke, Quebec, Canada
What is SIL?What is SIL?
SIL SIL –– SSafety afety IIntegrity ntegrity LLevelevel
IEC 61511 Defines SIL as follows:IEC 61511 Defines SIL as follows:Discrete level (one out of four) for specifying the Discrete level (one out of four) for specifying the safety integrity requirements of the safety safety integrity requirements of the safety instrumented functions to be allocated to the SIS. instrumented functions to be allocated to the SIS. Safety integrity level 4 has the highest level of safety Safety integrity level 4 has the highest level of safety integrity; safety integrity level 1 has the lowest.integrity; safety integrity level 1 has the lowest.
15 CSChE Conference 2006Sherbrooke, Quebec, Canada
What Does That Mean?What Does That Mean?
Determine Determine riskrisk and measure it against and measure it against your risk tolerance. your risk tolerance. Risk:Risk:
the measure of the the measure of the consequenceconsequence and and frequencyfrequency of an unwanted incident.of an unwanted incident.
The gap is the The gap is the intolerable riskintolerable risk..Apply Layers of Protection to reduce the Apply Layers of Protection to reduce the exposure to risk.exposure to risk.Remaining gap requires an SIS.Remaining gap requires an SIS.
16 CSChE Conference 2006Sherbrooke, Quebec, Canada
RISK
Frequency
RiskRisk
The measure of the The measure of the consequenceconsequence andandfrequencyfrequency of anof anunwanted incidentunwanted incident
= RISK= RISKCon
sequ
ence
17 CSChE Conference 2006Sherbrooke, Quebec, Canada
SafetySystem
Reducing The GapReducing The Gap
Tolerable RiskTolerable RiskProtective LayersProtective Layers
DesignDesignRelief ValvesRelief ValvesProceduresProcedures
MitigationMitigationFire and Gas SystemsFire and Gas SystemsEvacuation ProceduresEvacuation Procedures
Safety Instrumented Safety Instrumented SystemsSystems
MitigationLayers
ProtectionLayers
TolerableRisk
ProcessRisk
18 CSChE Conference 2006Sherbrooke, Quebec, Canada
Layers Of ProtectionLayers Of Protection
PROCESS
BPCS
PROC
ESS
ALAR
MSOPERATOR
SUPERVISION
MECHANICAL PROTECTIONSYSTEMS
OPERATOR
INTERVENTIONOPERATING
PROCEDURES
PROCESS ALA
RMS W
ITH
EXECUTIVE ACTIO
N
SAFE
TY IN
STRU
MEN
TED
PRO
TEC
TIO
N SY
STEM
S
COM
MUN
ITY
EMER
GEN
CY R
ESPO
NSE
FIRE AND GAS
SYSTEMS
MECHANICAL MITIGATIONSYSTEMS
OPE
RATO
RSU
PERV
ISIO
N
PLANT EMERGENCYRESPONSE
SAFETY INSTRUMENTED
MITIGATION SYSTEM
S
19 CSChE Conference 2006Sherbrooke, Quebec, Canada
ApplicationApplication
Process ExampleProcess ExampleHigh Integrity Pressure High Integrity Pressure Protection System (HIPPS)Protection System (HIPPS)
InletSeparator
PIC100
PIT100
PY100
From Field
DownstreamProcessing
DownstreamProcessing
DownstreamProcessing
Flare
XY101A
XY101B
PIT101A
PIT101B
SIF-101SIL 3
1oo2 Valves(Each with 1002 SOV)
1oo2 PITs
20 CSChE Conference 2006Sherbrooke, Quebec, Canada
IntroductionIntroductionStandard OverviewStandard OverviewDefining Risk and Risk ReductionDefining Risk and Risk Reduction
Determining if an SIS is requiredDetermining if an SIS is required
Proof TestingProof TestingLong Term MaintenanceLong Term Maintenance
Discussion/QuestionsDiscussion/Questions
AgendaAgenda
21 CSChE Conference 2006Sherbrooke, Quebec, Canada
Proof TestingProof Testing
Testing and maintaining an SIS is critical to Testing and maintaining an SIS is critical to meeting risk reduction targets throughout the meeting risk reduction targets throughout the entire lifecycle.entire lifecycle.
Impact of Testing on SILImpact of Testing on SILProbability of Failure on Demand (PFD) Probability of Failure on Demand (PFD) increasesincreases over over time without functional proof testing and can result in time without functional proof testing and can result in a a decliningdeclining SIL rating of your SIF thus leaving the SIL rating of your SIF thus leaving the process at process at riskrisk..
22 CSChE Conference 2006Sherbrooke, Quebec, Canada
Impact of Testing on SILImpact of Testing on SILSIL 2 DeviceSIL 2 Device80% Test 80% Test coveragecoverageYearly Test Yearly Test IntervalInterval10 Year Mission 10 Year Mission TimeTime
SIL 1
SIL 2
2 4 6 8 10
0.005(RRF=200)
0.01(RRF=100)
0.015(RRF=67)
0.02(RRF=50)
0.025(RRF=40)
0.03(RRF=33)
0.035(RRF=28)
0.04(RRF=25)
PFD
YEARS
PFDavg (w/Testing)PFDavg = 0.007
RRF = 143
PFD (w/Testing)
PFDavg (No Testing)PFDavg = 0.02
RRF = 50
PFD (No Testing)
LEGEND
PFD without Proof TestingPFDavg without Proof TestingPFD with Yearly Test IntervalPFDavg with yearly Test Interval
23 CSChE Conference 2006Sherbrooke, Quebec, Canada
MaintenanceMaintenance
Breakdown vs. PreventativeBreakdown vs. PreventativeFollow manufacturerFollow manufacturer’’s recommendationss recommendationsProcedures and intervals should be included in Procedures and intervals should be included in the Safety Requirements Specification (SRS)the Safety Requirements Specification (SRS)Replace/refurbish to Replace/refurbish to ““as newas new”” condition before condition before ““wearwear--outout””Audit to measure if goals are being metAudit to measure if goals are being metRegular PHA (HAZOP, FMEA, etc.)Regular PHA (HAZOP, FMEA, etc.)
CSChE Conference 2006Sherbrooke, Quebec, Canada
Thank you!Thank you!
QuestionsQuestions
Contact Information:Contact Information:Sam Kozma, Sam Kozma, C.E.T., CFSEC.E.T., CFSE
Phone: (403) 333Phone: (403) 333--81188118Fax: (403 637Fax: (403 637--28702870
Email: Email: [email protected]@spectraldesign.casign.caWebsite: www.spectraldesign.caWebsite: www.spectraldesign.ca