Hazop Sif Sil

HAZOP SIF - SIL
Global Safety Solutions Center
British Gas Mumbai - India November, 2007
Copyright 2007 Yokogawa System Center Europe B.V. HAZOP SIF - SIL
Page 1
HAZOP, SIF, SIL
Risk identification Layers of protection What are SIFs Determine SIL
Page 2
IEC 61511
Risk assessment and SIL classification

1
Hazard and risk assessment
Allocation of safety functions
Management of functional safety
Safety requirements specification
Safety lifecycle
No method prescribed
10
11
General method : HAZOP 9 Hazard and operability study

Page 3
HAZOP
Characteristics of the HAZOP method

Systematic Hazard Identification method for Processes Team brainstorm sessions Basis: P&ID drawings Use of Guide words (ICI method) Wide spread use in Industry and Engineering Contractors Results: Overview of all possible unwanted disturbances Determinate what safeguards in place Action planning for improvements or required clarifications
Page 4
HAZOP Basic explanation

HAZOP technique provides opportunities to use your imaginations, going free and think of all possible ways in which hazards or operating problems might arise. Reduce chance of missing something and therefore: do it in a systematic way! Each pipeline, vessel, process part, etc has to be considered in turn. To be done in a team. Members can stimulate each other and build upon each others ideas.
Page 5
HAZOP What we need !

Line diagrams or P&IDs have to be complete and in front of each team member. Process description has to be in place and complete. Possible applicable Safety Functions as relief valves and Sensors/Safety Valves can be already proposed by the Process engineers, but have to be examined and justified fully. Document the results of the HAZOP and justify Safety Functions!
Page 6
HAZOP procedure
Select node
Select deviation from normal Move on to next deviation No Yes Is deviation possible? - Possible cause? Yes Can it become hazardous? (Prevent efficient operation?) No Yes Will the Control System adjust this deviation in time? Yes Control System fails, acts wrong, operator acts wrong No Consider other causes of deviation
Describe possible hazard consequence
Determine SAFEGUARD - SIF / Mechanical / Mitigation
Determine sensors and final elements (SIF)

Page 7
HAZOP HAZOP Requirements
HAZOP tables to be filled in during the sessions (preferably with video projection) by the secretary. The team need to consist of different disciplines: Operator, Process Design, E&I, Mechanical. Experienced Chairman vital for the results and efficiency Dont try to solve all problems identified Limit the duration: max. 6 hours a day. Avoid external disturbances during the sessions
Page 8
HAZOP Hazop Method Preparation:

Collect all information (P&ID, Process description) Check whether info is up-to date! Split the process in functional nodes and indicate intention of the function
During the sessions:

One of the team members briefly explain each node before the analysis starts The chairman starts to use the all relevant Guide words (More, Less etc.) for all relevant Parameters (Temperature, Pressure etc.)
Page 9
HAZOP
Guide words:
No More Less Partly As well as Reverse Other than
Page 10
HAZOP
Page 11
HAZOP
Page 12
Layers of protection : Onion model

Community Emergency Response Plant Emergency Response Physical Protection (Bund wall) Automatic Action (SIF) Critical Alarms and Manual Intervention Basic Controls Process Design
TT
Page 13
Layers of protection
Human layer
Control layer Protective layer (instrumented) Protective layer (physical) Mitigation layer
Process
Page 14
PEFS example (2 phase separator)
H H
TIA 001 PRCA 002 PRCA-002 LZA 001 UZ-101
Gas out
H
LRCA 003 L
Emulsion in
Human layer Control layer Protective layer (instrumented) Protective layer (physical) Mitigation layer
Oil out
LRCA-003
Page 15
Process Copyright 2007 Yokogawa System Center Europe B.V. HAZOP SIF - SIL
SIFs
Safety Instrumented System
dual voted
sensor sensor sensor
triple voted
final element final element
SIF # 1 (e.g. SIL 4)
SIF # 3 (e.g. SIL 3) )

sensor
logic solver
final element

final element
sensor
Availability
All loops may effect the process availability

Page 16
Determine target SIL
Page 17
Determine target SIL
IEC61508 : part 5 ALARP Risk Graph Risk Matrix IEC61511 : part 3 also FTA : Fault Tree Analyses LOPA : Layers Of Protection Analyses
Page 18
Alarp Principle
Increasing Individual Risk and Social Concerns
Risk Classes
Interpretation
Risk can not be justified except in extraordinary circumstances
Unacceptable Region
Intolerable Risk Undesirable Risk and only Tolerable if Risk reduction is impractical or if costs are grossly disproportionate to risk reduction gained Tolerable Risk if the cost of risk reduction would exceed the improvement gained
Tolerable Region
II
III
Risk is tolerable only if: a. Further Risk reduction is impractical or if its cost is disproportionate to the improvement gained or b. Society desires the benefit of the activity given the associated Risk As Risk is reduced, the less, in proportion, it is necessary to spend to satisfy ALARP, The concept of diminishing proportion is represented by the triangle
Broadly Acceptable Region
IV
Negligible Risk
Level of residual risk regarded as negligible, and further measures to reduce risk not usually required. No need for detailed working to demonstrate ALARP
Negligible Risk
Page 19
Risk Graph (determination of SIL)

C Consequence of hazard

w3
CA X1 X2 CB FA FB CC FA FB FA FB PA PB PA PB PA PB PA PB X6 X3
w2 --a 1 2 3 4
w1 ----a 1 2 3
CA: Minor injury CB: Serious injury, death of one person CC: Death to several persons CD: Very many people killed
a 1 2
F Frequency of exposure to hazard

FA: Rare to more often FB: Frequent to permanent
P Possibility to avoid hazard

PA: Possible PB: Almost impossible
X4 X5
3 4 b
CD
W Probability of occurrence of hazard

W1: Very low W2: Low W3: High
--a b 1- 4
No safety requirements No special safety requirements A single E/E/PES is not sufficient Safety Integrity Level
1. Unmanned installation: CB; FA ; PB => SIL 1 2. Manned installation:

CC; FB ; PB => SIL 3

Page 20
10
Risk Graph (determination of SIL)
Page 21
Risk Matrix
Consequences Health and Safety Slight Injury or Health Effect Minor Injury or Health Effect Major Injury or Health Effect 13 Fatalities Multiple Fatalities Economics (Loss in ) Slight < 10 k Minor 10 k - 100 k Medium 100 k - 1 M Major 1 M - 10 M Extensive > 10 M Environmental effect Slight Minor Local Major Massive Demand Rate (time between demands) Negligible Demand > 20 years a1 a2 1 2 4 - 20 years a1 a2 1 2 3 0.5 - 4 years a2 1 2 3 4 (x) 0 - 0.5 years a2 2 3 4 (x) x
Page 22
11
LOPA: example of defenses
Downstream blockage
pre-alarm and trip Protection layers
Loss of containment
ignition
Explosion of gas cloud
exposure
One operator killed and 6 months downtime
Conditional modifiers
Initiating events
Released hazard
hazard
Mitigation layers
Consequences
RV pops
Flaring
RV repair & Environmental impact
The PZHH function
Page 23
SIL Classification Methodology

Team effort: Facilitator Process Eng. Operations/Maintenance Eng. Safety Eng (pt) Rotating Equipm. Eng (pt)
Identify the SIF SIF ID SIF description References to HAZOP
Design intent of SIF Hazardous situation to be protected against
Demand scenario Most likely initiating events Other protections (not the SIF under consideration)
Consequence of Failure on Demand Narrative describing: Failure on demand => hazardous events => ultimate consequences Consequence severity Personal Safety, Environment, Economics
Page 24
12
EXAMPLE Risk Matrix

Consequences Health and Safety Slight Injury or Health Effect Minor Injury or Health Effect Major Injury or Health Effect 13 Fatalities Multiple Fatalities Economics (Loss in ) Slight < 10 k Minor 10 k - 100 k Medium 100 k - 1 M Major 1 M - 10 M Extensive > 10 M Environmental effect Slight Minor Local Major Massive Demand Rate (time between demands) Negligible Demand > 20 years a1 a2 1 2 4 - 20 years a1 a2 1 2 3 0.5 - 4 years a2 1 2 3 4 (x) 0 - 0.5 years a2 2 3 4 (x) x
Page 25
Health and Safety Consequences

Effect Slight injury Minor injury Description
First aid case and medical treatment case. Not affecting work performance or causing disability. Lost time injury. Affecting work performance, such as restriction to activities or a need to take a few days to fully recover (maximum one week). Including permanent partial disability. Affecting work performance in the longer term, such as prolonged absence from work. Irreversible health damage without loss of life, e.g. noise induced hearing loss, chronic back injuries. Also includes the possibility of multiple fatalities (1 -3) in close succession due to the incident, e.g. explosion. Catastrophe due or in close succession to the incident.
Major injury
1 - 3 fatalities
Multiple fatalities
Page 26
13
Economic Losses
Effect Slight damage < 10 k Minor damage 10 k - 100 k Local damage 100 k - 1 M Major damage 1 M - 10 M Extensive damage > 10 M Description No disruption to operation
Brief disruption
Partial shutdown that can be restarted Partial operation loss (2 weeks shutdown) Substantial or total loss of operation
Page 27
Environmental Consequences
Effect Slight effect Minor effect Local effect Major effect Massive effect Description
Local environmental damage. Within the fence and within systems. Negligible financial consequences. Contamination; damage sufficiently large to attack the environment; No permanent effect on the environment. Limited loss of discharges of known toxicity; Affecting neighborhood beyond the fence. Severe environmental damage. The company is required to take extensive measures to restore the contaminated environment to its original state. Persistent severe environmental damage or severe nuisance extending over a large area. In terms of commercial or recreational use or nature conservancy, a major loss for the company.
Page 28
14
What are the SIFs ?

H PRCA SP 100 50 barg
Thermal or Fire Relief only setting 60 barg
SIF 1 : to protect the pump against gas. SIF 2 : to protect the vessel against overpressure
Design Pressure 60 Barg
V100
LRC 100 PCV100
Hydrocarbons 120 Bar
P1 LCV100
Page 29
HAZOP, SIF, SIL
Known your risks : HAZOP Define your SIFs Determine the SIL for each SIF Document all safety relevant requirements (SRS : safety requirement specification) Questions?
Page 30
15
Asset Excellence Solutions that maximize performance of assets and productivity of production.
Page 31
16

Hazop Sif Sil

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Hazop Sif Sil

Uploaded by

Copyright:

Available Formats

HAZOP SIF - SIL

Global Safety Solutions Center

British Gas Mumbai - India November, 2007

HAZOP, SIF, SIL

Risk identification Layers of protection What are SIFs Determine SIL

Risk assessment and SIL classification

Hazard and risk assessment

Allocation of safety functions

Management of functional safety

Safety requirements specification

General method : HAZOP 9 Hazard and operability study

Characteristics of the HAZOP method

HAZOP Basic explanation

HAZOP What we need !

Describe possible hazard consequence

Determine SAFEGUARD - SIF / Mechanical / Mitigation

Determine sensors and final elements (SIF)

HAZOP HAZOP Requirements

HAZOP Hazop Method Preparation:

During the sessions:

Layers of protection : Onion model

PEFS example (2 phase separator)

final element final element

SIF # 1 (e.g. SIL 4)

SIF # 2 (e.g. SIL 3)

SIF # 3 (e.g. SIL 3) )

SIF # 4 (e.g. SIL 2)

SIF # 5 (e.g. SIL 1)

All loops may effect the process availability

Determine target SIL

Determine target SIL

Broadly Acceptable Region

Risk Graph (determination of SIL)

F Frequency of exposure to hazard

P Possibility to avoid hazard

W Probability of occurrence of hazard

1. Unmanned installation: CB; FA ; PB => SIL 1 2. Manned installation:

CC; FB ; PB => SIL 3

Risk Graph (determination of SIL)

LOPA: example of defenses

pre-alarm and trip Protection layers

Explosion of gas cloud

One operator killed and 6 months downtime

RV repair & Environmental impact

The PZHH function

SIL Classification Methodology

Design intent of SIF Hazardous situation to be protected against

EXAMPLE Risk Matrix

Health and Safety Consequences

What are the SIFs ?

Thermal or Fire Relief only setting 60 barg

Design Pressure 60 Barg

Hydrocarbons 120 Bar

HAZOP, SIF, SIL

You might also like