GCPS 2013 __________________________________________________________________________

"Using ESD Valves as Safeguards, Myth or Reality?"

German Luna-Mejias, P. Eng.
ACM Facility Safety
Suite 700 940 6th Ave SW, Calgary, AB, Canada
gluna@acm.ca
guatire2@gmail.com

Prepared for Presentation at

American Institute of Chemical Engineers
2013 Spring Meeting
9th Global Congress on Process Safety
San Antonio, Texas
April 28 May 1, 2013
UNPUBLISHED

GCPS 2013 __________________________________________________________________________

AIChE shall not be responsible for statements or opinions contained

in papers or printed in its publications

GCPS 2013
__________________________________________________________________________

"Using ESD Valves as Safeguards, Myth or Reality?"

German Luna-Mejias, P. Eng.
ACM Facility Safety
Suite 700 940 6th Ave SW, Calgary, AB, Canada
gluna@acm.ca
guatire2@gmail.com

Keywords: Process, Safety, Emergency, Shutdown, valve, bypass

Abstract
An Emergency ShutDown (ESD) valve is a safety device to be actuated during an emergency
situation to prevent hazardous consequences. The ESD valves are to be designed not to create
additional hazards when actuated. Sometimes, due to operational constraints ESD valves are
bypassed which contradicts best practices and creates an incremental risk for the facility, people
and environment. Lack of regulations sometimes drives ESD valves users to overlook or ignore
best practices with the associated incremental risk. This paper presents experiences during
HAZOPs/field observations where installed ESD valves are claimed as safeguards but are not
(can be bypassed). The intent of this paper is to call the attention of designers, operators and
managers of the potential hazardous consequences they may face if ESD valves are not used as
per recommended practices.

1. Introduction
Our police force has to be right every time to prevent worst case scenarios, the bad guys only
have to be right once for a major impact to occur. Exactly the same happens with safety; safety
devices have to work when required; only one failure is enough to cause a major impact.
The use, absence or abuse of safety devices e.g. emergency isolation valves- have been the
cause of several accidents in the industry:

A.P. Green Refractories Company Explosion at Brick Kiln during start-up due to a
main gas isolation valve bypass line leaking with 2 injured. Georgia, USA 1985. [1]
Oil & Gas, Sonat Exploration Company - Explosion and fire due to misalignment of
manual valves when feeding a low pressure system with HP Gas with 4 fatalities.
Louisiana, USA. March 1998.[2]

GCPS 2013
__________________________________________________________________________

Ammonia Plant: Fire and explosion with substantial damage to a reformer-furnace due to
bypass of control valve -with shutdown function- inadvertently open. No injuries, India,
May 1998.[3]
Esso-Australia Gas Plant Explosion due to the improper use of bypass valve around
safety valve as the safety valve was not operable with 2 fatalities and substantial public
welfare impact. Victoria, Australia. Sept 1998.[4]

As per these four examples, problems can happen anywhere in the world. In the last 3 years,
when performing Process Hazards Analyses (PHA), the PHA teams indicated no concerns about
bypasses around ESD valves, because there are no regulations that prevent this. Common
responses were: this is not regulated, why worry about it or even worse: recommended
practices are recommendations, they are not mandatory. These practices are not only
recommended practices but common sense. Additionally, as AIChE members (including
professional denominations), the Code of Ethics indicates that welfare of the public and
environment is paramount.

2. Definitions
Emergency isolation valves, emergency block valves, Emergency Shutdown valves or
Automated Shutdown valve are different names for the same type of function valve.
A paper presented to GCPS in 2012 [5] indicates that the Emergency Block Valves (EBV) are
namely different as per different codes, regulations and companies.
2.1 Additional definitions:
Emergency Block valves are used to control a hazardous incident. These are valves for
emergency isolation and are designed to stop the uncontrolled release of flammable or toxic
materials [6]
The ASV (Automated Shutdown Valve) is most commonly use in the Pipeline Safety Act 2011
[7]. The concept of the ASV is to mitigate the release of flammable or toxic materials, not the
prevention of it. Pipeline Safety concern is H&SE not Process Safety.
2.1 ESD valve:
A valve with the following characteristics:

Actuated valve
Actuate upon a detection of a dangerous event defined by designers/operators and
confirmed during PHA study.
Provide protection against possible harm to people, assets or environment.
Not used for control

GCPS 2013
__________________________________________________________________________
An Emergency Shutdown valve for the scope of this paper- is a valve that will prevent a
hazardous situation from occurring (i.e. closing to prevent the overpressure of the vessel
downstream of the valve) or mitigating the impact after the situation occurred.
2.2 Bypass valve:
Definition of bypass:

go around something
channel carrying a fluid around a part and back to the main stream

In the oil and gas industry is sometimes common to find bypasses around control valves; this
situation is commonly used when it is expected that the valve may need maintenance during the
operation of the plant. The plant can continue to run for a short period of time with a manual
controlled function using a globe valve. This is a common accepted practice.
In this paper, the word bypass is a key element of the study, and follows the second definition:
channel carrying a fluid around a part and back to the main stream; more specific: around the
ESD valve.
2.3 Norms and Standards
Depending on the system under review, there are several norms, recommended practices,
regulations, etc. associated with the operation and installation of ESD valves.
Nevertheless, none of these documents indicates or dictates providing a bypass around an ESD
valve. A list of these documents is provided in the appendix A.

3. Installation and Use of ESD valves

In Vivianos work [5], the use of the 5W (What, Who, When, Where and Why) helps to
identify the need for emergency isolation valves. In this paper, it is considered that all 5W are
being taken in consideration and the evaluation is moving onto the next questions: Is it correctly
installed? It is a valid layer of protection? Does it protect against a hazardous event? Does it
mitigate the impact?
Is my safeguard device reliable? In the O&G business a spurious trip is also a problem, but does
not affect public welfare. Once the ESD valve is included in the detail design, how do we ensure
it is going to work in the different scenarios that led to the installation of the ESD valve?
The first phase of the analysis it to perform the risk evaluation or risk assessment.
3.1 Risk Analysis
During a PHA, analysis will be done to ensure the different ESD valves are valid safeguards to
prevent the hazardous event from happening. In this phase of the study a qualitative analysis is

GCPS 2013
__________________________________________________________________________
performed and team members will agree, or disagree, on the protection being used for
prevention. A good facilitator should challenge the team about the effectiveness of the safeguard
(e.g. is there enough Process Safety Time, Is the actuation of the ESD valve creating another
hazardous condition(s)?).
On the other hand, since the PHA is a qualitative analysis, each safeguard is considered to be of
the same weight or of the same importance. If required, an additional safeguards evaluation
may be carried out: LOPA.
LOPA (Layers of Protection Analysis) is a semi-quantitative analysis to determine the PFD
(probability of failure on-demand) of the safeguards to meet the tolerable frequency requirements
of each company.
Based on LOPA an Emergency Shutdown Valve may require being a SIL rated device to achieve
the tolerable frequency for a specified event. SIL rated means that the associated elements of the
safety device has to be designed, constructed and maintain to a minimum level of probability of
failure when demanded to operate [8]
Previously it was mentioned that ESD valves should not be used to perform a control function as
the reliability or SIL rating of the ESD valve may be compromised. The PFD of a typical BPCS
(Basic Process Control System) is 0.1 (1 failure every ten times it is demanded) and the ESD
valve may require a higher reliability (e.g. SIL 2).
3.2 Use of ESD for Accident/Incident Prevention
When referring to Emergency Block Valves or Emergency Shutdown valves, two functions (or
purposes) should be studied: 1. Use of ESD valves for preventing the hazardous situation from
happening (preventive barrier). 2. Mitigating the consequence (acting after the hazardous event
happens).
3.2.1 Accident/Incident Prevention
Valves in this category are mainly used in industries (e.g. Oil & Gas) to prevent the hazardous
event from happening.
In several scenarios briefly described in the introductory section of this paper, ESD valves were
installed to prevent a hazardous incident from occurring as per the original plant design concept.
3.2.2 Accident/Incident Mitigation
Valves in this category are mainly used to prevent public exposure to a hazardous event, after the
initiating event occurs. These scenarios are largely described and analyzed in documents such as
Pipeline Safety Act 2011 [7].

GCPS 2013
__________________________________________________________________________
The concerns of the regulator are focused more on spurious trips that may create a public impact
due to the effect of cutting the gas supply to communities. In this case, the regulator may
recommend a manually activated Isolation Valve. For this scenario, a LOPA is recommended to
ensure that the Isolation valve will have a low PFD (probability of failure on demand).

4. ESD Valve Configuration

Sometimes for ease the operation the bypassing of ESD valves are permitted as there are no
regulations or norms against it but common sense. These ease operation scenarios may
remove the protection intent of the ESD valve.
4.1 Creating additional hazards.
Installing an ESD valve to reduce the risk is a good idea unless this addition creates additional
hazards. If the ESD valve closes, it will isolate two systems: one at high pressure and other at
lower pressure. What happen if the high pressure system cannot withstand the pressure? This
analysis should be part of the PHA analysis.
Sometimes, a risk analysis is improperly done just to complete a check mark in a paper that
means the activity was performed. Therefore a proper evaluation is not accomplished and the
operator may believe the facility is safe to operate and it is not.
Unfortunately in many projects the PHA is just a check mark to achieve the project approval
and the PSM is not strong enough to ensure a proper PHA is accomplished. In an evaluation
done by OSHA [9] it has been found that improper or inaccurate hazard assessment is one of the
main deviations from the safety programs.
In many PHAs studies it has been found that as no regulations mandate the owner to avoid
bypassing the ESD valves they are frequently bypassed as it makes the start-up much easier and
faster.
If the ESD valve is designed to Provide protection against possible harm to people, assets or
environment or actuated upon a detection of a dangerous event it should not be bypassed. A
general rule of Safety indicates that: the important thing to do is to be safe when nobody is
watching
4.2 Bypassing ESD valve for start-up.
After the PHA and LOPA team agrees to install an ESD valve with specific SIL rating and
confirms that no added risk will be created if valve is actuated, what is next?
Even if no regulation mandates it common sense indicates that if a bypass is required around
an ESD valve the bypass has to be equipped with similar protection or equivalent to prevent the
inadvertent operation of bypass or minimize the possibility of leaking.

GCPS 2013
__________________________________________________________________________

What are the problems associated with improper bypassing of ESD valves?

Operator error may remove protection

Valve leakage may remove protection

Any of these scenarios will invalidate the PHA previously performed and due diligence
may be difficult to justify if an accident happens.

Filling the lines with products before start-up is a common practice, occasionally done by
opening the bypass around the ESD valve. The filling of lines is not a problem but the increased
pressure on the downstream side of the ESD valve may be a problem. That is what happened in
the Esso accident (Victoria, Australia) as a valve misalignment created an overpressure of the
receiving vessel.
Use of CSC (car seal closed) valves in the bypass around ESD valves is a partial protection as
the isolation valve may leak overtime without the operator knowing it. Pressure equalization is a
bigger issue than flow.
In the incident that occurred in the Brick Kiln the bypass valve around the main isolation valve
was somehow inadvertently open; it means that to start-up the facility the protection was
removed.

5. Conclusions
Potential damages to public and environment can be serious, including fatalities, as it has been
shown in several accidents around the world.
In the Pipeline Safety Act 2011 [7], the major concern is the amount of gas release and the
impact on public after the incident happens. It does not direct the users to provide preventive
safeguards.
As there are no specific regulations or codes, the bypassing of safety devices is a concern that is
very likely to be overlooked.

GCPS 2013
__________________________________________________________________________

6. Recommendations
6.1 General

Accident prevention requires ACTIVE leadership by management of safety issues.

Effective implementation of the right controls to manage, mitigate or eliminate hazards
and reduce risk.
Management systems and attitudes towards safety go hand-in-hand in creating robust
defenses.

This paper is written with the intention that the reader perform due diligence to make sure the
area under his/her responsibility is safe.
6.2 Safe Design

As a general rule, ESD valves should be installed based on PHA/LOPA

The actuation of ESD valves must not create additional hazards.
The required reliability of an ESD valve (PFD) must be evaluated by a LOPA or similar
analysis.
Bypass around ESD valve should only be permitted if an additional ESD valve with the
same functionality is installed in the bypass.

6.3 Operating practices

In the accidents reviewed at the beginning of this paper, in most of the cases the inadvertent
opening or closing of a valve was a key element to the problem. It is highly recommended to
implement a PSSR (Pre Start-up Safety Review) before any start-up.

7. Final Remarks

Bypass of a safety device may save time for operator, but may cost lives!
Follow PSM or equivalent because you want to be safe, not because a regulation requires
it!
A general rule of Safety indicates that: the important thing to do is to be safe when
nobody is watching

GCPS 2013
__________________________________________________________________________

8. References
[1] OSHA. Accident Report: Explosion in Brick Kiln. Accident # 14542070, report ID 0418100.
Washington, DC. 1985
[2] CSB. Investigation Report: Catastrophic Vessel Overpressurization (4 deaths). Report #
1998-002-I-LA; Chemical Safety Board, Washington, DC. 2000
[3] R.M. Chopde & K.M. Patel ., Ammonia Plants: Past accidents and lessons learnt, Krishak
Bharati Cooperative LTD, India. Presented at International Fertilizer Industry Association (IFA)
Technical Conference, Louisiana, 2000.
[4] A. Hopkins, PhD ., Lessons from Essos Gas Plant Explosion at Longford; Australian
National University, 2000.
[5] J. Viviano ., Emergency Block Valves; presented at VIII Global Congress on Process
Safety, 2012.
[6] API Recommended Practice API RP-553:Refinery valves and accessories for Control and
Safety Instrumented Systems, Chapter 7. American Petroleum Institute, 1998.
[7] Pipeline Safety Act 2011 U.S. Congress, Law 112-90 Jan 3, 2012.
[8] CCPS., Layer of Protection Analysis: Simplified Process Risk Assessment, Center for
Chemical Process Safety. New York, NY. 2001.
[9] Jordan Barab., "Learning from Industry Mistakes" presented at NPRA National Safety
Conference, May 2010

GCPS 2013
__________________________________________________________________________

APPENDIX A
Regulations, codes and recommended practices for the installation of emergency block
valves.

API RP-553 Refinery valves and accessories for Control and Safety Instrumented Systems
American Petroleum Institute, 2007.
NFPA 30 Flammable and Combustible liquid Code, National Fire Protection Association, 2012
NFPA 497 Recommended Practice for the Classification of Flammable Liquids, Gases, or
Vapors and of Hazardous (Classified) Locations for Electrical Installations in Chemical Process
Areas National Fire Protection Association, 2012
API RP-500 Electrical Area Classification American Petroleum Institute, 2000
NFPA-58 Liquefied Petroleum Gas Code National Fire Protection Association, 2011
API RP-2510 Design and Construction of LP-Gas Installations at Marine and Pipeline
Terminals, Natural Gas Processing Plants, Refineries, Petrochemical Plants, and Tank Farms, 4th
Edition, 1978. American Petroleum Institute; recommended practice.
NFPA 85 Boiler and Combustion System Hazards Code, National Fire Protection Association,
2011
API RP-560 Fired heaters for General Refinery Services American Petroleum Institute, 2001
API RP-556 Instrumentation, Control and Protective Systems for Gas Fired Heaters, American
Petroleum Institute, 2000.
API RP-520 Part I: Sizing, selection, and installation of pressure-relieving devices in
refineries. Part II Installation American Petroleum Institute, 2000
API RP-521 Guide for pressure-relieving and de-pressuring systems, American Petroleum
Institute, 1998
Pipeline Safety Act 2011: U.S. Congress, Law 112-90 Jan 3, 2012.