Professional Documents
Culture Documents
objectives of a shutdown
control system
1- Protection of life
2- Protection of plant equipment
3- Avoidance of environmental pollution
4- Maximizing plant production i.e avoiding
unnecessary shutdowns
a) Safety
Safety means a sufficient protection from
danger.
Safety related controls are needed e.g. for
trains, lifts, escalators, burns, etc. The
safe controls must be designed in a way
that any component fault and other
imaginable influences do not cause
dangerous states in the plant.
Safety
is measured primarily by a parameter
called Average Probability of Failure
on Demand (PFDavg). This indicates
the chance that a SIS will not perform
its preprogrammed action during a
specified interval of time (usually the
time between periodic inspections).
Reliability
Reliability is the ability of a technical device to fulfill its
function during its operation time.
This is often no longer possible if one component has a
failure. So the MTBF (Mean Time
Between Failure) is often taken as a measurement of
reliability. It can either be calculated
statistically via systems in operation or via the failure
rates of the components applied.
The reliability does not say anything about the safety of a
system! Unreliable systems are safe if
an individual failure put the plant to the safe state each
time.
Availability
Availability is the probability of a system being a
functioning one. It is expressed in per cent and defines
the mean operating time between two failures (MTBF)
and the mean down time (MDT), according to the
following formula:
The mean down time (MDT) consists of the fault detection time andin modular systems- the time it takes to replace defective modules.
The availability of a system is greatly increased by a short fault
detection time. Fast fault detection in modern electronic systems is
obtained via automatic test routines and a detailed diagnostic display.
The availability can be increased through redundancy, e.g. central devices working
in parallel, IO modules or multiple sensors on the same measuring point. The
redundant components are put up in a way that the function of the system is not
affected by the failure of one component.
Here as well a detailed diagnostic display is an important element of availability.
Measures designed to increase availability have no effect on the safety. The safety
of redundant systems is however only guaranteed, if there are automatic test
routines during operation or if e.g. nonsafety related sensor circuits in 2-oo-3
order are regularly checked. If one component fails, it must be possible to switch
off the defective part in a safe way.
A related measure is called Safety Availability. It is defined as the probability that a
SIS will perform its preprogrammed action when the process is operating. It can be
calculated as
follows:
PRF = 1/PFDavg
Hazards Analysis
Generally, the first step in determining the levels of
protective layers required involves conducting a detailed
hazard and risk analysis. In the process industries a
Process Hazards Analysis (PHA) is generally
undertaken, which may range from a screening analysis
through to a complex Hazard and Operability (HAZOP)
study, depending on the complexity of operations and
severity of the risks involved. The latter involves a
rigorous detailed process examination by a multidisciplinary team comprising process, instrument,
electrical and mechanical engineers, as well as safety
specialists and management representatives.
Risk
Risk is usually defined as the combination
of the severity and probability of an event.
In other words, how often can it happen
and how bad is it when it does happen?
Risk can be evaluated qualitatively or
quantitatively. Roughly,
Risk reduction
Risk reduction can be achieved by reducing either the
frequency of a hazardous event or its consequences or by
reducing both of them. Generally, the most desirable
approach is to first reduce the frequency since all events are
likely to have cost implications, even without dire
consequences.
Safety systems are all about risk reduction. If we cant take
away the hazard we shall have to reduce the risk. This
means: Reduce the frequency and / or reduce the
consequence
The basic definitions of the safety related terminologies will
be studied in this course; there are three main examples of
the required safety actions as follow:
Alert personnel;
Release fire fighting systems;
Emergency ventilation control;
Stop flow of minor hydrocarbon sources such as
diesel distribution to consumers;
Isolate local electrical equipment (may be done
by ESD);
Initiating ESD and PSD actions;
Isolate electrical equipment;
Close watertight doors and fire doors.
Risk Evaluation
There is no such thing as zero risk. This is
because no physical item has a zero
failure rate, no human being makes zero
errors and no piece of software design can
foresee every possibility.
Risk assessment
The measurement of risk
Quantitative scale:
Minor Injury to one person involving less than 3 days absence
from work
Major Injury to one person involving more than 3 days
absence from work
Fatal consequences for one person
Catastrophic Multiple fatalities and injuries.
Qualitative scale
Unlikely
Possible
Occasionally
Frequently
Regularly
Alternatively
One hazardous event occurring on the
average once every 10 years will have an
event frequency of 0.1 per year.
A rate of 104 events per year means that
an average interval of 10 000 years can
be expected between events.
Scales of consequence