monitoring the reliability performance of high integrity...
Post on 06-Mar-2018
218 Views
Preview:
TRANSCRIPT
Monitoring the Reliability Performance of High Integrity Pressure Protection Systems
Baris Arslan
Senior Safety Consultant
Oilconx Risk Solutions (ORS)
www.ors-no.com 1 30.10.2012
This presentation is about
2
• How to maintain HIPPS?
• How to demonstrate the reliability of HIPPS in operation?
• Human Reliability & HIPPS Maintenance
www.ors-no.com
3
The beginning of wisdom is to call things with their
right names
• HIPPS protects downstream equipment against
overpressure coming from upstream.
• Instrument based systems for secondary
protection – or HIPPS?
• Why is HIPPS so special?
www.ors-no.com
Source: isa.org
HIPPS or not
4
• In most cases, it is developed as a result of a
deviation from traditional process design
• Upon failure, it may cause major accidents
with catastrophic safety, environmental and
commercial consequences
• Typically very high integrity and fault
tolerance requirements
• Critical response times for the entire system
(could be 2-3 seconds)
www.ors-no.com
HIPPS is a special case; because:
5 www.ors-no.com
Task-based Architecture-based Standard-based
Shared components Independent components Independent / combined system
Topsides (*) Export pipelines Subsea Reduce demand rate on relief Eliminate a particular scenario from design basis Others...
API designed assets IEC 61508 IEC 61508 / P-001 /OLF070
Classification of HIPPS – different
generations
6
• Procedures for analyzing maintenance
performance for:
– Systematic faults & recurring faults
– Assessing demand rates (if higher than design
basis or not)
– Diagnosis / repair / revalidation
• Ensuring that functional safety is maintained
during operation and maintenance
• Availability of skills and resources for
maintenance
www.ors-no.com
• Chronological documentation of repair and
maintenance
– Results of tests
– Documentation of the time
– Documentation of modifications
• High safety integrity systems with particularly
severe consequences – not share common
maintenance procedures
IEC:61508 §2010–ensuring functional safety
during operational phase
7
• OLF 070 gives detailed guidance about SIS (indirectly HIPPS) maintenance focusing on:
– SIS Maintenance Scope
– Use of vendor documents
– Functional testing requirements
– Integral / partial tests
– Maintenance reporting
– Compensating measures upon overrides and failures
– Reporting of demands / anomalies
• P-001 contains – Requirements about testing frequency
– Valve leakage testing frequency
– System regularity aspect
• Reference is made to IEC standards
• API 521, Annex E.5 gives some guidance
about HIPPS testing. Highlighted issues are:
– Considering site resources when establishing
testing frequency
– Potential for introducing faults and spurious
shutdowns due to human error
• API 17O – Subsea HIPPS
– The proof test intervals are to be documented
in the maintenance procedures
– Experience data to include failure data source
based on the number of performed tests of the
SIF together with how many of these resulted
in a failure
www.ors-no.com
OLF/NORSOK views on HIPPS maintenance
8
• PM Procedure for each HIPPS
– Linked to design basis documents (such as SRS)
• Maintained database for information such as demands, failures etc.
• Well-designed infrastructure to accomodate information flow (maintenance reports, failure codes,
damage codes, automatic notifications etc.)
• Well established procedures to analyse failure data
• Verification and validation activities (see assurance on next slide)
• Competent (and available) personnel to make decisions in due time
www.ors-no.com
Key requirements for HIPPS maintenance
appear to be
Data Validation PM or Corrective
Maintenance
• System responsible is notified
• Origin of data is controlled (document traceable)
• Equipment type (manufacturer, year etc. checked)
• Operating conditions are verified
• Failure code and long text is checked (i.e. in compliance
with corporate guideline/EN 14224)
• Offshore personnel is consulted for data validation
Onshore Verification
• Test period
• Acceptance criteria for verification
• Pass/fail statement for the verificaton
• Revisions on design basis documents
• Competence requirements
• Verification of functional test on
component basis
PM Procedure ERP System
Database
Stage 1 Stage 2
Two Stage Offshore Failure Data Validation
for HIPPS
20 years – How does reliability change?
Design Basis
Develop reliability model (Alternative: Existing model upon validation)
Define acceptance criteria (Datasheets/QRA/Corporate/Performance Standards)
Collect field data
Assess failure data
Revalidate
(How? – see failure reporting)
(Evaluate failure types) (Evaluate failure inter-arrival times) (Carry out trend analysis of field failure data)
Modification
Restore operation
(Degraded system)
Monitoring Reliability Performance
• 90% confidence interval has been applied for OREDA based studies
• 70% confidence interval for IEC-based appraoch
• Only useful lifetime has been included due to
– Offshore site-acceptance test
– Onshore factory acceptance test
– Assumption: Sub-components are replaced before the wear-out period (e.g. lifetime replacements)
Useful lifetime and confidence interval
12
• Field data is vital for the credibility of Periodic Reliability Monitoring
• Standardized data format is necessary to adress failure cause and failure consequence
• Data needs to be collected for all HIPPS components, e.g. input devices, control units and final elements
• Why is it difficult to collect data? – It requires:
• Resources (positive & negative reporting)
• Competence and motivation
• Sophisticated ERP systems
www.ors-no.com
System responsible
Offshore supervisor Offshore technician
Vendors
Reliability specialist
Surveyors/ Authorities
Data collection is the key
13 www.ors-no.com
Functional Check Procedure is followed
In case of failure, notification is created in the company ERP by technicians
Unique failure codes are used
Additional damage text is included
Operational mode is adjusted as per SRS and PM procedure
Always shutdown Degraded Operation Always Production
Onshore investigations start
• All possible HIPPS sub-component failures must be well known
• Technicians must be trained to recognize all failure types
• Interfacing systems and associated failures must be assessed in detail
• HIPPS Training package for technicians must adress:
• Practical use of SRS • Use of Preventive
Maintenance (PM) procedure with SRS
• Use of failure codes in ERP systems
• Potential human errors
In case of HIPPS failures (offshore) and
training package
14
• Different strategies based on HIPPS
classification (see Slide 4)
– For 1st generation HIPPS, focus on dangerous
undetected failures and
– For 3rd generation HIPPS, classification of both
safe and dangeorus failures
• Failure database is updated based on failure
classifications
www.ors-no.com
Code Input Final Logic
AIR X
DOP X
ELP X X
ELU X X
ERO X X
FTC X
FTF X X
HIO X
HUE X X X
INL X
LOO X
PLU X X
SER X X X
SPO X X X
STD X
Failure codes for HIPPS ~ SAP/EN14224
Classification of failure codes for different
generations HIPPS
15
PERIODIC CHECKS
• Keep it simple
• Use existing reliability model (if any) for a particular HIPPS
– (clear benefits if the model is not software dependent, e.g. excel based or similar)
• Apply simple but recognized methods to evaluate the effect of failure inter-arrival times, distributions, sampling etc.
• Determine a final failure rate to update the model
• Is the HIPPS performance acceptable?
– Where is the acceptance criteria?
ACCEPTANCE CRITERIA
Again, different acceptance criteria based on HIPPS classifications (Slide 4)
Some examples:
• Fully risk-based approach
• Risk-based approach with minimum requirements
• API-based judgments (equal to or better than ”x” concept)
• Remember: Two-stage assurance model
to verify acceptance criteria periodically
www.ors-no.com
Periodic Verifications
• Classical human error producing conditions apply widely to ”full-automatic” HIPPS operation
and maintenance
• Based on our experience, typically observed human errors on HIPPS relate to red marked
items in the North Sea:
– Poor feedback (reporting)
– Physical capabilities exceeded
– No independent check after testing
– Unclear allocation of function and responsibility
– An incentive to use more dangerous methods
– A poor or hostile working environment
– Task pacing caused by intervention of others
– Operator inexperienced
– Little or no independent checking or testing of output
– High level emonotional stress
– Disruption of normal work sleep cycles
– Unfamilarity with the situation which occurs (infrequent or new situation)
– A need to unlearn a technique and apply one which requires application of another philosophy
HIPPS – Human Error Producing Conditions
17
• Human reliability is a huge concern for HIPPS operation and maintenance
• Numerous incidents have been observed at different companies where HIPPS valves and/or transmitters have been disabled
• Generally speaking, limited focus on quantification of human reliability for maintenance of HIPPS in the oil and gas business
• Limited failure reporting regarding human failures during maintenance
• Human reliability must be considered as
an integral part of «overall reliability» for
HIPPS
www.ors-no.com
Human Reliability
Hardware Reliability
Software Reliability
Overall HIPPS reliability
Human reliability & HIPPS maintenance
Required
Achieved
Periodic Reliability Assessments (PRA) reveal the
weakest components in critical loops
19
• Failure of HIPPS may lead to major accidents with catastrophic consequences
• Maintenance & Operation – longest lifecycle – we need reliable HIPPS all the way thru
• A customized approach is needed for different types of HIPPS, Operating Company and Operating Unit
• HIPPS maintenance – if done as advised by IEC – is a complex job requiring strict collaboration and interaction at all levels. It requires highly competent, motivated people and enhanced data management tools
• Collection and analysis of data are very important. Credibility of simply «everything» is at the stake if we don’t collect correct field data from offshore oil platforms
• Human failures remain as a big concern. Human reliability must be adressed as a part of overall HIPPS reliaibility
• No quick-fix for HIPPS maintenance
www.ors-no.com
Conclusion
Baris Arslan
Senior Safety Consultant
baa@ors-no.com
+46 735391827
20 www.ors-no.com
For more information, please contact
top related