lopa [compatibility mode]

LAYER OFOF

PROTECTION ANALYSIS

Sebuah Risiko…..

Protesha Sinergy – Copyright 2010

Analisis Risiko


System Description

Siklus Analisis RisikoSystem Description

Hazard Identification

Scenario Identification

Accident ConsequencesAccident Probability

Risk Determination

Risk and/or NO

Risk Determination

HazardAcceptance

YES

Modify Design


Build and/or Operate System

Aliran Analisis Risiko


Milestone Analisis Risiko

Based-ScenarioNon-Based Scenario


Refer to reactor system shown.The reaction is exothermic A

Hazard Scenario

Cooling Coils

Monomer

The reaction is exothermic. A cooling system is provided to remove the excess energy of reaction. In the event of

li f i i l h o o eFeed

Cooling Water to Sewer

cooling function is lost, the temperature of reactor would increase. This would lead to an increase in reaction rate

Cooling Water In

an increase in reaction rate leading to additional energy release.

The result could be a runaway The result could be a runaway reaction with pressures exceeding the bursting pressure of the reactor. The

i hi h TC Thermocouple temperature within the

reactor is measured and is used to control the cooling water flow rate by a valve.


water flow rate by a valve.

HAZOPS untuk HAZARD Scenario

Guide Word

Deviation Causes Consequences Action

NO No cooling Cooling water Temperature Install highNO No cooling Cooling water valve malfunction

Temperature increase in reactor

Install high temperature alarm (TAH)

REVERSE Reverse cooling flow

Failure of water source

Less cooling, possible runaway

Install check valvecooling flow water source

resulting in backward flow

possible runaway reaction

MORE More cooling fl

Control valve f il t

Too much cooling, t l

Instruct operators dflow failure, operator

fails to take action on alarm

reactor cool on procedures

AS WELL Reactor d i

More pressure in Off-spec product Check iAS product in

coilsreactor maintenance

procedures and schedules

OTHER Another Water source May be cooling If less cooling, TAH


THAN material besides cooling water

contaminated inefffective and effect on the reaction

will detect. If detected, isolate water source. Back up water source?

Analisis dalam LOPAAnalisis dalam LOPA


Definisi

A Si lifi d f f i k hi h A Simplified form of risk assessment which uses order of magnitude categories for initiating event frequency, consequence severity, and the likelihood q y, q y,of failure of independent protection layers (IPLs) toapproximate the risk of a scenario.

an analysis tool that typically builds on the information developed during a qualitative hazard gevaluation, such as a process hazard analysis (PHA)

REDUCE FREQUENCY TO ACHIEVE TOLERABLE RISK


Sumber : CCPS

TOLERABLE RISK

Risk of Scenario


Tahapan dalam LOPA

1. Pengidentifikasi dan pendefinisian skenario2. Penentuan skenario insiden. e e tua ske a o s de3. Identifikasi “Initiating Event”4 P id tifik i b b (I iti ti E t) 4. Pengidentifikasian penyebab (Initiating Event)

dan penentuan “Initiating Event Frequency”5 P id tifik i “P t ti L ” d 5. Pengidentifikasian “Protection Layer” dan

penentuan “Probability Failure on Demand (PFD)”(PFD)

6. Penentuan “Risk Frequency”


Konsep dasar LOPA

Intiating Event(Cause) Diagram alir skenario

Enabling Events & Condition

Independent Protection Layer

(IPL)Consequence

Conditional Modifier

1. Initiating Event : Penyebab tunggal pada suatu skenario yang berujung pada terjadinya konsekuensi yang tidak dii i kConditional Modifier

(Condiitional Influence) diinguinkan

2. Enabling Event & Condition : Penyebab lanjutan yang dipicu oleh I iti ti E tInitiating Event

3. Conditional Modifier : Kemungkinan dampak tambahan yang memperparah konsek ensi


konsekuensi (Probability of ignition, Probability of fatal injury, etc)

Konsep dasar LOPA

IPL1 IPL2 IPL3

S i

Initiating Event

Mitigated Risk = reduced frequency * same consequence

Scenario Consequence

PreventiveF

PreventiveF

PreventiveF

Success

Initiating Event SuccessSafe Outcome

FeatureFeature Feature

Initiating Event

Failure

Success

Success

Safe Outcome

Safe OutcomeDiagram alir cara

kerja IPLFailure

FailureConsequences exceeding criteria Key:

Thickness of arrow


ImpactEvent

frequencyrepresents frequency of the consequence if later IPLs are not successful

Analisis Konsekuensi

Guide Word

Deviation Causes Consequences Action

NO No cooling Cooling water Temperature Install highNO No cooling Cooling water valve malfunction

Temperature increase in reactor

Install high temperature alarm (TAH)

REVERSE Reverse cooling flow

Failure of water source

Less cooling, possible runaway

Install check valvecooling flow water source

resulting in backward flow

possible runaway reaction

MORE More cooling fl

Control valve f il t

Too much cooling, t l

Instruct operators dflow failure, operator

fails to take action on alarm

reactor cool on procedures

AS WELL Reactor d i

More pressure in Off-spec product Check iAS product in

coilsreactor maintenance

procedures and schedules

OTHER Another Water source May be cooling If less cooling, TAH


THAN material besides cooling water

contaminated inefffective and effect on the reaction

will detect. If detected, isolate water source. Back up water source?


1 C A h i h di f h h

Metode analisis konsekuensi yang sering di pakai dalam LOPA

1. Category Approach without direct reference to human harm

2. Qualitative estimates with human harm

3. Qualitative estimates with human harm with adjustments for post-release probabilities

4 Quantitative estimates with human harm4. Quantitative estimates with human harm

5. Overall cost resulting from potential incident (e.g., capital losses, production losses etc.)



1. Category Approach without direct reference to human harm Fokus pada upaya pencegahan daripada mitigasi Tidak menggunakan ukuran “human injury/fatality” Menggunakan matrix untuk masing-masing kategori


Analisis Konsekuensi2 Qualitative estimates with human harm2. Qualitative estimates with human harm

Fokus pada dampak yang diderita noleh manusia Hasil perhitungan risiko dapat dibandingkan secara langsung

dengan Risk Tolerance Criteriadengan Risk Tolerance Criteria



3. Qualitative estimates with human harm with adjustments for post-release probabilities

Serupa dengan metode no 2, namun penekanannya lebih pada setelah Serupa dengan metode no. 2, namun penekanannya lebih pada setelah penyebab terjadi (misal : release-nya bahan kimia)

Memperthitungkan : Probabilitas kejadian yang menjadi penyebab, probabilitas manusia yang ada disekitarnya, probabilitas terjadinya i j /f t litinjury/fatality


Analisis Initiating Event

Untuk menentukan suatu penyebab (Initiating Event) dalam skenario selalu didahului pertanyaan :

What is the likelihood of the undesired event in the scenario ?

Wh t i th i k i t d ith thi i ? What is the risk associatedwith this scenario ?

Are there sufficient risk mitigation measures ?


Analisis Initiating EventJenis jenis penyebab (Type of Initiating Event)Jenis-jenis penyebab (Type of Initiating Event)Jenis kejadian Contoh

Kegagalan bersifat mekanis Korosi, Vibrasi, Erosi, Fracture, PSV (Mechanical failures) stuck open, fabrication defect, brittle,

gas/seal/flange bocorKegagalan karena sistem pengendali (Control System Failures)

Sensor/Logic/Control Element Failures, Wiring failures, Software crashes,(Control System Failures) Wiring failures, Software crashes, Interface blocked

Kegagalan karena sistem penunjang (Utility Failures)

Power failures, Cooling System failure, Instrument air system failure

Kegagalan karena bencana alam (Natural external events)

Gempa bumi, Tornado, Banjir, Petir

Kegagalan karena kondisi eksternal Pabrik tetangga failure, ditabrak egaga a a e a o d s e ste a ab teta gga a u e, d tab akendaraan

Kegagalan karena ketidakmampuan kondisi manusia (Human Failures)

Operational Error, Maintenance Error, Response Error


Analisis Initiating EventSumber data untuk menentukan Initiating Event FrequencySumber data untuk menentukan Initiating Event Frequency diperoleh dari :

1. Data Industri (biasanya dari lembaga eksternal - contoh : )OREDA)

2. Pengalaman Perusahaan3 D t d (d t d i b t l t)3. Data vendor (data dari pembuat alat)


Analisis Independent Protection Layer (IPL)

IPL Si /Al /Ak ifi b j hIPL : Sistem/Alat/Aktifitas yang bertujuan mencegah (preventing) atau memindahkan (mitigate) penyebab (initiating event) agar tidak menjadi dampak yang tak ( g ) g j p y gdiharapkan (the undesired consequences)

Tipe-tipe yang tergolong IPL :p p y g g g• Process Design (Inherently Safer Design)• Basic Process Control System

C i i l Al d H I i• Critical Alarm and Human Intervention• Safety Instrumented System• Physical Protectiony• Post-release Protection• Plant Emergency Response


• Community Emergency Response


COMMUNITY EMERGENCY RESPONSE

PLANT EMERGENCY RESPONSE

PREVENTION

MITIGATION

Mechanical Mitigation Systems Fire and Gas Systems

PREVENTION

Safety Critical Process Alarms

Safety Instrumented Systems

Basic Process Control Systems Non-safety Process alarms

Operator Supervision

Process Design



Agar suatu sistem/alat/tindakan (safeguard) dapat dipertimbangkan sebagai IPL maka harus memenuhi :

• Efektif dalam mencegah agar tidak terjadi dampak ketika • Efektif dalam mencegah agar tidak terjadi dampak ketika berfungsi Dapat men-detect penyebab D d id i d k k dil k k Dapat men-decide tindakan yang akan dilakukan Dapat men-deflect dampak supaya tidak muncul

• Independent dari penyebab (Initiating Event) dan komponen p p y ( g ) pIPL lainnya untuk skenario yang sama

• Auditable dalam hal tingkat efektifannya dalam mencegah dampak, terutama dalam hal PFDp ,

Apabila seluruh IPL dipengaruhi oleh Common-Cause


p p gScenario, maka seluruh IPL tersebut dianggap IPL tunggal


P D iProcess Design

Umumnya ada 2 hal yang terkait dalam Inherently Safer Design dalam IPL Process Designdalam IPL-Process Design

• Eliminasi dengan menggunakan metode Inherently Safer Designg

• Memberikan angka non-zero PFD pada langkah Inherently safer Design yang lain

Nilai PFD Inherently (CCPS,2001)



BPCS adalah sistem yang memonitor, mengendalikan dan mempertahankan proses dalam rentang operasional yang amany g

Komponen-komponen sederhana dari Loop BPCSKomponen komponen sederhana dari Loop BPCS

BPCS memiliki 3 fungsi safety terkait dengan IPL

1. Continuous Control Actions - mempertahankan process dalam1. Continuous Control Actions mempertahankan process dalam rentang operasional yang aman (level controller)

2. Actions Alarm - Adanya Logic Solver/Alarm trips : mempertahankan process dalam rentang operasional normal dan alarm untuk operatorprocess dalam rentang operasional normal dan alarm untuk operator

3. Return process to stable state - Adanya Logic Solver/ Control relay : secara otomatis mengembalikan proses kepada keadaan yang aman


Analisis Independent Protection Layer (IPL)BPCSBPCSFailure Rate Data (CCPS, 2001)

PFD dalam BPCS dipengaruhi oleh :p g

• Adequacy of security and access procedures - terkait dengan manusia

• Level of redundancy - terkait dengan back-up system

• Historic failure rate terkait dengan latar belakang terjadin a • Historic failure rate - terkait dengan latar belakang terjadinya kerusakan/kegagalan

• Effective test rate - terkait dengan test

• Other factors Other factors to be considered include design manufacture


• Other factors - Other factors to be considered include design, manufacture, installation and maintenance.


C i i l Al d H I i (CAHI)Critical Alarm and Human Intervention (CAHI)

PFD dalam CAHI dipengaruhi oleh : da a C d pe ga u o e :

• Detection - Saat alarm berbunyi

• Decision - Saat response

A ti S t ti d k dil k k


• Action - Saat tindakan dilakukan


SIS adalah Safeguard/IPL yang terdiri atas sensor, logic solver, dan final element

Fungsinya adalah “hanya” membawa kondisi operasi ke “Safe State”Fungsinya adalah hanya membawa kondisi operasi ke Safe State

Dikenal dengan berbagai nama : Safety Interlock System, Emergency Shut-down System, dll

PFD dalam SIS dikenal pula sebagai RRF (Risk Reduction Factor) dan secara International Standard (IEC 61511) dikategorikan dalam Safety Integrity Level (SIL)



PFD dalam SIL



Physical Protection Relief Valve R Di Rupture Disc

PFD untuk Physical Protection



Physical Protection

Faktor yang mempengaruhi nilai PFD Sizing alat Design I l i Instalasi Kualitas Inspeksi Kualitas Perawatan Kualitas Perawatan Kebersihan cairan proses



Post-Release Protection Blast Wall Dik Dike

PFD untuk Post-Release Protection


Studi Kasus - 1


Format tabel LOPA

4 5 6 7 8 1 2 3

Protection Layers 9 10

# Initial Event

Initiating cause

Cause likelihood

Process design

BPCS Alarm SIS Additional mitigation

Mitigated event

Notes Event Description

cause likelihood design mitigation(safety valves, dykes, restricted access, etc.)

event likelihood

Likelihood = X Probability of failure on demand = Yi

Mitigated likelihood (X)(Y1)(Y 2) (Yn)Mitigated likelihood = (X)(Y1)(Y 2) (Yn)


Kasus 1: Flash drum for “rough” component separation for this proposed design.

VaporproductTC-6 PC-1Split range

PAH

cascade

Feed

product

T1 T5

TC-6 PC-1p g

Feed

MethaneEthane (LK)PropaneButane

FC-1

T1 T2

T3 LC-1

LALLAH

ButanePentane

Li idF2 F3

Liquidproduct

Processfluid

SteamAC-1

L. Key


Kasus 1: Flash drum for “rough” component separation. Complete the table with your best estimates of values.

4 5 6 7 8 1 2 3

Protection Layers 9 10

# Initial E t

Initiating Cause lik lih d

Process d i

BPCS Alarm SIS Additional iti ti

Mitigated t

Notes Event Description

cause likelihood design mitigation(safety valves, dykes, restricted access, etc.)

event likelihood

1 High Connection Pressure sensor

gpressure (tap) for

pressure sensor P1 becomes plugged

does not measure the drum pressure


Assume that the target mitigated likelihood = 10-5 event/year

Kasus 1: Some observations about the design.

• The drum pressure controller uses only one sensor; when it fails, the pressure is not controlled.

• The same sensor is used for control and alarming. Therefore, the alarm provides no additional protection f thi i iti tifor this initiating cause.

• No safety valve is provided (which is a serious design flaw)flaw).

• No SIS is provided for the system. (No SIS would be provided for a typical design.)provided for a typical design.)


Kasus 1: Solution using initial design and typical published values.

4 5 6 7 81 2 3 9 104 5 6 7 8 1 2 3Protection Layers

9 10

# Initial Event Description

Initiating cause

Cause likelihood

Process design

BPCS Alarm SIS Additional mitigation (safety valves, dykes

Mitigated event likelihood

Notes

dykes, restricted access, etc.)

1

High pressure

Connection (tap) for pressure

0.10 0.10 1. 1.0 1.0 1.0 .01 Pressure sensor does not measure the

sensor P1 becomes plugged

drum pressure

Much too high! We must make improvements to the design.


Kasus 1: Solution using enhanced design and typical published values.

4 5 6 7 8 1 2 3 Protection Layers

9 10

# Initial Event Description

Initiating cause

Cause likelihood

Process design

BPCS Alarm SIS Additional mitigation (safety valves,

Mitigated event likelihood

Notes

dykes, restricted access, etc.)

1

High pressure

Connection (tap) for pressure

0.10 0.10 1.0 0.10 1.0 PRV 0.01

.00001 Pressure sensor does not measure the

pressure sensor P1 becomes plugged

measure the drum pressure The PRV must exhaust to a separation (k k t)

(knock-out) drum and fuel or flare system.

Enhanced design includes separate P sensor for alarm and a pressure relief valve.

The enhanced design achieves the target mitigated likelihood.

Sketch on process drawing. Verify table entries.


Studi Kasus - 2


ScenarioThe two-phase separator V 180 is under level control (Level control LC 213). In case of high high liquid level, the level switch LSHH 214 would close emergency shutdown valve ESDV 172 and shutdown compressor C 130

Scenario


emergency shutdown valve ESDV 172 and shutdown compressor C 130 downstream of V 180. This is to prevent carrying liquid over to the compressor leading to compressor damage.

Hasil PHA (HAZOPs)


Analisis LOPA


Evaluasi Risiko


Terima Kasih


lopa [compatibility mode]

Documents

cooling system

cooling water flow rate

tah protesha sinergy

isolate water source

h o o efeedcooling water

temperature of reactor

reactor system

si lifi d f f i