safety automation 2003 2
TRANSCRIPT
-
8/13/2019 Safety Automation 2003 2
1/25
1
ALL PROCESSES MUST HAVE SAFETYTHROUGH AUTOMATION
SAFETY MUST ACCOUNT FOR FAILURES OFEQUIPMENT ( INCLUDING CONTROL ) & PERSONNEL
MULTIPLE FAILURES MUST BE COVERED
RESPONSES SHOULD BE LIMITED, TRY TOMAINTAIN PRODUCTION, IF POSSIBLE
AUTOMATION SYSTEMS CONTRIBUTE TOSAFE OPERATION
(if they are designed and maintained properly!)
-
8/13/2019 Safety Automation 2003 2
2/25
2
LETS CONSIDER A FLASH DRUM
Is this process safe and ready to operate?
Is the design compete?
F1
hint
-
8/13/2019 Safety Automation 2003 2
3/25
3
Four Layers in the Safety Hierarchy
Methods and equipment required at all fourlayers
Process examples for every layer
Workshop
Whats in this topic?
SAFETY THROUGH AUTOMATION
-
8/13/2019 Safety Automation 2003 2
4/25
4
ALARMS
SIS
RELIEF
CONTAINMENT
EMERGENCY RESPONSE
BPCS
Strength in Reserve BPCS - Basic process control
Alarms - draw attention
SIS - Safety interlock system
to stop/start equipment Relief - Prevent excessive
pressure
Containment - Preventmaterials from reaching,workers, community orenvironment
Emergency Response -evacuation, fire fighting,health care, etc.
SAFETY INVOLVES MANY LAYERS TO PROVIDEHIGH RELIABILITY
Co
ntrol
-
8/13/2019 Safety Automation 2003 2
5/25
5
SAFETY STRENGTH IN DEPTH !
PROCESS
RELIEF SYSTEM
SAFETY INTERLOCKSYSTEM
ALARM SYSTEM
BASIC PROCESSCONTROL SYSTEM
Closed-loop control to maintain processwithin acceptable operating region
Bring unusual situation to attentionof a person in the plant
Stop the operation of part of process
Divert material safely
KEY CONCEPT IN PROCESS SAFETY -REDUNDANCY!
Seriousnessof event
Fourindependentprotectionlayers (IPL)
-
8/13/2019 Safety Automation 2003 2
6/25
6
CATEGORIES OF PROCESS CONTROLOBJECTIVES
1. Safety2. Environmental Protection3. Equipment Protection 4. Smooth Operation &
Production Rate5. Product Quality6. Profit7. Monitoring & Diagnosis
We are emphasizing these topics
Since people are involved, this isalso important
Control systems are designed to achieve well-definedobjectives, grouped into seven categories.
-
8/13/2019 Safety Automation 2003 2
7/25
7
1. BASIC PROCESS CONTROL SYSTEM (BPCS)
Technology - Multiple PIDs, cascade, feedforward, etc.
Always control unstable variables (Examples in flash?)
Always control quick safety related variables- Stable variables that tend to change quickly (Examples?)
Monitor variables that change very slowly
- Corrosion, erosion, build up of materials Provide safe response to critical instrumentation failures
- But, we use instrumentation in the BPCS?
-
8/13/2019 Safety Automation 2003 2
8/25
8
1. BASIC PROCESS CONTROL SYSTEM (BPCS)
Where could we use BPCS in the flash process?
F1
-
8/13/2019 Safety Automation 2003 2
9/25
9
The level is unstable;it must be controlled.
The pressure willchange quickly andaffect safety; it must becontrolled.
F1
-
8/13/2019 Safety Automation 2003 2
10/25
10
1. BASIC PROCESS CONTROL SYSTEM (BPCS)
How would we protect against an error in the temperaturesensor (reading too low) causing a dangerously high reactortemperature?
TC
Coldfeed
Highly exothermic reaction.We better be sure that
temperature stays withinallowed range!
-
8/13/2019 Safety Automation 2003 2
11/25
11
How would we protect against an error in the temperaturesensor (reading too low) causing a dangerously high reactortemperature?
Use multiple sensors and select most conservative!
T1
Cold
feed
T2
TYTC
Measured value
to PID controller
Controller
output
>
TY>
Selects thelargest of allinputs
-
8/13/2019 Safety Automation 2003 2
12/25
12
2. ALARMS THAT REQUIRE ANALYSIS BYA PERSON
Alarm has an annunciator and visual indication
- No action is automated !
- A plant operator must decide.
Digital computer stores a record of recent alarms
Alarms should catch sensor failures
- But, sensors are used to measure variables for alarmchecking?
-
8/13/2019 Safety Automation 2003 2
13/25
13
2. ALARMS THAT REQUIRE ANALYSIS BY APERSON
Common error is to design too many alarms
- Easy to include; simple (perhaps, incorrect) fix toprevent repeat of safety incident
- One plant had 17 alarms/h - operator acted on only 8%
Establish and observe clear priority ranking
- HIGH = Hazard to people or equip., action required
- MEDIUM = Loss of $$, close monitoring required
- LOW = investigate when time available
-
8/13/2019 Safety Automation 2003 2
14/25
14
2. ALARMS THAT REQUIRE ANALYSIS BY A
PERSON
F1
Where couldwe use alarms
in the flash process?
-
8/13/2019 Safety Automation 2003 2
15/25
15
A low level coulddamage the pump; ahigh level could allowliquid in the vaporline.
The pressure affectssafety, add a high alarm
F1
PAH
LAHLAL
Too much light keycould result in a largeeconomic loss AAH
-
8/13/2019 Safety Automation 2003 2
16/25
16
3. SAFETY INTERLOCK SYSTEM (SIS)
Automatic action usually stops part of plant operation toachieve safe conditions
- Can divert flow to containment or disposal
- Can stop potentially hazardous process, e.g.,combustion
Capacity of the alternative process must be for worstcase
SIS prevents unusual situations
- We must be able to start up and shut down- Very fast blips might not be significant
-
8/13/2019 Safety Automation 2003 2
17/25
17
3. SAFETY INTERLOCK SYSTEM (SIS)
Also called emergency shutdown system (ESS)
SIS should respond properly to instrumentation failures
- But, instrumentation is required for SIS? Extreme corrective action is required and automated
- More aggressive than process control (BPCS)
Alarm to operator when an SIS takes action
-
8/13/2019 Safety Automation 2003 2
18/25
18
3. SAFETY INTERLOCK SYSTEM (SIS)
The automation strategy is usually simple, for example,
If L123 < L123 min ; then, reduce fuel to zero
steam
water
LC
PC
fuel
How do weautomate this SISwhen PC is adjusting
the valve?
-
8/13/2019 Safety Automation 2003 2
19/25
19
If L123 < L123 min ; then, reduce fuel to zero
steam
water
LC
PC
fuel
LS s s
fc fc
15 psig
LS = level switch, note that separate sensor is used
s = solenoid valve (open/closed) fc = fail closed
Extra valve with tight shutoff
-
8/13/2019 Safety Automation 2003 2
20/25
20
3. SAFETY INTERLOCK SYSTEM (SIS)
The automation strategy may involve several variables,any one of which could activate the SIS
If L123 < L123 min ; orIf T105 > T105 max . then, reduce fuel to zero
SIS100
L123T105..
s
Shown as box in drawing withdetails elsewhere
-
8/13/2019 Safety Automation 2003 2
21/25
21
3. SAFETY INTERLOCK SYSTEM (SIS)
The SIS saves us from hazards, but can shutdown theplant for false reasons, e.g., instrument failure.
1 out of 1must indicate
failure
T100s
2 out of 3must indicate
failure
T100T101T102
Same variable,multiple sensors!
s
Falseshutdown
Failureondemand
5 x 10 -3 5 x 10 -3
2.5 x 10 -6 2.5 x 10 -6
Betterperformance,more expensive
-
8/13/2019 Safety Automation 2003 2
22/25
22
3. SAFETY INTERLOCK SYSTEM (SIS)
We desire independent protection layers , withoutcommon-cause failures - Separate systems
sensors
SIS system
i/o i/o.
sensors
Digital control system
i/o i/o.
BPCS and Alarms SIS and Alarmsassociated with SIS
-
8/13/2019 Safety Automation 2003 2
23/25
23
SAFETY STRENGTH IN DEPTH !
PROCESS
RELIEF SYSTEM
SAFETY INTERLOCKSYSTEM
ALARM SYSTEM
BASIC PROCESSCONTROL SYSTEM Closed-loop control to maintain processwithin acceptable operating region
Bring unusual situation to attentionof a person in the plant
Stop the operation of part of process
Divert material safely
These layers requireelectrical power,computing,communication, etc.
KEY CONCEPT IN PROCESS SAFETY -REDUNDANCY!
What do we do if a major incident occurs that causes
loss of power or communication a computer failure (hardware or software)
-
8/13/2019 Safety Automation 2003 2
24/25
24
4. SAFETY RELIEF SYSTEM
Entirely self-contained, no external power required
The action is automatic - does not require a person
Usually, goal is to achieve reasonable pressure- Prevent high (over-) pressure- Prevent low (under-) pressure
The capacity should be for the worst case scenario
-
8/13/2019 Safety Automation 2003 2
25/25
25
4. SAFETY RELIEF SYSTEM
Two general classes of devices
- Self-Closing : design provides forclosing of flow path when the system
pressure returns within its acceptablerange; operation can resume
Example: Spring safety valve
- Non-self-closing : Remains open.Typically, the process must beshutdown and the device replaced
Example: Burst diaphragm