Upload
leo-owens
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
MICE Hydrogen Safety Functions
IEC61508 Compliance & Emergency Procedures
MICE Safety Review Meeting4th Oct 2011PJ Warburton - Daresbury Lab
IEC 61508• Functional Safety of electrical / electronic /
programmable electronic safety – related systems• Functional safety is part of the overall safety that
depends on a system or equipment operating correctly in response to its inputs
• Neither safety nor functional safety can be determined without considering the systems as a whole and the environment with which they interact
• Safety – The freedom from unacceptable risk of harm
SIL Rating• Tolerable Risk 10-5 Fatalities per
Year From RAL Safety• How Safe is H2 System
10-4 10-3 10-2
SIL 1PFD 10-1
SIL 2PFD 10-2
SIL 3PFD 10-3
IEC 61508 Compliance Process
• LOPA Study conducted Nov 2010 based on HAZOP Report from Serco June 2006
• Panel consisted of representatives from FSC, MICE project at RAL & DL and RAL Safety
• Identified 2 Systems requiring SIL Functions
• Plus 2 to be considered but not requiring formal SIL Ratings
SIL Rated Safety Functions• Following LOPA study the following events were
found to require SIL rated safety systems
• Buffer Tank Over Pressure• Leading to a release of hydrogen and ignition
leading to multiple deaths
• Build up of impurities in Cryostat (Ins Vac)
• Build up of impurities over a period of time, pressurisation and heating of hydrogen leading to a rupture & Explosion leading to multiple deaths
Not Quite SIL Rated• Following LOPA study the following events were
found Not to require SIL rated safety systems
• Hydride Bed Over Pressure• Over heating of Metal Hydride Bed Leading to a
release of hydrogen and ignition leading to multiple deaths
• Temperature Rise in Absorber Volume• Causing pressurisation and heating of hydrogen
leading to a rupture & Explosion leading to multiple deaths
• Same outcome as Buffer Tank Over Pressure
Buffer Tank Over Pressure
• Build up of pressure causing leaks in pipework and Hydrogen to escape
• SIL 1 Required PFD 1.00E-01 (1 out 10)• Solution detect the H2 before it reaches explosive
levels• Install a gas Detection System alarm 50% LEL• 2 Detectors / Beacons per location on separate loops• Detection system subject to annual checks• PFD Achieved 1.51E-02 (<2 out 100) = SIL 1• PFD = Probability of Failure on Demand• H2 LEL = 4%
SIL Block Diagram
Build up of impurities in Cryostat (Insulation
Vacuum)• Over time Cryostat insulation vacuum may build
up impurities. - O2 Leaking In – H2 Leaking Out • Depending on Temperature / Pressure an
Explosive atmosphere may form• Temp & Level Sensors are Ex i• Heaters are not so operation needs to be
prevented if vacuum is not good – below 10-3
Build up of impurities in Cryostat (Insulation
Vacuum)• SIL 2 Required PFD 6.73E-03 (~7 out 1000)• Solution interlock heater power supply• Use 1 Set Point on existing Vac Gauge & Controller• Additional Set Point from new Vac Gauge &
Controller• Guard Line A & B Relays to turn of heater power
supply Hardwired I/L• Guard Line A & B inputs also into PLC for Software I/L• PFD Achieved 3.76E-03 (~4 out 1000) = SIL 2
SIL Block Diagram
Emergency Actions
• Return hydrogen to Bed if possible• Vent hydrogen to atmosphere via vent
line• IF PLC goes off
– Vacuum pumps stay on– Hydride Bed set to ‘chill’
Questions