Embed Size (px)
DESCRIPTION
Presentation on the technical safety process in the oil and gas industry
Citation preview
Introduction To Technical Safetyy
•What can happen
HAZARDIDENTIFICATION
•What causes it to happen•What's stops it happening•What protects us if it happenspp
•Periodic requirement•Near miss / incident•Poor performance of controls•Changed plant
•Changed process
•New people•Changed roles•New technology•New knowledge
SMSPEOPLEHAZARD
ASSESSMENTPLANT
g
ASSESSMENT
•New Plant•Process safety management
•New Staffing patterns•. Revised responsibilities•More informed employees
•Improved procedures•Improved training•Verification & examination of SCE
HAZARD
•Process safety management p y examination of SCE•Risked based inspection
•How bad will it beHAZARDMITIGATION
How bad will it be•How likely will it happen•Are the risk tolerable•Where should we focus our effort to reduce risk
Today’s ObjectivesToday s Objectives What technical safety is about why do it when to do it key principles & techniques key principles & techniques be able to participate in reviews
Oil and Gas Technical Safety
OilLPG LNG
Drilling rigs
Technical Safety is applicable to all scopes, subsea, topsides, drilling rigs, FPSO etc
Oil and Gas Oil Sands
Everyone is Responsible for SafetyEveryone is Responsible for SafetyIn the oil industry EVERYONE is responsible for safetyy p yFrom the lab technician to the cleaner to the managing director Nobody wants to be involved with a major accident
Nobody wants to see their fellow coworkers injured or killed as a result of Nobody wants to see their fellow coworkers injured or killed as a result of their work
Nobody wants to see their jobs or business destroyed
Two aspects of SafetyTwo aspects of SafetyThere are two aspects of safety Personal Safety:
I id t th t h th t ti l t- PERSONAL SAFETY
- PROCESS SAFETY
Incidents that have the potential to injure one person and generally occur due to individual work habits.
PROCESS SAFETYOccupational incidents –slips/trips/falls, struck-by incidents, physical strains, electrocution.Generall OHS are a oided b
Process Safety:Process safety hazards can give rise to major Generally OHS are avoided by
wearing PPEs & following procedures.
Process safety hazards can give rise to major accidents involving the release of potentially dangerous materials, the release of energy (such as fires and explosions), or both. These
t th t h th t ti l t l d tare events that have the potential to lead to multiple fatalities and/or major environmental damage. Process safety management ensures there are Adequate Barriers to MAE’s.
An effective personal safety management system DOES NOT
there are Adequate Barriers to MAE s.
Slide 5
g yprevent major accidents events!
Two aspects of SafetyTwo aspects of Safetyntnt
PROCESS SAFETY PERSONAL SAFETY
s of
Eve
n
Major AccidentHazard Risks
al ings of
Eve
n
Major AccidentHazard Risks
al ing
eque
nces
Pote
ntia
l
sses
incr
easin
eque
nces
Pote
ntia
l
sses
incr
easin
ng C
onse
Occupational Health
Loss
Possible Esng C
onse
Occupational Health
Loss
Possible Es
Incr
easi
n Occupational Health& Safety Risks
Escalation
Incr
easi
n Occupational Health& Safety Risks
Escalation
Increasing Likelihood of Event
I
Increasing Likelihood of Event
I
Why have a Safety CaseWhy have a Safety Case Major Industrial Disasters
Flixborough UK 1974 Explosion 28 workers killed Flixborough, UK, 1974 – Explosion 28 workers killed (happened on a weekend so plant was minimal manned)
Piper Alpha – 167 killed in 1988 Clapham Junction Rail disaster (35 fatalities) Phillips 66 Texasp
All disasters above had Common Findings & Recommendations
Conclusion : Prescriptive approach not appropriate- move to a goal based approach described in a “Safety Case”to a goal based approach, described in a Safety Case . Prescriptive regime does not require identification and understanding of hazards. Involve workforce awareness of hazard management.
Petrobras PPetrobras P--36 Brazil, 200136 Brazil, 2001 Temsah Platform Egypt, 2004Temsah Platform Egypt, 2004 High Platform Mumbai, 2005High Platform Mumbai, 2005 Texas City Texas 2005Texas City Texas 2005
Footer
Other Safety related legislationOther Safety related legislation
July 1988
June, 1974Flixborough, UK
July, 1976Seveso, Italy
- dioxin cloud 6 km x 1 km
- >100,000 people
Nov, 1984Mexico City
LPG i t
Dec, 1984Bhopal, India
- Methyl Icocynate leak- >2000 deaths
Oct, 1989Pasadena, USA
- Seal failure on th l t
July, 1988Piper Alpha, North Sea
- Poor maintenance proceduresg ,
- poorly designed temporary piping
failure- 28 killed
, p pexposed - LPG pipe rupture
led to bleve- 650 killed
ethylene reactor leads to explosion
- 23 killed
procedures causes
overpressure, fire & explosion
- 167 killed
1986US
1982European
1984UK
1992US
1996US
2003World
8
USEmergency
Planning and Community Right
to Know Act
European Community
Seveso Directive
UKControl of
Industrial Major Accident Hazard
Act
USOSHA 1910.119 PSM of Highly
Hazardous Chemicals
USISA S84
Application of SIS for the Process
Industries
WorldIEC 61511 SIS for the
process industry sector,
Parts 1-3
Typical contents of a Safety Case
Operations Safety CASE
Part 1
Introduction and
Part 2
EHS Management
Facility Description
Part 3
Formal Safety
Part 4
RemedialAction
Part 6
Conclusions
Part 7
Management of SCE’s
Part 5
and Management Summary
System Description-
pAssessments & Hazards and Effects
Analysis
Plan
Slide 9
Examples of Major Accident EventsHelicopter crash Projectile / Missile impact Structural damageTurret Failure
p j
Cargo Tank Explosion Dropped Objects Ship collisionsg p pp j p
Surface Blowout Riser / Pipeline Releases Process HC Releases Fires /Explosions
Offshore Training pack
Establish Design Integrity and Safeguard it during OperationsEstablish Design Integrity and Safeguard it during Operations
Project Phase Establish Integrity by identifying MAE, SCE ( Safety Critical Elements) producing Performance
Standards(PS) all contributing to the establishment of
In the operation phase, safeguard integrity by maintaining equipment, reviewing, verifying and assuring integrity using performance standards corrective action should be closed
Technical Integrity Management
Standards(PS) all contributing to the establishment of Technical Integrity (TI).
performance standards, corrective action should be closed out appropriately all leading to maintaining TI.
MAXIMO
MAJOR ACCIDENT EVENTS (MAE)
Safeguard Technical IntegritySafeguard Technical Integrity
HOWWHAT WHO
MA Class
Audit Program
Corporate AuditAudit
Status Judgement
Asset Manager/ ICP
Competency
KPI/Target Verification
Maintenance
Peer/Third Party Verification
RegulatorVerification
Verify
Status Judgement
Status Report
TechnicalAuthority / OPS
ManagerRisk Overview
Competency AssuranceOperatorMaintainer MOC
,Standards
,Regulations& Class Compliance
KPIEffectiveness
Review
MaintenanceInspectionTesting ComplianceReview
Status Judgement
Risk Overview
Technical Integrity / SafetyEngineer
MonitorSC Equipment Maintenance& C diti
MaintenanceInspection
Compliance
S ill
Critical Information Status
Action Tracking AuditTrip
t
PerformanceStandard Compliance
Engineering TI Processes
ComplianceMonitor
Status Judgement
Safety Caseand
Process
Morningcall MOC
Process OwnerImplementerRisk
ProductionAccounting
System
Maintenance
IncidentInvestigationManagement
Competency Management
System
e& Condition Surveillance
Regulations
Classification etc
BOD,/Technical Std’s
ChangeManagement
System
Compliance
Process
Procedure
Status Judgement
CTORisk
Management Permit to workMaintenance
Management SysRegulationsLegislation
Technical Integrity Process
Technical Std sOperating Envelope
Gap
But are design should be Inherently Safe in the first place But are design should be Inherently Safe in the first place
1 . Minimise – use smaller 2 . Substitute – replace a material with a less quantities of hazardous substances hazardous substance
Gas Hot Oil
Hot
THE BASICS•Fewer hazards
GasHot Water
•Fewer causes•Reduced severity•Fewer consequences
3 . Moderate – use a less hazardous condition, a less hazardous form of a material, or facilities that minimise the impact of a hazardousminimise the impact of a hazardous material or energy
4 . Simplify – design facilities that eliminate unnecessary complexity and make operating errors less likely and that are more forgiving of errors which are made bargbarg
Typical Safety SystemsTypical Safety Systems
S f t S t
Layout
General Design Command & Control
HVAC
Habitability
Escape Routes
Escape & Evacuation
Helideck wave off
Recovery
Safety Systems
LayoutHAZOPS &DEsign Reviews
CommunicationsEmergency Power & UPSControl RoomE i i
Command
Process Control& AlarmsSegregation& I l i
Control & Mitigation HVACEmergency Lighting
Escape RoutesLifeboatsLiferaftsLadders & Chutes, etcLifejacketsLifebuoys
Helideck wave-offEmergency PowerActive Fire Protection
Ergonimics, etc. & IsolationF&G DetectionESDBlowdownActive FireProtection
Personal ProtectiveEquipmentPyrotechnicsEPIRBSHelideck CrashRescue Kit
Passive FireProtectionFire Barriers& PenetrationsMaterials HandlingProtectionProtectionHazardous AreaClassificationGalley Fire Protection Systems
Hazard and RiskHazard and Risk
Potential hazard
Undesired event
Protection layers
Intolerable Risk• Risk = Frequency x
ConsequenceTh bj i i d i i h• The objective is driving the risk to a tolerable level using Independent Layers of Protection
Tolerable Risk
Oil and Gas Technical Safety - 1Oil and Gas Technical Safety - 1Establish Integrity
DESIGN SAFETYHAZID, HR HAZOP,
BOWTIE, LAYOUT REVIEW, FMEA, HFAFMEA, HFA
HAZARDIdentification
CONSTRUCTION SAFETY
CONSTRUCTABILITY REVIEWSINSTALLATION HAZID
OPERATIONAL SAFETY
Permit to work, task risk assessment, checklist, safe
operating procedures
Oil and Gas Technical Safety - 2Oil and Gas Technical Safety - 2Establish Integrity
DESIGN SAFETYEERA, TRA , EIA, HRA, QR A, FRA,HFA, ET, FT,
LOPA, DO,SIL , SIALOPA, DO,SIL , SIA
HAZARDAssessment
CONSTRUCTION SAFETY
CONSTRUCTABILITY REVIEWSINSTALLATION HAZID
OPERATIONAL SAFETY
Permit to work, task risk assessment, checklist
Oil and Gas Technical Safety - 3Oil and Gas Technical Safety - 3
PREVENTION CONTROL RESPONSEEstablish Integrity
DESIGN SAFETY
PREVENTION CONTROL RESPONSEFire protection (active & passive)
F&G / ESD/ Flare / Ignition control / HVACOverpressure protectionMaintenance –SCE PSEmergency Response
HAZARDMitigation
CONSTRUCTION SAFETY
Standby vessel, the use of hot pressurised habitat, scaffolding, PPE, Approved
workpacks, hot tapping, SIMOPS, PERMIT TO WORK, training ,
OPERATIONAL SAFETY
Permit to work, What if, task risk assessment, checklist,
ISSOW,
Oil and Gas Technical Safety Hazard Management Process SummaryManagement Process – Summary
Risk Assessment Process Sources of Information
HAZARD IDENTIFICATION
[HAZOP][HAZID][LAYOUT REVIEW] [BOWTIE][ FMEA] [HRA]
HAZARD ASSESSMNET
[[FRA][EETRA][QRA][ALARP][DO][LOPA] Legislation & Regulations
New/ Major Facilitiesfi / Si
[[FRA][EETRA][QRA][ALARP][DO][LOPA]
HAZARD MITIGATION
[F&G][ISD][IGNCONTROL][AFP][PFP][BLOWDOWN][FLARE]
[DOP][LOPA] [ SCE]
Legislation & RegulationsInternational Codes & Standards, Industry Standards, Company Standards
Brownfield / Sites
•Task Risk Assessment -Qualitative•Health Risk Assessment
Safety Cases, Hazard Registers, Site Standards, Procedures, PTW HSE Bulletins, Toolbox meetings
•Risk Potential Matrix
Workgroup Non-Routine Activity
Inspection checklists, Induction handbooks, Incident Report
Routine Activity byIndividuals and Workgroups
feedback, Job Start meetings
Hazard Identification – Design Safety 1aHazard Identification – Design Safety 1aHazard Identification - HAZID and Hazard Register
Hazard Identification – Design Safety 1bHazard Identification – Design Safety 1bDesign Flaw (construction material) Hazards and their causes
Low temperature(brittle fraction)
Scenario 2
Scenario 1
External loads(heat radiation, blast,…)
Wrong manipulation(operator error)
Scenario 4
Scenario 3
Leak
LPG(operator error)
Fatigue
S i 6
Scenario 5
Leak
Undesired event : major leakOverpressure
Mechanical failure(valve, gasket, flange,..)
S i 8
Scenario 7
Scenario 6
Overfilling
Corrosion
Scenario 9
Scenario 8
21- TP Process Safety Series 2009 – Safety Critical Measures
External impact(missiles, collision,…)
CorrosionScenario 10
Hazard Identification Design Safety 2a Vent
Soft water
Emergencyvent
600mmØHS
FTFAL
AV12”Vent
Soft water
Emergencyvent
600mmØHSHS
FTFTFALFAL
AV12”chemistry
process design
Hazard Identification – Design Safety 2aHazard Identification
HAZOP 0 %100%
Airdrier
Plantair
supply Dry air
Package
Electricalheater
Pump
Package
TI
LT
FI
LI
LSHLAL
FQ
To preparationplant
Mixer
AcrylamideStorageTank
Airdrier
Plantair
supply Dry air
Package
Electricalheater
Pump
Package
TITI
LTLT
FIFI
LILI
LSHLSHLALLAL
FQFQ
To preparationplant
Mixer
AcrylamideStorageTank
p g- HAZOP
COMBUSTIBLE INERT
FLAMMABLE RANGE
S
TT
Sealpot
WaterVent toatmosphere
Vent
To drain
Water
Controlunit
TAH
Additive
TT
Filter
PI
AV2
SoftWater
AV3
NRV
2”
Water AirTTTT
Sealpot
WaterVent toatmosphere
Vent
To drain
Water
Controlunit
TAHTAH
Additive
TTTT
Filter
PIPI
AV2
SoftWater
AV3
NRV
2”
Water Air
OXIDANT0 %100%
0 %LFL
UFL STŒCHIOMETRY
pot Additive
Truck Acrylamide Delivery Hose
pot Additive
Truck Acrylamide Delivery Hose
substance properties equipment design
operating procedures
22- TP Process Safety Series 2009 – Hazard Identification Techniques
p g p
Hazard Identification Design Safety 2bHazard Identification – Design Safety 2bHazard Identification - HAZOP
The team investigates process parameters deviationsThe team investigates process parameters deviations
Hazard Identification Design Safety 2cPotential Risk
Residual RiskGuideword = More
Hazard Identification – Design Safety 2c
Deviation Cause Undesired events (UE) / Effects / Impact
G P Safeguards
G P Recommendations
Risk RiskParameter = Pressure
More PIC
UE :Safety
ConsiderConsider to install a PSH (SIL2)
Cat
More pressure
PICfailure
F= 10-1 / y
Rupture of C1 (P= 2*Pdesign)
Probabilty : 0,5
valve
PFD = 10-2Cata
PSH (SIL2)
Cata
3 E-2
tastr
Effects :
1 tonne of C3H6 released to atmosphere 140 mb within 80 meters
astro
3 E-4
astro
3 E-2
ophic
Probability ignition =(CHARAD)
0,6
Impact :
phic
phic
2 fatalities on site
Probability = 1
Hazard Assessment – Design Safety 2d
HAZOP Accident scenario : Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.5 = 1.82 10-7/yr
Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.2 = 7.28 10-8/yr
Hazard Assessment Design Safety 2d
Probability of fatality
Risk = 5.2 10-5/yr x 0.07 x 0.1 x 1 = 3.64 10-7/yr
Risk 5.2 10 5/yr x 0.07 x 0.1 x 0.5 1.82 10 7/yr
Medium Leak (35 mm) = 5.2 x 10-5/yr
Probability of Wind Direction = 0.07
Probability of Ignition = 0.1
1 0.5 0.2
Leak
Deviation : other than water
25- TP Process Safety Series 2009 – LOPA
Cause : error during water drain operation
Undesired event : 10 kg/s LPG to atmosphere
Effects : LPG cloud with distance to LFL = 200 m, risk of flash fire
Impact : fatal injuries to people outside within 200 m radius
Hazard Identification Design Safety 3aHazard Identification – Design Safety 3aHazard Identification - BOWTIES
Hazard Identification Design Safety 3bConsequence 1Helideck
FiContaminated Helicopter Operations
Hazard Identification – Design Safety 3b
Barrier
Barrier
Consequence 1Fire
Recovery Measure
Fuel
Recovery Measure
Barrier
Consequence 1Injury Fatality
Mechanical Failure
Recovery Measure
Barrier Recovery Measure
Helicoptercrash
Barrier
Barrier
Consequence 1Major equipment
Structural D
Pilot ErrorRecovery
Recovery Measure
DamageRecovery Measure
BARRIERS: RECOVERY MEASURES:Prevent MAE from
occurringPrevent or reduce the consequence of MAE
INHERENT DESIGN FEATURES + SAFETY CRITICAL ELEMENTS(Layout, Structural Integrity) (Procedures, Equipment, Tasks)
Hazard Identification Design Safety 4aHazard Identification – Design Safety 4aHazard Identification - Layout Review Brownfield ProjectsConsidering layout and escape routes, access to Equipment, also ensuring the hazardous area zoning of the platform is not compromised
H d Id tifi ti D i S f t 4bHazard Identification – Design Safety 4bHazard Identification - Layout Review Greenfield Projects
For Greenfield projects layout is a bit easier as you are starting with a clean sheet.Layout must prevent fires and explosions in areas withLayout must prevent fires and explosions in areas withhydrocarbons (process area, risers etc) escalating to less hazardous and safe areas
Create a “safety gradient” on the topsides layout from “safe” areas (accommodation) through to areas with maximum hydrocarbon “risk” by distance
As much as possible (large) liquid hydrocarbon containing vessels should be located at lower elevations, HP gas equipment at upper levelsequipment at upper levelsReduce the probability of flammable gas build-up and the increased likelihood of an explosionPrevent escalation of fires and explosionsp
Hazard Identification – Design Safety 4cThe objectives of “layout design” are: Segregation of different risks; Segregation of different risks; To permit access for firefighting and emergency services; To minimize involvement of adjacent facilities in a fire and hence prevent further equipment
failures; To ensure that critical emergency facilities are not subjected to fire damage; To minimize vulnerable pipework; To limit exposure; To ensure safe control room design; To ensure safe control room design; To ensure security.
The following topics should be considered in early plot layout: Location of process areas and storage areas Location of people and minimization of potential exposure Site roads Traffic Traffic Buildings Effluents, sewers Fire fighting including fire breaks in process areas and access for fire fightingg g g p g g Emergency Security
Hazard Identification Design Safety 5Hazard Identification – Design Safety 5Hazard Identification - Human Factors Need to consider the guys who are going toNeed to consider the guys who are going to maintain equipment etc
Work Environment Organizational Structure(lighting, noise, chemical exposures, climate)
Individual Constraints(age, size, training, skills, intelligence)
g(job design, communication, task)
HSensory Information Action
Human
Displays Controls
TASK
Input Output
Machine
Hazard Assessment Design Safety 1Hazard Assessment – Design Safety 1Hazard Assessment - Escape Evacuation Rescue Assessmentneed to knowneed to knowhow to escape in an Emergency, where to go, Whose in chargeWhose in charge
Hazard Assessment Design Safety 2aHazard Assessment – Design Safety 2aHazard Assessment - Layers of Protection Analysis
LOPA is a tool to determine the SIL (safety integrity level) of a SIF( safety Instrumented function) and evaluates the other protection layers individually by looking at the risk mitigation they lead to. Any layer of protection could be small, or significant, but overall the total risk reduction strategy should deliver an acceptable riskrisk.
• Independent Protection Layers are often depicted as an onion skin.• Each layer is independent in terms of operation. • The failure of one layer does not affect the next.
Designed to prevent the hazardous event or mitigate the consequences of the• Designed to prevent the hazardous event, or mitigate the consequences of the event.
Hazard Assessment – Design Safety 2b
Process ProcessWhat is a Safety Instrumented System (SIS) & Safety Instrumented Function (SIF) ?
Hazard Assessment – Design Safety 2b
SIS
Process Process
OutputInput
SV
y ( )
A SIS have several Safety Instrumented Functions to mitigate several process hazards.
SIS Program Safetyvalves
TransmittersSVSIF is a safety instrumented function with a specified
safety integrity level which is necessary to achieve functional safety.
Logic solver Final Elements
SensorsTypical applications for SISESD - Emergency Shut Down SystemHIPPS - High Integrity Pressure Protection SystemWHCP W ll H d C t l P l
SIF is a function to be implemented by a SIS which is intended to automatically achieve or maintain a safe state for the process with respect to a specific hazardous event.” (IEC61511 ISA SP 84.01)
WHCP - Well Head Control Panel( )
SISSIF
LogicSolver
Sensors
Final elements
Hazard Assessment – Design Safety 2cWhy We Use Safety Instrumented System (SIS) ?
MI
Hazard Assessment Design Safety 2c
System (SIS) ?
•Designed to perform its safety function during normal, abnormal, and design basis conditions.
TIGAT Blast wall
Emergency response layerPlant andEmergency Response
, g
• The SIL is a measure of the availability of a protection layer or barrier. Protection layers include basic process control system (BPCS), critical alarms and human intervention safety instrumented functions (SIF)
ION
Relief valve
DikeFireproof
Active protection layer
Passive protection layer
Pintervention, safety instrumented functions (SIF), physical protection and emergency response.
•All these mitigate the frequency of the occurrence of the potential unwanted end-consequence or mitigate th i t th d t
SIS
Relief valve,Rupture disk
Active protection layerREVEN
Safety layerEmergency Shut Down
the impact the end consequence represents.
• Performs specified functions to achieve or maintain a safe state of the process when unacceptable or dangerous process conditions are detected.
Trip level alarm
P l
OperatorIntervention
NTION
Process shutdown
g p
•SIFs are ADD ON and ACTIVE measures
•Need to exhaust non-SIS layers (e.g. spacing, segregation) before any requirement for SIFs
Process alarm
Processvalue Normal behaviour
BasicProcessControlSystem
Process control layer
segregation) before any requirement for SIFs.
•Addition of multiple SIFs (esp. SIL 2 & 3) may indicate that additional risk reduction via ISD is needed.
Inherently Safer Design
System
Process Design Layer
Hazard Assessment – Design Safety 2dSIF Safety Instrumented Function , it’s the individual loops that make up your SIS including any hardware software and final
Hazard Assessment Design Safety 2d
including any hardware software and final control element .
Not always software based it could be as simple as a pneumatic hi/lo pressure p p pshutdown at a well site , or a high level shutdown on tank to prevent an environmental incident. Traditional names:Traditional names:
• Emergency Shutdown System
• Critical Control Systems
• Protective Instrumented Systemsotect e st u e ted Syste s
• Equipment Protection Systems
• Safety Critical Systems
• Interlocks
• Do I need a SIS , maybe , maybe not?
System composed of sensors, logic solvers, and final control elements for the purpose of t ki th t f t t htaking the process to a safe state when predetermined conditions are violated.
Hazard Assessment – Design Safety 3a3a
Hazard Assessment - Explosion modellingp gExplosion modeling•Explosion overpressures•Blast loading •Blast and structural interaction•Blast and structural interaction •Structural vulnerability assessmentWhen new equipment and pipework is added to the platform it has to be designed for blast, sometime the new equipment will increase explosion overpressuresnew equipment will increase explosion overpressures offshore as it blocks explosion vents, all these need to be checked.
Hazard Assessment – Design Safety 3bEffects of Blast
Overpressure Level (mbar) Damage ( )
70
Roof of cone-roof tank collapsed Damage to above-ground telephone and public address systems Piping, instruments and cables hit by debris, causing limited damage Instrument windows and gauges broken
150 Breakage of gauge glasses Extensive minor damage due to debris Some fire heaters moved and pipes broken
200
Exposed pipework and fire hydrants damagedMissile damageInstrument and power lines severed Failure of hold-down on half-full conventional storage tank Cooling tower badly damaged
300
Failure of hold-down bolts on most storage tanks Collapse of steel stacks Fire heaters overturned Pi k b t f l di t ti f i tPipework by movement of large or distortion of pipe supportsSubstations severely damaged
500
All above ground wrecked Transformer power lines severed Some columns overturned or destroyed Failure of bracing on spheres
Within cloud Reactors, horizontal vessels and exchangers overturned Loss of power to motors
USACE CDL Description of Component Damage
Superficial Damage Component has no visible permanent damage
Explosion Overpressure Effect
35 mbar 90% glass breakage No fatality and very low probability of injury Damage to internal partitions and joinery but can be repaired
Loss of power to motors
Moderate Damage
Component has some permanent deflection. It is generally repairable, if necessary, although replacement may be more economical and aesthetic
Heavy Damage Component has not failed, but it has significant permanent deflections causing it to be unrepairable
70 mbar Probability of injury is 10%. No fatality
140 mbar House uninhabitable and badly cracked
210 mbar Reinforced structures distort Storage tanks fail 20%changeof fatality toaperson inabuilding
38- TP Process Safety Series 2009 – Consequences estimation
Hazardous Failure Component has failed, and debris velocities range from insignificant to very significant
Blowout Component is overwhelmed by the blast load causing debris with significant velocities
20% change of fatality to a person in a building
350 mbar
House uninhabitable Wagons and plant items overturned Threshold of eardrum damage 50% change of fatality for a person in a building and 15% chance of fatalfor a person in the open Th h ld f l d
Hazard Assessment Design Safety 4Hazard Assessment – Design Safety 4Hazard Assessment - Ship Impact StudyHazard Assessment Ship Impact Study
Offshore platforms are located around shipping lanes and therefore in designing the platforms/ FPSO you ought to consider what will happen if it is impacted by aought to consider what will happen if it is impacted by a ship.
You cant design for every scenario, but you can determine which member can result in total collapse ofdetermine which member can result in total collapse of platform and perhaps strengthen them for anticipated loads .
You can also provide ship impact protection for theYou can also provide ship impact protection for the platform legs. Risers should also be protected ideally you don't want to offload cargo where the risers are.
Hazard Assessment Design Safety 5aHazard Assessment – Design Safety 5aHazard Assessment - Fire Risk Assessment Modelling - How do we do it?g
Identify Isolatable Inventories size / volume hydrocarbon compositionAssume hole size and use design condition to calculate leak rate and subsequent fire qsizes based on ign prb.
Types of fires – scenarios• Jet – ignited releases of high pressure gas streams• Spray – ignited releases of 2 phase or liquid p y g p q
streams• Flash / Vapour Cloud Explosion (VCE) – delayed
ignition of a gas cloud• Pool / Sea Surface ignited releases of low• Pool / Sea Surface – ignited releases of low
pressure streams accumulated on plated deck
Hazard Assessment – Design Safety 5bHazard Assessment Design Safety 5bHazard Assessment - Fire Risk Assessment
How this Information is used•Layout reviews•Equipment provide separation and•Equipment - provide separation and segregation•Escape ways•Fire Protection Philosophy and Study Eff tStudy •Fire zones•BOD Sheets•Use of AFP and PFP•Used in QRA model
EffectsHeat released - thermal effectsProducts of combustion - toxic release
C•Used in QRA model
Potential target of fires People
Consequenceexposition × effect = consequence
Effects of fires will depend onLi id tiPeople
Material, structuresEnvironment (residue of combustion)
Liquid propertiesFlammability characteristics (L.F.L)Thermodynamics properties(heat of combustion, latent heat of
i ti )vaporisation)“quantity” of liquid or gasAtmospheric condition i.e Wind, Relative humidity
Hazard Assessment – Design Safety 5CHazard Assessment Design Safety 5CFire Events
Fire size and duration - potential to cause escalation•structural failurestructural failure •equipment failure / BLEVE•impairment of escape routes•fatalities
Hazard Assessment Design Safety 6Hazard Assessment – Design Safety 6Hazard Assessment - Dispersion Assessmentp
Used to ensure no gases or exhaust fumes or smoke can reach the helideck or crane cab, HVAC for switch rooms and accommodation during normal operationsaccommodation during normal operations
Based on isolatable inventories utilised for fire modelling
What happens if the flare ignition fails can the gas reach theWhat happens if the flare ignition fails, can the gas reach the accommodation block before shutdown of the HVAC
The use of wind rose to determine predominant wind direction
Hazard Assessment – Design Safety 7g y
Hazard Assessment - Flare radiation modelling
Flare height determines the radiation levels on the platform and this has to be considered in the design.
•Minimise atmospheric emissions.Minimise atmospheric emissions.•Dispersion of hydrocarbon and toxic gases from an unignited flare.•The impact of heat radiation on equipment and personnel.•The potential for liquid carry-over to the flare.•Integrity of the flare system seal/purge arrangements.
50
Also consider crane driver in the crane cab offshoreWhen new equipment is placed offshore you have to consider the effect of the flare on new equipment
W/m
2
30
35
40
45
50
Fatalities
Rad
iatio
n kW
10
15
20
25
30
1st degree burnsHeavy sunburn
2nd degree burns
Pain
Time seconds
0
5
0 5 10 15 20 25 30 35 40 45 50 55 60
no effect
Hazard Assessment Design Safety 8aHazard Assessment – Design Safety 8aHazard Assessment - Event / Fault Tree
Event Tree Analysis ExampleDocuments the sequence of events and failures leading to an escalation of a "hazardous event"leading to an escalation of a hazardous event'Logic gates' YES/NOCan be used pre-incident or post-incident
Fault Tree Analysis ExampleDocuments the sequence of threats or causes that could lead to the "hazardous event"'Logic gates' AND /ORLogic gates AND /ORStrengths: widely used, clear and logicalWeaknesses: diagrams can lack assumption info; complicated and time-consuming for large systems; can overlook failure modes and can be too simplistictoo simplistic
Hazard Assessment – Design Safety 9Hazard Assessment – Design Safety 9Hazard Assessment - Dropped Object
Items can be dropped on people , process and subsea pipelines
Dropped object protection can be recommended if the likelihood of dropping on equipment is high but following ISD principles the crane should not lift over lift equipment and pipelineslift equipment and pipelines.
Hazard Assessment Design Safety 10Hazard Assessment – Design Safety 10Hazard Assessment - Quantitative Risk AssessmentHazard Assessment Quantitative Risk Assessment
Sometimes we have to quantify the risk , using past equipment failure andpast equipment failure and leaks to give us likelihoods and probabilities of failure.Lots of assumptions are used and they have to beused and they have to be reasonable assumptions, when assumptions change the risk analysis has to be updatedupdated
Hazard Mitigation – Design Safety 1aHazard Mitigation Design Safety 1aHazard Mitigation - Fire and Gas Detection
• Fire and gas detection• The use of fire and gas mapping to ensure coverage is
adequate
Types of detectors• Smoke Detectors (Optical/ Ionisation)• Heat Detectors ( FT/ RoR)( )• Flame Detectors (UV/ UVIR/ IR/IR2/IR3)• Hydrocarbon Gas Leak Detectors ( Line of sight ,
ultrasonic)T i G D t t• Toxic Gas Detectors
• Open Path Gas leak Detectors• VESDA
Hazard Mitigation – Design Safety 1bHazard Mitigation Design Safety 1bHazard Mitigation - Fire and Gas Detection
Provide rapid and reliable indication of the occurrence of a hazardous event involving fireand/or loss of containment of flammable or toxic inventories to : Emergency Shutdown (ESD 1) of affected Fire Zone( on confirmed gas detection or fire detection ) Initiate Alarms Trigger emergency isolation anddepressurisation of hydrocarbon inventories Initiate fire water deluge systemg y
(fire, sometimes toxic or flammable gas) Initiate CO2 or INERGEN or FMC 200 fixed fireextinguishing systemsextinguishing systems Trip power generation and electrical equipment Increase ventilation in enclosures
Close dampers in HVAC air intakes Close dampers in HVAC air intakes
Hazard Mitigation Design Safety 2aHazard Mitigation – Design Safety 2aHazard Mitigation - Fire Protectiong
J 45/ H60, 0.3 bar Blast wall• Active fire protection ( fire pumps, ringmain, deluge valves
and nozzles)
A 60 Firewall
• Passive fire protection ( fire walls, chartek, blast wall, fire blankets)
Design for blast possible explosion overpressure• Design for blast – possible explosion overpressure
Hazard Mitigation Design Safety 2bHazard Mitigation – Design Safety 2bHazard Mitigation - Fire Protection Fire Barriers / Partitions between areas eg Process
/ Non Process :g / Non Process :
• Coatings on Bulkheads - For A / H / JF ( with wire mesh )• Prefabricated GRP Panels For A / H / JF
The duration of the required stability and integrity
A = 60 minutesH = 120 minutes • Prefabricated GRP Panels - For A / H / JF
• Prefabricated Panels with insulation - For A / H / Not JF
Critical Structural Members / Risers / Flare
J = J-class is not a standard fire rating. SEV specification retains H capabilities of 120 minutes
1 200
°C
Standard Fire CurvesTemperature vs. Time
Jet fire
Critical Structural Members / Risers / Flare Structure / Supports Intumescent or Cementious coatings - For H / JF (
with wire mesh)
1 000
800
Jet fire
Hydrocarbon fire
Cellulosic fire
Risers / ESDV's / Equipment / PanelsGRP Cast Sections for risers and boxes for ESDVIntumescent half shells
600
400
Cellulosic firePenetrations :Seals suitable for For A / H / JF
200
010
minutes20 30 40 50 60
Hazard Mitigation Design Safety 3aHazard Mitigation – Design Safety 3aHazard Mitigation - Emergency Shutdown
In the event of a process upset that can lead to loss of containment or hydrocarbon leak we need to shutdown the process unit and sometimes the platform immediately so the event does not escalate to other areas of the Platform.
ESD0Total Black-Out
(if applicable)Restricted area
ESD1-1Emergency Shut-Down
Fire Zone 1
ESD1-i...Emergency Shut-Down
Fire Zone 2...
SD2-1.1Functional Unit Shut Down
Unit 1.1
SD2-1.j...Functional Unit Shut Down
Unit 1.j...
SD3-1.1.1Indi id al Sh t Do n
SD3-1.j.1Indi id al Sh t Do n
SD2-i.1Functional Unit Shut Down
Unit i.1
SD2-i.jFunctional Unit Shut Down
Unit i.j...
SD3-i.1.1Indi id al Sh t Do n
SD3-i.j.1Indi id al Sh t Do nIndividual Shut-Down
Equipment 1.1.1
SD3-1.1.kIndividual Shut-Down
Equipment 1 1 k
Individual Shut-DownEquipment 1.j.1
SD3-1.j.k...Individual Shut-Down
Equipment 1 j k
Individual Shut-DownEquipment i.1.1
SD3-i.1.k...Individual Shut-Down
Equipment i 1 k
Individual Shut-DownEquipment i.j.1
SD3-i.j.k...Individual Shut-Down
Equipment i j kEquipment 1.1.k... Equipment 1.j.k... Equipment i.1.k... Equipment i.j.k...
Hazard Mitigation Design Safety 3bHazard Mitigation – Design Safety 3bHazard Mitigation - Emergency Shutdown
Emergency shutdown system contains different levels (process, emergency, fire & gas and if required ultimate safety system), each of them consisting in a set of safety loops. Safety loops consist of field sensors, logic solvers and final elements (e.g. valves)., g ( g )The main purposes of ESD systems are:
To limit the loss of containment, by isolating hydrocarbon production and processing.
To protect personnel, e.g. smoke and gas detection in the HVAC intakes of Buildings.
To prevent ignition by elimination of potential sources of ignition.
T d fl bl t i i t b d i ti th h th EDP t To reduce flammable or toxic inventory by depressurisation through the EDP system.
ESD system shall take into account the the requirements that may arise during other possible (and likely to occur) abnormal or down-graded configurations.
New hazards can appear as a consequence of the loss of essential utilities such as essential power, air, hydraulics, etc. These new hazards shall be identified, mitigated ad the associated risks shall be assessed.risks shall be assessed.
Hazard Mitigation Design Safety 4Hazard Mitigation – Design Safety 4Hazard Mitigation - Overpressure Protection
Most of the plant is pressurised so whathappens during an over pressure event.
Relief valves are installed and duringgan overpressure event they open andallow the gas to go to the flare thuspreventing over pressure of equipment.Process engineers have to size thesegvalves for the equipment they areprotecting.
Hazard Mitigation – Design Safety 5Hazard Mitigation Design Safety 5Hazard Mitigation - Drainage
Function Of Drainage SystemsSAFETY
Minimise uncontrolled spillageMinimise uncontrolled spillageMinimise the risk of ignition (evacuation of flammable liquids away from ignition sources)Prevent escalation of a fire across the installation (containment and evacuation of flammable
liquids)
ENVIRONMENTMinimise direct discharge of polluted streams by channelling to appropriate treatment units
Ke Feat res For Safet Of DrainageKey Features For Safety Of Drainage- Architecture of network to prevent cross-contamination- Gas seals and fire breaks to prevent migration
Closed Drains Are Connected To:- Hydrocarbon equipment under PRESSURE- Equipment handling TOXIC fluids (intentional release atmosphere not acceptable)
Open drains are ATMOSPHERIC systems
Hazard Mitigation Design Safety 6aHazard Mitigation – Design Safety 6aHazard Mitigation - Ignition control
Precautions:Precautions:> Avoiding flammable substances (replacement > Avoiding flammable substances (replacement
technologies)technologies)I tiI ti ( dditi f it b di id t )( dditi f it b di id t )
g g
Due to the flammable nature of oil and gas ignition control is very
> > InertingInerting (addition of nitrogen, carbon dioxide etc.)(addition of nitrogen, carbon dioxide etc.)> Limitation of the concentration by means of ventilation> Limitation of the concentration by means of ventilation
Ignition sources identification:Ignition sources identification:Apparatus which, separately or jointly, are intended for the Apparatus which, separately or jointly, are intended for the and gas ignition control is very
important because if there is no ignition source there will be no explosion or fires.
generation, conversion of energy capable of causing an generation, conversion of energy capable of causing an explosion through their own potential sources of ignitionexplosion through their own potential sources of ignition
Measures to limit the effect of explosions to a safe Measures to limit the effect of explosions to a safe degree:degree:p
> Explosion pressure resistant construction> Explosion pressure resistant construction> Explosion relief devices> Explosion relief devices> Explosion suppression by means of extinguishers, > Explosion suppression by means of extinguishers,
deluge, etcdeluge, etc
Hazard Mitigation Design Safety 6bHazard Mitigation – Design Safety 6bHazard Mitigation - Ignition control
When handling a number of different flammable fluids, classification to be based on g g
According to Standard EN 1127-1, 13 types of ignition sources :
,the most volatile fluid anticipated.
Keep in mind that it does not address scenarios of major releases under catastrophic
Hot surfacesFlames & hot gasesMechanically generated sparksElectrical apparatus
scenarios of major releases under catastrophic failures (ex rupture of a pressure vessel), but do not forget scenarios of operation and maintenance of equipment.
Electrical apparatusStray electrical currents, Cathode corrosion protectionStatic electricityLightning
Do not forget drain traps on process decks (potential Zones 0 & 1).
Reduce risks through design improvements byLightningElectromagnetic fieldsElectromagnetic radiationIonising radiationUltrasonic
Reduce risks through design improvements by reducing release sources, by grouping equipment and by optimizing ventilation.
Avoid non hazardous area surrounded byUltrasonicAdiabatic compression, shock waves, gas flowsChemical reactions
Avoid non hazardous area surrounded by hazardous areas (unless ventilation protected enclosure).
Once minimum extent is determined utilizeRef ATEX directives implementation guide
Once minimum extent is determined, utilize distinct landmarks for the actual boundaries, to permit easy identification by operators.
Hazard Mitigation – Design Safety 7aHazard Mitigation – Design Safety 7aHazard Mitigation - Hazardous Area Classification
Zone 0.In which ignitable concentrations of flammable gases or vapours are present continuously, or in which ignitable concentrations of flammable gases or vapours are present for long periods of time.• Zone 1• Zone 1.In which ignitable concentrations of flammable gases or vapours are likely to exist under normal operating conditions. (for a full definition refer to API RP 505).• Zone 2.In which ignitable concentrations of flammable gases or vapours are not likely t i l ti d if th d ill i t l f h t
Equipment spacingto occur in normal operation, and if they do occur will exist only for a short period (for a full definition refer to API RP 505).
q p p g
Hazard Mitigation – Design Safety 7cHazard Mitigation – Design Safety 7cHazard Mitigation - Hazardous Area Classification
IDENTIFICATION OF
LEAK SOURCESGAS
BUOYANCYFLUID CLASS
ANDCATEGORY
CLASSIFICATION AND EXTENTOF HAZARDOUS AREAS
EXTENT OF
ZONES
CODE(IP15, API 505,…)
TYPE OF VENTILATION
GRADE OFRELEASE
FREQUENCY OF RELEASE VENTILATIONRELEASEOF RELEASE
Continuous grade release:Within tanks, above liquid interface, temperature > flashpoint s mps
Secondary grade release:Flanges & piping connections, valves, tapingsPSV, vents, sample points,… which in normal operation sumps
Primary grade release:Sample points,PSV discharge,
, , p p , pdo not generate release to atmMost pumps, compressors,
No release sources: Pressure vessels, atm tanks, welded pipe, sealed drums,vents
Pig launchers & receivers, sumpsSome pumps, compressors, filters (if releases are part of normal operation)
Pressure vessels, atm tanks, welded pipe, sealed drums,
Hazard Mitigation Design Safety 7bHazard Mitigation – Design Safety 7bHazard Mitigation - Hazardous Area Classificationg
The lowest temperature at which, when mixed withair at normal pressure and as a consequence ofchemical reactions initiated on account solely of t t th b t ill i it d b i
Temperature classtemperature, the substance will ignite and burn in the absence of any initiating source of spark or flame.
Hazard Mitigation – Design Safety 7dHazard Mitigation – Design Safety 7dHazard Mitigation - Hazardous Area ClassificationClassified : All hydrocarbons handled at a temperatureClassified : All hydrocarbons handled at a temperature above their flashpoint are liable to generate hazardous areas,or whose flashpoint is below 37.8°C (ref API 505 & NFPA 497)
Unclassified : Liquid hydrocarbons with a flashpoint > 100°C
Flammability limits change ithwithInertsTemperaturePressurePressure
Hazard Mitigation – Design Safety 8aHazard Mitigation – Design Safety 8aHazard Mitigation - HVAC & Ventilation
HVAC unit usually is placed between the helideck and the roof of the quarters.
The living quarters and electrical switch rooms also requires a ventilation system , q y ,in the event of a gas release or fire the HVAC damper shut off preventing gas ingress. Note normally you will haveNote normally you will have fire and gas detectors at HVAC inlets to detect gas and shutdown damper especially if p p yHVAC inlet is in close proximity to the process area.
Hazard Mitigation – Design Safety 8aHazard Mitigation – Design Safety 8aHazard Mitigation - HVAC & Ventilation
Dilution ventilation (of enclosed areas) : Adequate ventilation = open area :
At least 12 air changes/hr with no stagnant areas. V til ti i b t k f
Dilution ventilation (of enclosed areas) : Ventilation at such a rate that the probability
of formation of a flammable atmosphere is so low that the area can be considered non-
Ventilation air can be taken from a non-hazardous area, or an external Zone 2 area, but must not be drawn from either Zone 0 or Zone 1 area.
so low that the area can be considered nonhazardous (i.e. gas concentration < 20% LFL).
Zone 0 or Zone 1 area.
Importance of ventilation (enclosures containing a source of release):
Grade of Adequate Inadequate Dilution Overpressurerelease
Continuous
qventilation
Zone 0
qventilation
Zone 0
ventilation
Non hazardous
pprotection
N/A
Primary
Secondary
Zone 1
Zone 2
Zone 0
Zone 1
Non hazardous
Non hazardous
N/A
Zone 2*
* Only in conjunction with adequate ventilation, when surrounded by zone 0 or 1 area.
Hazard Mitigation Design Safety 9aHazard Mitigation – Design Safety 9aHazard Mitigation - SAFETY CRITICAL ELEMENTS ( SCE)Hazard Mitigation SAFETY CRITICAL ELEMENTS ( SCE)
Hazard Mitigation – Design Safety 9bSCE exampleScenario : Vapour cloud explosion due to major leak at control valve in
Hazard Mitigation – Design Safety 9b
6 inch feed line from LPG sphereConsequence potential : Catastrophic (estimation using TOTAL risk matrix)Safety Critical Measure : Automated ESD system rated SIL2 (PFD=10E-2)Major leak probability control valve : 1.25E-4/yr (source : CHARAD 5) for 1 inch leakUpon failure of ESD system : formation of major flammable vapour cloud with potential catastrophic impact
in case of ignition*Upon success of ESD system : formation of limited flammable vapour cloud with limited in case of ignition*
LPG sphere
Logic solver
Gas detectionGas detection
66- TP Process Safety Series 2009 – Safety Critical Measures ESD system Control valve
Hazard Mitigation Design Safety 10Hazard Mitigation – Design Safety 10Hazard Mitigation - Performance Standards ( PS) – SCE’s should have
PS Description – Identifies System, linkage to MAE/Bow-Tie, Scope (Individual SCE’s e g Shut Down Valves) and PS Goal
performance standards
Scope (Individual SCE s e.g. Shut Down Valves) and PS Goal (e.g. Isolation of Hydrocarbons).
Function – Performance Standard (Isolation of Hydrocarbons), Performance Criteria (e.g. Leakage Criteria or closure time referenced against a standard) & Assurance Task (e.g. Valve Function & Leak Test) via maintenance activities (e.g. AMOS,
i SAP) t h l d t t th t th iti l tmaximo, SAP) to help demonstrate that the critical systems achieve the performance standard with the required reliability throughout their life of service.
Reliability/Availability, Survivability & Interdependency –Level of performance (e.g. ESDV should achieve 100% reliability/availability of service) and interdependency (e.g. ESDV links with ESD system).
Hazard Mitigation Design Safety 11Hazard Mitigation – Design Safety 11Hazard Mitigation - Emergency ResponseNo fire trucks offshore just the trained fire fighting team but can’t fight a major fireNo fire trucks offshore just the trained fire fighting team but can t fight a major fire
Process design issues resulting in accidentsaccidents
Spec breaks at the wrong locationSpec breaks at the wrong locationMaterial of construction not specified for minimum temperatures expectedNot meeting code requirement for area Wrong fitting for piping and fittingsWrong fitting for piping and fittingsTanks and Vessels Not Meeting Regulatory RequirementsSizing Secondary Containment ImproperlyEquipment Not Spaced Properlyq p p p yForgetting Buried Lines at Production FacilitiesNot Installing any measures for Corrosion ControlMECHANICAL RISKS due to� Low temperature weakening of not resilient construction materials� High temperature weakening, particularly with plastic constructionmaterials� High stress due to dilatation or bad supporting� Cavitation� Water hammer� Vib ti� Vibration
HAZARD REGISTERHAZARD REGISTER Becomes the summary of Hazard Identification Assessment and MitigationBecomes the summary of Hazard Identification, Assessment and Mitigation
DESIGN SAFETY FEATURES - OFFSHOREDESIGN SAFETY FEATURES OFFSHORETHYLACINE WELLHEAD PLATFORM
Utilities separate from Process
Plated Main Deck – reduces the likelihood of escalation between
Open Process Area –grated decks open from Process,
segregation of hazardous area from no hazardous
likelihood of escalation between main deck and mezzanine deck
grated decks, open sidestherefore less explosion overpressures
Main Deck
area by distance limits escalation
Mezzanine Deck
Cellar Deck
Sub Cellar Deck
Firewall
Duplex Stainless Steel Process – less corrosion issues when you start operating
Passive Fire Protection around RESDV –the RESDV will survive for some time if impacted by a jet flame
Riser inside jacket legs-prevents shIp impact with risers
DESIGN SAFETY FEATURES - ONSHORETruck loading separate from Process areaLPG bullets moundedBuffer zones between
high risk processg p
Admin away from Truck & Process area
Single Process Train
MCC Explosion Resistant
Slugcatcher –separated from process & sized optimised
Passive Fire Protection on key supports/vessels
Technical Integrity (TI) is all about management of SCE Technical Integrity (TI) is all about management of SCE ( HAZARD MITIGATION MEASURES) ( HAZARD MITIGATION MEASURES) ( )( )
ShutdownS t
Risk Control DimensionsHydrocarbon
LeakMajor
H
A
Z
COSystemsSafe
Operation
jAccidentZ
A
R
DPrevention Barrier
NSEQU
D
S Plant Design
A
Inspectionand
B
Permit towork
C
Plant changet
DOperationalE
StaffCompetence
F
EmergencyH
Mitigation Barrier
ENCES
8 Dimensions of Integrity Monitoring PlantDesign
A
andMaintenance
Inspection & Maintenance
B Permit toWork
C
management
Plant Change Management
D
pProcedures
Operations Proedures
E StaffCompetence
F
Alarms &Instruments
G
Alarms &Instruments
G
Emergencyarrangements
H
Emergency ArrangementsH
• Mech Integrity
• Ignition Control
• Thickness m’ment
• PM checks
Equip online
• Defined & understood scope of work
• Hazards identified
• Risk assessment for potential impacts
• Authorised management
• Standard’sd Operating Procedures
• Periodical review done
• Role specific competency criteria forprocess
safety• Periodic
• Fire & Gas alarms
• Routine monit’ng
of alarms / trips
• Periodic testing of
ESD / trips and emergency systems
• Periodic Mock• Fire & Blast
walls location
Equip. online
•Condition monitoring
identified, risk assessed & Controls in place
• Work
management of change
• Case to operate
review done
• Temporary procedures for changed situations
• Periodic inputs
for updating• Periodic
assessment
trips• Defined
procedure for
management of inhibits /
• Periodic Mock drills of ERP
• Emergency proceduresupdated
Each Barrier is important authorised risk assessed.
overrides• Each Barrier is important • Concurrent failure in barriers can result in Near Miss or MAE • Significant Failing in just one critical barrier sometimes is sufficient to cause incident • Continuous monitoring & testing of Barriers is needed through suitable tools
Role of Performance Standards driving TI
Summary Hazard Identification/ Assessment/ MitigationAssessment/ Mitigation Development of systematic hazard identification p y
processes Identification of gaps in controls measures Recognition of a need for ongoing improvement in control
measures Increased layers of protection and control measures Improved emergency plans
BP TECHNICAL SAFETY PROCESSBP TECHNICAL SAFETY PROCESSffo
rt
Group risk reporting (MAR) line
sk R
educ
tion
Ef
Risk Level at different CVP stages
Includes Concept,Selection, Layout and
Structural OptimisationMeasures
Continuous Risk Reduction
ctiv
enes
s of
Ris
Inherently SaferDesign (ISD)
Safety CriticalDesign Measures
P d l
Residual Risk
Appraise | Select | Define | Execute | Operate
Effe
c (SCDM) ProceduralMeasurements
TOTAL TECHNICAL SAFETY PROCESSTOTAL TECHNICAL SAFETY PROCESS
Figure 3 Hazard IdentificationHazard Identification
S i &S i &
Step 1
Figure 3 Hazard IdentificationHazard Identification
S i &S i &
Step 1
PreliminaryRisk Assessment
PreliminaryRisk Assessment
Scenarios & Critical Events Register
Scenarios & Critical Events Register Hazardous EventsHazardous Events
Step 2 PreliminaryRisk Assessment
PreliminaryRisk Assessment
Scenarios & Critical Events Register
Scenarios & Critical Events Register Hazardous EventsHazardous Events
Step 2
Quantitative Risk Analysis (QRA)
Safety– Individual Risk
Quantitative Risk Analysis (QRA)
Safety– Individual Risk
Detailed Analysisof Scenarios
Safety, Environment & Asset
Detailed Analysisof Scenarios
Safety, Environment & Asset
ScenarioScenario Assessment ofIndividual Risk
Step 3Quantitative
Risk Analysis (QRA)Safety– Individual Risk
Quantitative Risk Analysis (QRA)
Safety– Individual Risk
Detailed Analysisof Scenarios
Safety, Environment & Asset
Detailed Analysisof Scenarios
Safety, Environment & Asset
ScenarioScenario Assessment ofIndividual Risk
Step 3
ScenarioRisk Assessment
ScenarioRisk Evaluation
Assessment ofIndividual RiskIndividual Risk
Evaluation
Risk Reduction WorkshopALARP Demonstration
Risk Reduction WorkshopALARP Demonstration IterationsIterations
Step 4
ScenarioRisk Assessment
ScenarioRisk Evaluation
Assessment ofIndividual RiskIndividual Risk
Evaluation
Risk Reduction WorkshopALARP Demonstration
Risk Reduction WorkshopALARP Demonstration IterationsIterations
Step 4
Action Plan,Risk RegisterAction Plan,Risk Register
e o st at oCost Benefit AnalysisCost Benefit Analysis
Step 5 Action Plan,Risk RegisterAction Plan,Risk Register
e o st at oCost Benefit AnalysisCost Benefit Analysis
Step 5
Scenario based method QRA methodCommon to both methodsScenario based method QRA methodCommon to both methods
Sometimes we can still get it all wrongg g
Even before the platform reaches its final location we need to ensure we design adequately for the transportation
phase …….phase …….
….. the wonderful sight of the completed platform sailing away towards the sunset …..
….. but unfortunately, the design engineer didn’t get his calculations quite right …..
Main hazards of substances
Flammability Oxidizing agents Pyrophoric products
ACETYLENE :FLAMMABILITY LIMITS (% by volume in air):Lower: 2.5Upper: 100 –an extremely
id !!!!Oth Instability Reactivity Toxicity Corrosivity
wide range!!!!Other chemicals with wide range : hydrogen, ethylene
Corrosivity
FLASH POINT -Temperature above that the vapour pressure of a liquid can be ignited by a flame in a given atmosphere (generally : air)
MINIMUM OXIDANT CONCENTRATION -Minimum concentration of the oxidant (generally oxygen) in the atmosphere to allow the combustion of a given combustible
AUTO-IGNITION TEMPERATURE -Lowest temperature above which a given combustible can ignite spontaneously at an optimal concentration in a given atmosphere (generally : air)concentration in a given atmosphere (generally : air)
MINIMUM IGNITION ENERGY -Lowest Energy of an electric spark able to ignite a mixture at the optimal concentration of a given combustible in a given atmosphere (generally : air)
Things to consider at HAZOPg
Low pressure: force is pressure time area so at low pressure if area is large force becomes large. A pressure of 100 mbarg on a surface of 1 77 m² results in a force of 17700 N A force of 17700 N can give an acceleration of 9 8 m/s² to a weight of about 1800 kgsurface of 1.77 m² results in a force of 17700 N. A force of 17700 N can give an acceleration of 9.8 m/s² to a weight of about 1800 kg which is like 1800 kg falling from a height !!!
Vacuum : Most equipment can not withstand underpressure. A very slight pressure drop (< 100 mbarg) is sufficient to damage equipment not designed for vacuum (tanks, vessels, etc.).
Small bore piping: Risk factors are Diameter, Pressure, Vibrations & insulation. Design of small bores: should consider layout, Schedule, Material selection, and avoid Excessive load
Importance to include Materials and Corrosion in process development. Materials can play a role in corrosion but also processImportance to include Materials and Corrosion in process development. Materials can play a role in corrosion but also processconditions. A chemical product can be corrosive to a given material in givenconditions and not in other ones
HIGH TEMPERATURE due to� Control failure� Cooling failure� Cooling failure� External fireLOW TEMPERATURE due to� External temperature (icing, plugging)� Sudden depressurisation of liquefied gasesHIGH LEVEL and OVERFLOW due to� Control failure� Bottom connection of two tanks of different heightOVERPRESSURE due to� Control failure� Cooling failure (distillation condenser)� Overheating (external fire, ambient temperature, …)� Vent plugging (polymers, crystallisation,…)� Badly designed collecting network (back pressure)� Badly designed pressure limitation devices
Degradation modes encounteredDegradation modes encountered
� Corrosion (uniform Pitting Crevice Stress Cracking � Corrosion (uniform, Pitting, Crevice, Stress Cracking, Intergranular, Galvanic, Selective, erosion, H2)
� Abrasion / wear / friction � Abrasion / wear / friction � Fatigue � High temperature corrosion � High temperature corrosion � Creep � + combination of these modes � + combination of these modes � Ageing of polymers � Permeability � Permeability
Prevention of leaks and spillages Controlling ignition sources � Tightness of equipment assembly � Upper and lower limit of pressure and temperature � Flanges facing carefully chosen in sever operating conditions � Number of flanges to be minimized � Assembly checked
Controlling ignition sources� Sources of ignition� To identify and tend to eliminate them� Some examples� Electrical; friction; hot surfaces; burner flames; static l t i it k � Tightness of mobile element
� Pumps � Double mechanical seals or tandem arrangements � Magnetic drive pump � Valves
� B ll fitt d l
electricity spark;etc…� Controlling static electricity� Bonding and grounding� Relaxation
� Bellow fitted valve Prevention of leaks and spillages � Strength of equipment � Rules of design � Regulations � External recommended rules
� Increasingconductivity with additives� Dip pipesControlling ignition sources� Controlling electrical equipment� Hazardous area classification � External recommended rules
� Internal recommended rule � Potential corrosion to be taken into account � Control of overfilling � Instrumentation (level control, alarm, high level trip) � Suitable relief discharge with gas/liquid separating drum upstream
� Hazardous area classification� Directive 1999/92/CE (“ATEX 118a” for “safe use”)� Zone 0; 1; 2 for gases (20;21;22 for cloud of combustible dust)� Classification of equipment� Di ti 94/9/CE (“ATEX 100 ” f “f t d ”)g g q p g p
from treatment facility \Safety valve � Emergency isolation valves or shut-off valves to prevent a serious leak � Remote operated valves (operator)
� Directive 94/9/CE (“ATEX 100a” for “free trade”)� Group II – Category 1; 2; 3� Safeguarding of electrical equipment� Selection of electrical equipment� Directive 1999/92/CE
� Automatic operated valve (part of a fully automatic system based on physical parameter sensors and/or gas detectors) � Excess flow valve � Shut off or reduce leaks � Emergency material transfer
� Correspondence between “zones” and “categories”
Vessels
Mechanical Integrity – Scope (29 CFR 1910.119)(j) Vessels
Pressure vessels Storage tanks
Pipingp g Piping Systems Components (valves, connections, etc.)
Relief Systems and ComponentsRelief valves and components Relief valves and components
Flare system (including headers, flare tips, knock-out drums, etc.) Emergency Shutdown Systems
Master control devices Remotely operated valves
Controls Monitoring devices (LEL detectors, UV flame detectors, etc.)
Alarms Alarms Suppression systems Safety Instrumented Systems (SIS), interlocks, etc.
Pumps, and other Rotating Equipment
83
Ignition Sources & Controls
Fire or Flames Furnaces and Boilers Spacing & Layout Flares Spacing & Layout Welding Work Procedures
S k f T l W k P d ti t l Sparks from Tools Work Procedures, pneumatic tools, … Spread from other Areas Sewer Design, Diking, Weed Control,
Housekeeping Matches and Lighters Procedures
Hot Surfaces Hot Pipes and Equipment Spacing (>600 °F)
A tomoti e Eq ipment Proced res Automotive Equipment Procedures
Electrical Sparks from switches/motors Area Classification Sparks from switches/motors Area Classification Static Grounding, Inerting, Relaxation Lightning Snuffing, grounding, injection of steam in the vent Hand Held Electric Equipment Procedures
84- TP Process Safety Series 2009 – Consequences estimation
General principles:General principles: Provide access for fire fighting
Provide clearance for maintenance (safe blinding Provide clearance for maintenance (safe blinding, opening, etc) and removal (with mobile equipment) Heavy equipment (> 100 kg) should be located at ground Heavy equipment (> 100 kg) should be located at groundlevel (if possible) Equipment (pumps heat exchangers etc) that need to be Equipment (pumps, heat exchangers, etc) that need to be maintained, opened, etc on a regular base should be located at the boundary of the unit located at the boundary of the unit. Equipment containing flammable materials should belocated away from air coolerslocated away from air coolers
