Version: 1.0 Last Edited: 2005-10-27. Guideline



Similar documents
Safety Requirements Specification Guideline

Version: 1.0 Latest Edition: Guideline

Hardware safety integrity Guideline

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September Answers for industry.

Controlling Risks Safety Lifecycle

Safety Integrity Level (SIL) Assessment as key element within the plant design

Basic Fundamentals Of Safety Instrumented Systems

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems

DeltaV SIS for Burner Management Systems

TÜV FS Engineer Certification Course Being able to demonstrate competency is now an IEC requirement:

IEC Overview Report

Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance

Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

Fire and Gas Solutions. Improving Safety and Business Performance

On-Site Risk Management Audit Checklist for Program Level 3 Process

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC AND IEC IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF

SafeProd. Functional safety in complex products.

Mitigating safety risk and maintaining operational reliability

3.4.4 Description of risk management plan Unofficial Translation Only the Thai version of the text is legally binding.

TABLE OF CONTENT

Safety controls, alarms, and interlocks as IPLs

What Now? More Standards for Safety and Regulatory Compliance

ORC TURBOGENERATOR TYPE CHP - Organic Rankine Cycle Turbogenerator fed by thermal oil, for the combined production of electric energy and heat -

Functional Safety Management: As Easy As (SIL) 1, 2, 3

Planning Your Safety Instrumented System

Frequently Asked Questions

Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator

PFSE Premier Functional Safety Engineering Safety Instrumented Systems Course Outline

Viewpoint on ISA TR Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

Why SIL3? Josse Brys TUV Engineer

USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION. Dr. Angela E. Summers, PE. SIS-TECH Solutions, LLC Houston, TX

Government Degree on the Safety of Nuclear Power Plants 717/2013

What is CFSE? What is a CFSE Endorsement?

Control measures for a major hazard facility

SIL manual. Structure. Structure

GAS LEAKAGE DETECTION & AUTO ON-OFF GAS SYSTEM

A methodology For the achievement of Target SIL

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

SILICON VALLEY CLEAN WATER. May 2015

BC & BCH SERIES INDOOR / OUTDOOR INSTALLATION

Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons

A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION

Rx Whitepaper. Using an Asset Management Framework to Drive Process Safety Management and Mechanical Integrity

Does Aligning Cyber Security and Process Safety Reduce Risk?

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

Alarm Philosophy Document Template. Prepared for: Customer Company Name

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

USER S MANUAL. MaxPower UPS. Uninterruptible Power System 28-2MAXPO0018

Performance Standard for Secondary Containment

Guidance on Process Safety Performance Indicators

Logic solver application software and operator interface

WASTE Application Form - Dublin Waste to Energy SECTION J ACCIDENT PREVENTION & EMERGENCY RESPONSE

Boiler Preparation, Start-Up and Shutdown

Is your current safety system compliant to today's safety standard?

Alarm Management What, Why, Who and How?

Explosion of a gasoline vapour cloud formed in a hydrocarbon loaded effluents storage tank 10 December 1999 Arquata Scrivia Italy

STORE HAZARDOUS SUBSTANCES SAFELY. incompatibles gas cylinders

AMS Suite: Intelligent Device Manager

SIS Smart SIS 15 minutes

Safety Integrity Level (SIL) Studies Germanischer Lloyd Service/Product Description

5/3/2010. Article 500 address the requirements for hazardous locations: Wiring Equipment

Liberty Mutual Insurance RISK ENGINEERING PROCEDURE. REP 07 Incident Planning For external use

WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS)

Control Device Requirements Charts For Oil and Gas Handling and Production Facilities

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

Final Element Architecture Comparison

SIL in de praktijk (Functional Safety) Antwerpen Compliance of Actuators and Life Cycle Considerations. SAMSON AG Dr.

Preventing Overheated Boiler Incidents

Flame Conductivity VS Flame Rectification Systems

Michael A. Mitchell, Cameron Flow Control, DYNATORQUE Product Manager

Boiler & Pressure Vessel Inspection discrepancies and failures

EXHIBIT A SCOPE OF WORK

Terminology and Symbols in Control Engineering

SECTION PACKAGED ROOFTOP AIR CONDITIONING UNITS NON-CUSTOM

Contents. Introduction

Ontario Fire Code SECTION 5.13 DIP TANKS. Illustrated Commentary. Office of the Ontario Fire Marshal

Gas Standards and Safety. Guidance Note GAS INSTALLATIONS SUPPLIED FROM BIOGAS FACILITIES - ACCEPTANCE REQUIREMENTS GAS ACT 2000

HAZARD RISK ASSESSMENT

PART 11: START-UP PROCEDURES FOR THE INSTALLER

Failure code manual. content

RGC-IR Remote Gas Calibrator for IR400

Functional safety. Essential to overall safety

Degree programme in Automation Engineering

14. Troubleshooting Guide

PBX Series Quick Fit Connector Bimetallic Steam Traps

QUANTITATIVE RISK ASSESSMENT AND MODELING: FIRE RISKS OF CNG-POWERED BUSES

Master Class. Electrical and Instrumentation (E &I) Engineering for Oil and Gas Facilities

AIR CUT OFF KIT INSTALLATION INSTRUCTIONS

Practical Guidelines for Electrical Area Classification in Combustion Turbine-Generator Power Plants

Process Safety Management Guide. 4th Edition

by Paul Baybutt and Remigio Agraz-Boeneker Primatech Inc. 50 Northwoods Blvd. Columbus, Ohio, USA

Section 7. Evaporator thermistor. Under-and-over pressure safety switches. Connections to the ECU

Jump Start: Aspen HYSYS Dynamics V7.3

Hazard Operability Studies (HAZOP) Germanischer Lloyd Service/Product Description

Transcription:

Process hazard and risk Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1-

Summary This report will try to describe the different steps that must be taken as part of the risk. Following main activities are identified: Defining the process and its Basic Process Control System (at this point no Safety Instrumented Functions (SIF:s) should be visible) Perform a process hazard to identify if any further actions must be taken to reduce the risk. Identify those hazardous situations where it is appropriate to use a SIF to reduce the risk The selection of SIL level for each identified SIF is described in a separate document called Process hazard and risk Risk graph matrix. This report is one of the results of the research project SafeProd supported by VINNOVA (Swedish Agency for Innovation Systems). More information about the project could be found at. -2-

TABLE OF CONTENTS 1 Introduction... 4 1.1 Purpose... 4 1.2 References...4 1.3 Scope... 5 1.4 Audience... 5 2 Definitions and abbreviations... 6 3 Description of the basic process control system... 7 4 Process hazard and risk... 8 Appendix1 Process hazard and risk form... 12-3-

1 Introduction This report is one of the results of the research project SafeProd supported by VINNOVA (Swedish Agency for Innovation Systems). More information about the project could be found at. 1.1 Purpose In order to fulfil the requirements in the standard a hazard and risk assessment shall be performed. Most companies develop their own format of the hazard and risk assessment. This document provides one possible example on how a hazard and risk assessment could be structured. One of the first aspects that must be considered in the beginning of a new project is to identify potential hazards that could occur and decide how to handle these by for instance implementing so called Safety Instrumented Functions (SIF:s). The aim with this document is to try to describe the requirements concerning risk in the standard. 1.2 References [1] -1 Functional safety- Safety instrumented systems for the process industry sector, Part 1: Framework, definitions, system, hardware and software requirements [2] -2 Functional safety- Safety instrumented systems for the process industry sector- Part 2: s for the application of -1 [3] -3 Functional safety- Safety instrumented systems for the process industry sector- Part 3: Guidance for the determination of the required safety integrity level -4-

1.3 Scope This document covers the parts in concerning process hazard and risk. The hazard and risk (1) and the allocation of safety functions to protective layers (2) is the first two blocks in the safety life cycle according to -1. See figure 1. Management of functional safety and functional safety assessment and auditing Safety lifecycle structure and planning 1 Hazard and risk assessment 2 Allocation of safety functions to protection layers Verification 2 Allocation of safety functions to protection layers 1 Hazard and risk assessment 3 Safety requirements specification for the safety instrumented system 4 Design and engineering of safety instrumented system Design and development of other means of risk reduction 3 Safety requirements specification for the safety instrumented system Design and development of other means of risk reduction 5 Installation, commissioning and validation 6 Operation and maintenance 7 Modification 8 Decommissioning Figure 1. Hazard and risk and Allocation of safety functions to protection layers life-cycle phases, - 1:2003 1.4 Audience Persons involved in hazard and risk. -5-

2 Definitions and abbreviations basic process control system (BPCS) system which responds to input signals from the process, its associated equipment, other programmable systems and/or an operator and generates output signals causing the process and its associated equipment to operate in the desired manner but which does not perform any safety instrumented functions with a claimed SIL 1 (3.2.3 in -1) fault abnormal condition that may cause a reduction in, or loss of, the capability of a functional unit to perform a required function (3.2.21 in -1) failure termination of the ability of a functional unit to perform a required function (3.2.20 in -1) error discrepancy between a computed, observed or measured value or condition and the true, specified or theoretically correct value or condition (3.2.18 in -1) hazard potential source of harm (3.2.31 in -1) hazardous situation circumstance in which a person is exposed to hazard(s) (3.1.3 in IEC 61508-4) hazardous event hazardous situation which results in harm (3.1.4 in IEC 61508-4) harm physical injury or damage to the health of people, either directly or indirectly, as a result of damage to property or to the environment (3.2.30 in -1) instrument apparatus used in performing an action (typically found in instrumented systems) (3.2.38 in IEC 61511-1) NOTE Instrumented systems in the process sector are typically composed of sensors (for example, pressure, flow, temperature transmitters), logic solvers or control systems (for example, programmable controllers, distributed control systems), and final elements (for example, control valves). In special cases, instrumented systems can be safety instrumented systems (see 3.2.72 in -1). process risk risk arising from the process conditions caused by abnormal events (including BPCS malfunction) NOTE 1 The risk in this context is that associated with the specific hazardous event in which SIS are to be used to provide the necessary risk reduction (i.e., the risk associated with functional safety). (3.2.54 in -1) safety instrumented function (SIF) safety function with a specified safety integrity level which is necessary to achieve functional safety and which can be either a safety instrumented protection function or a safety instrumented control function (3.2.71 in -1) -6-

3 Description of the basic process control system Before the hazard and risk assessment should be started it is important that it exists an adequate description of the process and its associated basic process control system (BPCS). This description should not include any safety measures as the focus of the process hazard and risk will be to determine whether these are necessary or not. When a hazard and risk assessment should be performed on an existing process including the control system it may be difficult to decide out which parts that should be included in the description as many safety features are already included in the existing system. It is always easier when a new process control system should be designed. In this case aspects of safety measures are not considered before the process hazard and risk assessment is started. This conceptual description of the process and its associated BPCS will provide input to the hazard and risk assessment. -7-

4 Process hazard and risk An example of a process hazard and risk form is described in appendix 1 of this report. It is important to emphasize that this is only one example on how to structure the hazard and risk assessment and it is the responsibility of each individual company to perform the process hazard and risk in an appropriate way. The aim with this form is to try to include aspects related to the risk described in. This chapter describes the aspects that are included in the process hazard form. The headings used below are the same as you find on the form. The information provided is aimed to facilitate the use of the form. Phase: During the life cycle of the process plant it will pass through a number of different phases. Below follows examples of a number of different phases: start-up normal operation shutdown maintenance manual intervention loading process upset emergency shutdown It is important that the process hazard considers all phases of the process plant in order to be able to identify all hazardous events that could occur. No: This is only a consecutive number. Mode: Informs about in which mode the process is running for a certain life cycle phase. For instance in the phase called normal operation following modes could for instance exist: start-up normal running stop For less complex systems it could be more efficient to remove the Mode column from the form and combine the Mode column with the Phase column. -8-

Hazard: In -1 hazard is defined as potential source of harm. Below follows some examples of hazards: Combustible substance Explosive substances Toxic fumes Substances kept at high pressure in a containment (for instance a tank) Objects or material with a high or low temperature Radiation from heat sources Ionising radiation source Energy release during decomposition of a substance The hazards described above are examples on hazards and when a company performs a process hazard it is important that all relevant hazards are considered. One way to identify hazards could be to investigate which kind of hazardous events that have occurred earlier in the process plant. Hazardous events: In -1 hazardous event is defined as hazardous situation which results in harm. Each identified hazard could give a number of different hazardous events. For each identified hazardous event it should also be described which factors that did contribute to it As an example the hazard Combustible substance could give the following hazardous events: Pool fire outside a tank, due to leakage, when an ignition source is present Flash fire inside a tank when an ignition source is present Factors that could contribute to the leakage in the tank could for instance be: Bad connection joint Gasket damage Tube damage Pipe damage Sequence of events leading to the hazardous event: A certain hazardous event could occur depending on many different sequences of events. It is important to go through all sequences that could give a certain hazardous event to find out which of these sequences that have got the highest frequencies. One commonly used technique to find out the frequency for each hazardous event is called LOPA (Layers Of Protection Analysis). As an example the hazardous event Eruption of a tank due to high pressure could for instance be reach by the following sequences of events: Too high flow of liquid into the tank caused by a fully opened inlet valve Too low (reduced) discharge flow of liquid from the tank resulting from a constantly closed outlet valve Chemical reaction inside the tank leading to a rapid volume expansion and increased pressure -9-

Determination of requirements for risk reduction: This part of the process hazard and risk form estimates the consequence and frequency of each identified hazardous event. The estimation of consequences is split into the following five categories: H=Health E=Environment I=Image P=Property L=Loss of production All these aspects are important to consider in the estimation of consequences and of course will that above category with the highest consequence level give the overall requirement on risk reduction. Each of these five consequence categories are divided into five different levels 1=Small 2=Slight 3=Large 4=Very large 5= Disastrous It is important to point out that it is the responsibility of each individual company to, by themselves, define more in detail each consequence level! Also the frequencies could be divided into five different levels: 1= Once in 1000 years 2= Once in 100-1000 years 3= Once in 10-100 years 4= Once in 1-10 years 5= More often than once a year This is only an example of how frequencies could be divided into different levels. It is important to point out that it is the responsibility of each individual company to, by themselves, define more in detail each frequency level! The consequence- and frequency numbers are placed in a 5 by 5 matrix and depending on how this matrix is calibrated it will inform about when additional risk reduction is necessary or not. It is important to point out that it is the responsibility of each individual company to, by themselves, calibrate the matrix! Safety measures required (Yes/No)? If the risk estimation has given that no additional safety measures are required it will not be necessary to fill in the rest of this form (the columns to the right of this one) If the risk estimation has given that additional safety measures are required the complete form must be filled in. To keep up the efficiency during the initial process hazard and risk one possibility could be to only fill in the first part of this form and exclude the rest of the columns. These columns could be filled in at a later stage for those hazardous events where additional safety measures are required. -10-

Is it possible to reduce or remove the hazard? This column informs about the possibility to reduce or completely remove the hazard. For some hazardous situations it may be possible to reduce or remove the hazard but in some situations it will not be possible because the hazard itself is part of the main process. As an example some kind of Combustible substance could be an important part in a process and in that case it will not be possible to remove thi hazard. Is it possible to interrupt the hazardous sequence? In some situations it could be possible to interrupt the hazardous sequence and in that way avoid that a hazardous event occurs. Safety function partly/completely realised by other technology or/and external risk reduction facilities: This column includes safety functions that are not based on electrical/electronic and programmable electronics. This could for instance be Safety instrumented function (SIF): In those cases where it is necessary to use a SIF this column gives a description of the SIF, in effect what is the aim with the safety instrumented function: Examples on different SIF:s: Opening of a safety valve when the temperature increases a certain level (prevention layer) Opening of a safety valve when the pressure reaches a certain level (prevention layer) Automatic start of a fire-extinguishing system when a fire is detected (mitigation layer) Safety instrumented functions (SIF:s) are used in the mitigation layer and prevention layer as defined in -1. Community Emergency Response Plant Emergency Response Mitigation SIS Prevention BPCS Process Comments: In this column it is possible to add additional information and comments. -11-

Appendix1 Process hazard and risk form -12-

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information