Hazop Sif Sil
-
Upload
haarika1006 -
Category
Documents
-
view
160 -
download
18
description
Transcript of Hazop Sif Sil
1
Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL Page 1
HAZOP – SIF - SIL
Global Safety Solutions Center
British GasMumbai - IndiaNovember, 2007
Page 2Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
HAZOP, SIF, SIL
Risk identification
Layers of protection
What are SIFs
Determine SIL
2
Page 3Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Risk assessment and SIL classification
Hazard and risk assessment
Allocation of safety functions
Safety requirements specification
1
2
3
Man
agem
ent o
f fun
ctio
nal s
afet
y
Safe
ty li
fecy
cle
Safe
ty li
fecy
cle
10 119
IEC 61511
No methodprescribed
General method : HAZOPHazard and operability study
Page 4Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Characteristics of the HAZOP method
Systematic Hazard Identification method for ProcessesTeam brainstorm sessionsBasis: P&ID drawingsUse of Guide words (ICI method)Wide spread use in Industry and Engineering Contractors
Results:Overview of all possible unwanted disturbancesDeterminate what safeguards in placeAction planning for improvements or required clarifications
HAZOP
3
Page 5Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Basic explanation
HAZOP technique provides opportunities to use your imaginations, going free and think of all possible ways in which hazards or operating problems might arise.
Reduce chance of missing something and therefore: do it in a systematic way!
Each pipeline, vessel, process part, etc has to be considered in turn.
To be done in a team. Members can stimulate each other and build upon each other’s ideas.
HAZOP
Page 6Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
What we need !
Line diagrams or P&ID’s have to be complete and in front of each team member.
Process description has to be in place and complete.
Possible applicable Safety Functions as relief valves and Sensors/Safety Valves can be already proposed by the Process engineers, but have to be examined and justified fully.
Document the results of the HAZOP and justify Safety Functions!
HAZOP
4
Page 7Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Select deviation from “normal”
Move on to next deviation
No
Select node
Determine SAFEGUARD - SIF / Mechanical / Mitigation
Determine sensors and final elements (SIF)
Can it become hazardous? (Prevent efficient operation?)
Yes
Will the Control System adjust this deviation in time?
Yes
Control System fails, acts wrong, operator acts wrong
Yes
Describe possible hazard consequence
No
Consider other causes of deviation
No
Is deviation possible? - Possible cause?
Yes
HAZOP procedure
Page 8Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
HAZOP Requirements
HAZOP tables to be filled in during the sessions (preferably with
video projection) by the secretary.
The team need to consist of different disciplines: Operator,
Process Design, E&I, Mechanical.
Experienced Chairman vital for the results and efficiency
Don’t try to solve all problems identified
Limit the duration: max. 6 hours a day.
Avoid external disturbances during the sessions
HAZOP
5
Page 9Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Hazop Method
Preparation:
Collect all information (P&ID, Process description)
Check whether info is up-to date!
Split the process in ‘functional nodes’ and indicate intention of the function
During the sessions:
One of the team members briefly explain each node before the analysis starts
The chairman starts to use the all relevant Guide words (More, Less etc.) for all
relevant Parameters (Temperature, Pressure etc.)
HAZOP
Page 10Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Guide words:
No
More
Less
Partly
As well as
Reverse
Other than
HAZOP
6
Page 11Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
HAZOP
Page 12Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
HAZOP
7
Page 13Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Layers of protection : Onion model
Community Emergency Response
TT
Process Design
Basic Controls
Critical Alarms and Manual Intervention
Automatic Action (SIF)
Physical Protection (Bund wall)
Plant Emergency Response
Page 14Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Layers of protection
Human layer
Control layer
Protective layer (instrumented)
Protective layer (physical)
Mitigation layer
Process
8
Page 15Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
PEFS example (2 phase separator)
LRCA-003
PRCA-002 Gas out
Oil out
Emulsion inUZ-101 H
LRCA003 L
TIA001
H
LZA001
H
002PRCA
H
Human layer
Control layer
Protective layer (instrumented)
Protective layer (physical)
Mitigation layer
Process
Page 16Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
SIF # 1 (e.g. SIL 4)
AvailabilityAll loops may effectAll loops may effectthe process availabilitythe process availability
SIF # 4 (e.g. SIL 2)
SIF # 2 (e.g. SIL 3)
SIF # 3 (e.g. SIL 3))
SIF # 5 (e.g. SIL 1)
finalfinalelementelement
finalfinalelementelement
sensorsensor
sensorsensor
sensorsensor
sensorsensor
sensorsensor
triple voted
Safety Instrumented SystemSafety Instrumented System
finalfinalelementelementfinalfinal
elementelement
dual voteddual voted
logiclogicsolversolver
SIFs
9
Page 17Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Determine target SIL
Page 18Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Determine target SIL
IEC61508 : part 5ALARPRisk GraphRisk Matrix
IEC61511 : part 3 alsoFTA : Fault Tree AnalysesLOPA : Layers Of Protection Analyses
10
Page 19Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Alarp Principle
UnacceptableRegion
TolerableRegion
BroadlyAcceptableRegion
Incr
easi
ng I n
divi
dua l
Ris
k a n
d So
cia l
Con
cern
s
NegligibleRisk
Risk can not be justified except in extraordinary circumstances
Risk is tolerable only if:a. Further Risk reduction is
impractical or if it’s cost isdisproportionate to theimprovement gained or
b. Society desires the benefit ofthe activity given the associated Risk
As Risk is reduced, the less, inproportion, it is necessary to spendto satisfy ALARP, The concept ofdiminishing proportion isrepresented by the triangle
Level of residual risk regarded asnegligible, and further measures toreduce risk not usually required. Noneed for detailed working todemonstrate ALARP
I
II
III
IV
Intolerable Risk
Undesirable Risk and only Tolerable if Risk reductionis impracticalor if costs are grossly disproportionate to risk reductiongained
Tolerable Risk if the cost of riskreduction would exceed the improvement gained
NegligibleRisk
Interpretation Risk
Classes
Page 20Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Risk Graph (determination of SIL)
C Consequence of hazard– CA: Minor injury– CB: Serious injury, death of one person– CC: Death to several persons– CD: Very many people killed
F Frequency of exposure to hazard– FA: Rare to more often– FB: Frequent to permanent
P Possibility to avoid hazard– PA: Possible– PB: Almost impossible
W Probability of occurrence of hazard– W1: Very low– W2: Low– W3: High
CA
FA
PA
w3
a
1
2
3
4
b
CB
CC
CD
FB
FAFB
FA
FB
PB
PAPB
PAPB
PA
PB
X1
X2
X3
X4
X5
X6
w2
---
a
1
2
3
4
w1
---
---
a
1
2
3
--- No safety requirementsa No special safety requirementsb A single E/E/PES is not sufficient1- 4 Safety Integrity Level
CB; FA ; PB => SIL 1
CC; FB ; PB => SIL 3
1. Unmanned installation:
2. Manned installation:
11
Page 21Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Risk Graph (determination of SIL)
Page 22Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Risk Matrix
Consequences Demand Rate (time between demands)
Health and Safety
Economics (Loss in €)
Environmental effect
Negligible Demand
> 20 years
4 - 20 years
0.5 - 4 years
0 - 0.5 years
Slight Injury or Health Effect
Slight < 10 k Slight - - a 1 a 2 a 2
Minor Injury or Health Effect
Minor 10 k - 100 k Minor - a 1 a 2 1 2
Major Injury or Health Effect
Medium 100 k - 1 M Local - a 2 1 2 3
1 – 3 Fatalities
Major 1 M - 10 M Major - 1 2 3 4 (x)
Multiple Fatalities
Extensive > 10 M Massive - 2 3 4 (x) x
12
Page 23Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
LOPA: example of defenses
Initiating events Pro
tect
ion
laye
rshazardReleased hazard ConsequencesC
ondi
tiona
l m
odifi
ers
Miti
gatio
nla
yers
The PZHH
function
Downstream blockage
Loss of containment
Explosion of gas cloud
One operator killed and 6 months downtime
pre-alarm and trip
RV pops Flaring RV repair &Environmental impact
ignition exposure
Page 24Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
SIL Classification Methodology
Team effort:• Facilitator• Process Eng.• Operations/Maintenance Eng.• Safety Eng (pt)• Rotating Equipm. Eng (pt)
Consequence of Failure on Demand– Narrative describing:
• Failure on demand => hazardousevents => ultimate consequences
• Consequence severity• Personal Safety, Environment,
Economics
Demand scenario– Most likely initiating events– Other protections (not the SIF under
consideration)
Design intent of SIF– Hazardous situation to be protected
against
Identify the SIF– SIF ID – SIF description– References to HAZOP
13
Page 25Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
EXAMPLE Risk Matrix
Consequences Demand Rate (time between demands)
Health and Safety
Economics (Loss in €)
Environmental effect
Negligible Demand
> 20 years
4 - 20 years
0.5 - 4 years
0 - 0.5 years
Slight Injury or Health Effect
Slight < 10 k Slight - - a 1 a 2 a 2
Minor Injury or Health Effect
Minor 10 k - 100 k Minor - a 1 a 2 1 2
Major Injury or Health Effect
Medium 100 k - 1 M Local - a 2 1 2 3
1 – 3 Fatalities
Major 1 M - 10 M Major - 1 2 3 4 (x)
Multiple Fatalities
Extensive > 10 M Massive - 2 3 4 (x) x
Page 26Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Health and Safety Consequences
Effect Description
Slight injury First aid case and medical treatment case. Not affecting work performance or causing disability.
Minor injury Lost time injury. Affecting work performance, such as restriction to activities or a need to take a few days to fully recover (maximum one week).
Major injury Including permanent partial disability. Affecting work performance in the longer term, such as prolonged absence from work. Irreversible health damage without loss of life, e.g. noise induced hearing loss, chronic back injuries.
1 - 3 fatalities Also includes the possibility of multiple fatalities (1 -3) in close succession due to the incident, e.g. explosion.
Multiple fatalities Catastrophe due or in close succession to the incident.
14
Page 27Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Economic Losses
Effect DescriptionSlight damage No disruption to operation< 10 k€
Minor damage Brief disruption10 k€ - 100 k€
Local damage Partial shutdown that can be100 k€ - 1 M€ restarted
Major damage Partial operation loss (2 weeks1 M€ - 10 M€ shutdown)
Extensive damage Substantial or total loss of operation> 10 M€
Page 28Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
Environmental Consequences
Effect DescriptionSlight effect Local environmental damage. Within the fence
and within systems. Negligible financialconsequences.
Minor effect Contamination; damage sufficiently large to attack the environment; No permanent effect on the environment.
Local effect Limited loss of discharges of known toxicity; Affecting neighborhood beyond the fence.
Major effect Severe environmental damage. The company is required to take extensive measures to restore the contaminated environment to its original state.
Massive effect Persistent severe environmental damage or severe nuisance extending over a large area. In terms of commercial or recreational use or nature conservancy, a major loss for the company.
15
Page 29Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
What are the SIFs ?
LRC
Thermal or FireRelief onlysetting 60 barg
DesignPressure60 Barg
100
V100
LCV100
PRCA
H
100
PCV100
SP50 barg
120 Bar
Hydrocarbons
SIF 1 : to protect the pump against gas.
SIF 2 : to protect the vessel againstoverpressure
P1
Page 30Copyright © 2007 Yokogawa System Center Europe B.V.HAZOP – SIF - SIL
HAZOP, SIF, SIL
Known your risks : HAZOP
Define your SIFs
Determine the SIL for each SIF
Document all safety relevant requirements(SRS : safety requirement specification)
Questions?