Karl Watson, ABB Consulting Houston LOPA · Outline of Presentation Storage Tank Case Study...
Transcript of Karl Watson, ABB Consulting Houston LOPA · Outline of Presentation Storage Tank Case Study...
LOPA A Storage Tank Case Study
Karl Watson, ABB Consulting Houston
© ABB Inc. September 20, 2011 | Slide 1
Introduction – Karl Watson
PSM Consultant, ABB Consulting
Based in Houston, US
Chartered Instrument Engineer
24 years experience in Process Industry
ICI Chemical and Polymers, ICI Engineering, ABB
Consulting
Specialist in Functional Safety
Outline of Presentation
� Storage Tank Case Study
� Simplified overview of SIL
� 3 Steps to SIL
� LOPA
� What you should consider
� Establish good practices
� Identification of improvements
Case Study – Gasoline Storage
© ABB Inc. September 20, 2011 | Slide 4
LILHHA
LHA
LIA
LHHH
Manual
ESD
Is this installation Safe ?
TI
Functional Safety Standard - IEC61508
� Simplify the process into 3 steps
� Set the Target Safety Integrity Level (SIL)
� Design to meet the Target SIL
� O&M to continue to meet the Target SIL
IEC61511/ISA84 :
Process Sector
IEC61508
Medical SectorIEC61513 :
Nuclear Sector
IEC62061 :
Machinery Sector
Step 1 Set the Target SILHazardous Event
� Loss of Containment due to overfill
� Flashfire
� No confinement, limited release before detection
� 1 Person in the area – potential single fatality
� Company Tolerable Frequency – 1E-05/yr (example only)
© ABB Inc. September 20, 2011 | Slide 6
LILHHA
LHA
LIA
LHHH
Manual
ESD
TI
What could cause this event?
� Failure of Level Indicator (0.1/yr)
� Maximum by IEC61511
� Operator Error during filling (0.5/yr)
� 50 per year
� HEP 0.01 (from IEC61511)
� Operator Error before filling (0.5/yr)
� 500 per year
� Additional Checks
� HEP 0.001 (from IEC61511)
© ABB Inc. September 20, 2011 | Slide 7
What Safeguards are in Place?
� Alarms (PFD=0.1)
� Local Operator (PFD=0.5 – stressed)
� Ignition (Probability=0.1)
� Occupancy (Probability=0.05)
� Vulnerability (Probability=0.5)
© ABB Inc. September 20, 2011 | Slide 8
LILHHA
LHA
LIA
LHHH
Manual
ESD
TI
LHHA
LHA
LIA
Check for Dependent Failures?
� Failure of LI may prevent alarms from operating
� Double counted occupancy and an local operator
response
© ABB Inc. September 20, 2011 | Slide 9
LILHHA
LHA
LIA
LHHH
Manual
ESD
TI
LOPA SIL Calculation – Example Only
© ABB Inc. September 20, 2011 | Slide 10
Step 2 - Designed to meet the SIL
LevelSwitch
3 InletValves
Relay Logic
PFDavg = ½ * Σλd * Test Interval (in years)
For test interval of 3 months (0.25/yr)
PFDavg = ½ * 0.16 * 0.25 = 0.02
Equipment λd (failures/yr)
Level Switch 0.05 1 failure in 20 yrs
Relay Logic 0.01 1 failure in 100 yrs
Valves 3 * 0.033 = 0.1 1 failure in 30 yrs
Total 0.16
© ABB Inc. September 20, 2011 | Slide 11
(Target 0.02)
Step 3 – O&M to Continue to meet the SIL
© ABB Inc. September 20, 2011 | Slide 12
Gasoline Storage
© ABB Inc. September 20, 2011 | Slide 13
LILHHA
LHA
LIA
LHHH
E-Stop
Is this installation Safe ?
TI
Gasoline Storage
© ABB Inc. September 20, 2011 | Slide 14
LILHHA
LHA
LIA
LHHH
Manual
ESD
Is this installation Safe ?
TI
LOPA – What makes an Effective Risk Assessment
© ABB Inc. September 20, 2011 | Slide 15
LILHHA
LHA
LIA
LHHH
Manual
ESD
TI
� Good method to identify potential causes
� Where do the numbers come from
� Published values
� Operational experiences
Hazardous Event
� Test potential consequence
� VCE not thought credible
� Small release
� Confinement / weather
� Operation data indicates credible scenario
� Fill rates
� Likely duration
© ABB Inc. September 20, 2011 | Slide 16
Initiating Events
� Failure of Level Indication (0.1/yr)
� Actually failed 14 times in the last 4 months.
� No formal systems to record failure.
� Lack of Awareness of Potential Consequence
� Failure of control, generally leads to process alarms
� Bad Practices - Alarms or Fill Setpoints ?
© ABB Inc. September 20, 2011 | Slide 17
LHHA
LHA
LIA
LHHH
Manual
ESD
TI
LILHHA
LHA
LIA
Initiating Events
� Operator Errors
� HEP 0.01-0.0001 (trained, no stress)
� Under stress (0.5 – 1.0)
� ConsiderI.
� Only 1 screen available
� Limited information available
� Which lines flowing
� Flowrate
� Handover
� Operation Pressures
� Reality check against operation experience
© ABB Inc. September 20, 2011 | Slide 18
Protection Layers
� Alarms
� Need for independence
� Indication and filling stops
� Independent alarms
� HEP 0.1 – 1
� For 0.1 we must have
� Clear, identifiable alarm
� Time to respond
� Minimum 30 minutes for field actions
� Clear independent action
� No management of changes for settings
© ABB Inc. September 20, 2011 | Slide 19
Typical LOPA Improvements
� Level Indication
� Unacceptable failure frequency
� Automated stops
� Independent check
� Operating Procedures / Awareness
� Remove the practice to fill to alarms
� Improve filling visualization
� Alarms
� Need to be independent of the filling process
� Must be clear with independent action
� Alarm levels fixed based on maximum fill rate and time
to respond
© ABB Inc. September 20, 2011 | Slide 20
Summary
� Poor application of LOPA can lead to miscomprehension
that you have sufficient safeguards in-place to protect
against your potential hazardous events
� Operational experience should be used as a basis of
decisions
� Applying LOPA effectively should
� Identify weaknesses in your work processes
� Show if your perceived safeguards are adequate
� Identify improvements to reduce areas of higher risk
� LOPA is a good technique – provided it is applied correctly.
� Remember – This is only the first stage in the lifecycle
© ABB Inc. September 20, 2011 | Slide 21
© ABB Inc. September 20, 2011 | Slide 22