Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
Critical Analysis of Design Criteria and Reliability Of Safety Instrumented System (Sis) For Offshore Oil & Gas Production Platforms In India

Critical Analysis of Design Criteria and Reliability Of Safety Instrumented System (Sis) For Offshore Oil & Gas Production Platforms In India

Ratings: (0)|Views: 113 |Likes:
Published by ijcsis
In this paper observed that there is a growing need in offshore oil & gas industry to gain insight into the significant aspects and parameters of safety instrumented systems so as to manage the process in a more reliable and safer manner. The diversity of issues and the use of different subsystems demand a multidisciplinary team with expertise in process, instrumentation, control, safety, maintenance, reliability and management to develop the basis for the design, implementation, and maintenance and successfully design Criteria and Reliability of Safety Instrumented System for Offshore Oil & Gas Production Platform in India.
In this paper observed that there is a growing need in offshore oil & gas industry to gain insight into the significant aspects and parameters of safety instrumented systems so as to manage the process in a more reliable and safer manner. The diversity of issues and the use of different subsystems demand a multidisciplinary team with expertise in process, instrumentation, control, safety, maintenance, reliability and management to develop the basis for the design, implementation, and maintenance and successfully design Criteria and Reliability of Safety Instrumented System for Offshore Oil & Gas Production Platform in India.

More info:

Published by: ijcsis on Oct 12, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/13/2013

pdf

text

original

 
Critical Analysis of Design Criteria And Reliability Of SafetyInstrumented System (Sis) For Offshore Oil & Gas ProductionPlatforms In India
Rakesh Sethi
1
, Manjeet Patterh
2
 
1
Superintending Engineer ONGC Research scholar Punjabi university Patiala, India
2
Director, University College of Engineering Punjabi University Patiala, India
ABSTRACT
In this paper observed that there is a growing need in offshoreoil & gas industry to gain insight into the significant aspectsand parameters of safety instrumented systems so as tomanage the process in a more reliable and safer manner. Thediversity of issues and the use of different subsystems demanda multidisciplinary team with expertise in process,instrumentation, control, safety, maintenance, reliability andmanagement to develop the basis for the design,implementation, and maintenance and successfully designCriteria and Reliability of Safety Instrumented System for Offshore Oil & Gas Production Platform in India.Keywords: safety Instrumented System, Offshore Oil and GasIndustry.
I. INTRODUCTION
As hydrocarbon demand continues to rise, oil and gascompanies are forced to explore and exploit at increased water depths, in harsher environments and to handle fluids at higher  pressures and temperatures. Offshore process, well-head flowlines, risers, sub-sea pipelines and plant structures areincreasing in complexity, warranting more reliable andeffective methods of risk assessment and mitigationtechniques with minimum possible cost. As a part of overallrisk management policy, E&P (Exploration and Production)companies use a variety of safeguards or protection layers toreduce the risk to the tolerable level.They are devices, systems or actions that are capableof preventing a scenario from proceeding to an undesiredconsequence. e.g. inherently safe design features, physical protection such as relief devices, post-release physical protection such as fire suppression systems, plant &community emergency response plan, Basic Process ControlSystem (BPCS) and Safety Instrumented System (SIS). SafetyInstrumented Systems are probably one of the most importantrisk reduction and mitigation measures.Safety Instrumented System (SIS) is a highly reliablesystem of interconnected sensors, final elements and logicmeant to fulfill the intended safeguarding functions of theconcerned process. Purpose of the SIS is to take the process toa safe state when predetermined conditions are violated suchas set points for pressure, temperature or any other process parameter. It consists of the instrumentation or controls thatare installed for the purpose of identification and mitigation of  process hazards.Fig: Definition of safety Instrumented SystemTo maintain a safe state of process, safety instrumentedfunctions are implemented in SIS and each safetyinstrumented function is assigned a target safety integrity level(SIL).SIL is a measure of system reliability in terms of  probability of failure of SIS on demand [1]. It is a way toindicate the tolerable failure rate of a particular safety functionor in other words, the level of performance needed to achievethe user’s process safety objective. Worldwide, within theregulatory framework of country and self defined acceptablerisk criteria; companies use various methodologies todetermine target SIL for safety instrumented functions of SIS.Methodologies used for determining SIL include, but notlimited to modified HAZOP (Hazard & Operability), risk graph, risk matrix, safety layer matrix, layer of protectionanalysis (LOPA), fault tree analysis (FTA) and MarkovAnalysis.Following table shows the relationship betweenaverage probability of failure on demand (PFDavg.),availability of the safety system, risk reduction and the SILlevels [2].USER INTERFACEBASIC PROCESSCONTROL SYSTEMFISENSORSELEMENTS FINAL
 
LOGIC
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 9, September 2011131http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
SafetyIntegrityLevel (SIL)Availability PFDavg. Risk Reduction4
0.9999 to0.9999910
-4
to 10
- 5
10
4
to 10
5
 3
 
0.9990 to0.9999010
-3
to 10
- 4
10
3
to 10
4
 2
0.9900 to0.9990010
-2
to 10
- 3
10
2
to 10
3
 1 0.9000 to0.9900010
-1
to 10
- 2
10
1
to 10
2
 
Safety integrity level (SIL) can be considered as a statisticalrepresentation of reliability and availability of safetyinstrumented system (SIS) at the time of process demand anddesign of SIS plays a major role in it.
II. SIS DESIGN CONSIDERATIONS
Old offshore oil & gas installations in India are designed onthe basis of recommended practices mentioned in API RP14C[3], API RP14G [4] and API 14J [5]. When theserecommended practices were developed, safety systems were pneumatic or relay based and offshore processes wererelatively simple. Time has changed, and so has our need for the right tools. Present requirement is programmable logiccontrollers with more and more complex logic and standardslike IEC 61511 or ANSI ISA S-84 are more relevant for instrumentation of offshore safety . Recommended practiceslike RP14C were conceived to lower risk associated with personal injury only. They were created to address“dangerous” failures and are not concerned with “safe”failures because they don’t lead to personnel injury. Presentday safety systems are more integrated with overall risk management of the companies. They are created to minimizedangerous failures, but they also recognize that some safefailures (nuisance trips) are responsible for unnecessarydowntime and revenue loss. This increases safety as well as profitability but also calls for “measurable” performancelevels for a safety system and provides requirements for evaluating the performance of a safety system. The ability toestablish measurable performance levels allows to lower risk to an acceptable level [6].Design of a SIS starts with Safety Life Cycle which covers allthe SIS activities, right from initial conception todecommissioning, such as:
 
Performing conceptual process design
 
Performing Process Hazard Analysis & Risk Assessment
 
Defining non-SIS protection layers
 
Defining the need for an SIS
 
Determining required Safety Integrity LevelISA and IEC standards are based on the concept of safety lifecycle, though there may be points where iterations arenecessary.Following are the some of design considerations, combinationof which is used to meet the desired SIL of a SIS [7] .
A. Separation – Identical or Diverse
Separation between BPCS and SIS functions reduces the probability that both control and safety functions becomeunavailable at the same time, or that inadvertent changesaffect the safety functions of the SIS. Therefore, it is generallynecessary to provide separation between the BPCS and SISfunctions.Separation between the SIS and BPCS may be identical or diverse. Identical separation would mean using the sametechnology for both the BPCS and SIS whereas diverseseparation would mean using different technologies for thesame or different manufacturer.Compared with identical separation, which helps againstrandom failures, diverse separation offers the additional benefit of reducing the probability of systematic faults and of reducing common cause failures.Identical separation between the SIS and BPCS may havesome advantages in design and maintenance because itreduces the likelihood of maintenance errors. This is particularly the case if diverse components are to be selected,which have not been used before within the user’sorganization.Following are the areas where separation between SIS andBPCS is needed to meet the safety functionality and safetyintegrity requirements:-
 
Field sensors
 
Final control elements
 
Logic solver 
 
Wiring
 
Communications between BPCS and SISIdentical separation between SIS and BPCS is generallyacceptable for SIL1 and SIL2 applications although thesources and effects of common cause failures should beconsidered and their likelihood reduced. For SIL3 safetyinstrumented functions, diverse separation is typically used tomeet the required safety integrity.On de-energize to trip systems, it is generally not necessary toseparate the signals between the BPCS and SIS fieldinstruments. This means the signals wires may be shared in acommon multi-conductor cable and terminated in a commonterminal box. Only for SIL1 application, use of singlesensor/control valve is allowed, provided the safety integrityrequirements are met.There may be special case where it is not possible to provideseparation between BPCS and SIS (e.g., a gas turbine controlsystem includes both control and safety functions). Additional
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 9, September 2011132http://sites.google.com/site/ijcsis/ISSN 1947-5500
 
considerations are required when combining control andsafety functions in the same device. e.g.
 
Evaluation of the failure of common components andsoftware and their impact on SIS performance.
 
Limiting access to the programming or configurationfunctions of the system.
B. Redundancy – Identical or Diverse
Redundancy can be applied to provide enhanced safetyintegrity or improved fault tolerance. The designer shoulddetermine the redundancy requirements that achieve the SILand reliability requirements for all components of the SISincluding sensors, logic solver and final control elements. It isapplicable to both hardware and software. Diverse redundancyuses different technology, design, manufacture, software,firmware etc. to reduce the influence of common cause faults.Diverse technology should be used if it is required to meet theSIL. Diverse technology should not be used where itsapplication can result in the use of lower reliabilitycomponents that will not meet system reliability requirements.Some of the measures that can be used to achieve diverseredundancy are as follows:-
 
The use of different measurement technologies of thesame variable (e.g. displacer and differential pressurelevel transmitter)
 
The use of different measurements (e.g. pressure andtemperature) when there is a known relationship between them
 
The use of geographic diversity (e.g. alternate routesfor redundant communications media)
 
The use of different types of PES for each channel of redundant architecture
C. Architecture
Selection of the SIS architecture is an activity performedduring the conceptual design step of safety life cycle. Thearchitecture has a major impact on the overall safety integrityand reliability of SIS. Some of the activities involved indetermining the SIS architecture are as follows:-
 
Selection of energize to trip or de-energize to tripdesign
 
Selection of redundancy for power sources and SIS power supplies
 
Selection of operator interface components (e.g.CRT, alarm annunciator, push-buttons) and their method of interconnection to the SIS
 
Selection of data communication interface betweenSIS and other subsystems ( e.g. BPCS) and their method of communication ( e.g. read only or read/write)Let us take an example. To meet the SIL3 requirements, SISmay include two separate and diverse 1oo1 (1 out of 1)arrangements, each with their own sensor, logic solver andfinal control element. The 1oo1 arrangements would beconnected in a 1oo2 voting scheme. Diverse separation,redundancy and exhaustive diagnostic capabilities areconsidered significant aspects of a SIL3 systems.
D.SIS Management of Change (MOC)
The objective is to ensure that the MOC requirements areaddressed in any changes made to an operating SIS. It requiresa written procedure, which shall be in place to initiate,document, review, approve and implement any changes to anoperating SIS. MOC procedure shall ensure that the followingconsiderations are addressed prior to any change:-
 
The technical basis and impact of proposed changeon safety and health
 
Authorization requirements for the proposed change
 
Availability of memory space and effect on responsetime
 
On-line versus off-line change
 
Modification for operating proceduresSafety integrity level is also affected by the following parameters:-
 
Device integrity (i.e. failure rate and failure mode)
 
Functional testing interval ( i.e. at a specific timeinterval, testing is performed to determine that thedevice can achieve the failsafe condition)
 
Diagnostic coverage (i.e. automatic, on-line testing of various failure modes of a device)
III. ROLE OF QUANTITATIVE RELIABILITYANALYSIS
Terms such as safety, reliability and availability are in acertain way connected with each other. In fact, varioustechniques that are applied in the field of reliabilityengineering are also applied for the determination of safetyintegrity levels. To prevent abnormal operating conditionsfrom developing into an accident, high reliability of SIS isvery important. Reliability and availability of SIS is linked tothe estimation and evaluation of failure rates, failure modesand common cause failures of its components. Quantitativereliability analysis of safety instrumented systems represents asystematic tool for design optimization so as to strike a balance of safety, production, availability and cost. To perform the reliability calculations and to quantify the results,reliability data related to SIS subsystems is required. There aremany sources of required reliability data e.g. end user (E&Pcompanies) maintenance records, documented reliabilitystudies, manufacturer data and public available data likeOREDA (Offshore Reliability Database) or WOAD(Worldwide Offshore Accident Database) which are used for SIL determination and SIS design. Although generic data
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 9, September 2011133http://sites.google.com/site/ijcsis/ISSN 1947-5500

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->