This action might not be possible to undo. Are you sure you want to continue?
4 Layer of Protection
Layers of Protections in Process Plant
EMERGENCY RESPONSE CONTAINMENT RELIEF Strength in Reserve
A U T O M A T I O N
• BPCS - Basic process control • Alarms - draw attention • SIS - Safety interlock system to stop/start equipment • Relief - Prevent excessive pressure • Containment - Prevent materials from reaching, workers, community or environment • Emergency Response evacuation, fire fighting, health care, etc.
The First 4 Layers are part of the Process Plant System
SAFETY STRENGTH IN DEPTH !
Seriousness of event
RELIEF SYSTEM SAFETY INTERLOCK SYSTEM ALARM SYSTEM BASIC PROCESS CONTROL SYSTEM Divert material safely Stop the operation of part of process
Bring unusual situation to attention of a person in the plant
Closed-loop control to maintain process within acceptable operating region
Four independent protection layers (IPL)
1. Basic process Control System (BPCS)
• Technology - Multiple PIDs, cascade, feedforward, etc. Always control unstable variables (Examples ) Always control “quick” safety related variables - Stable variables that tend to change quickly (Examples?) Monitor variables that change very slowly - Corrosion, erosion, build up of materials Provide safe response to critical instrumentation failures - But, we use instrumentation in the BPCS?
override/select control Multivariable – multi-loop – Decoupling – Multivariable control 5 .Control Strategy Feedback Control – Single-loop feedback Overcoming disturbances – Cascade – Feed forward – Ratio Constraints – Split-range.
Actuator 6 .Typical Control Loop Actuator System F1 T1 F2 T2 Sensor System Controller TC TT T F Major components .Controller .Cables .Sensor & Transmitter .
7 . With cascade level controller. changes in downstream pressure disturb the tank level.Level Control on a Tank Ordinary Feedback Control Lsp Fin Fout LC LT LC LT FT Cascade Control Lsp Fin Fout RSP FC Without a cascade level controller. changes in downstream pressure will be absorbed by the flow controller before they can significantly affect tank level because the flow controller responds faster to this disturbance than the tank level process.
Level Control: Feedback vs feedforward Feedback To Steam Users LC LT Feedforward To Steam Users FT FF LT Make-up Water Make-up Water Feedback-only must absorb the variations in steam usage by feedback action only. 8 . Feedforward-only handle variation in steam usage but small errors in metering will eventually empty or fill the tank.
Level Control: Feedforward-Feedback To Steam Users + FT LC LT FF Make-up Water Combined feedforward and feedback has best features of both controllers. 9 .
Split Range Control: Another Example Signal to Control Valve (%) FC FT FT FC Smaller Valve Total Flowrate Larger Valve Sometimes a single flow control loop cannot provide accurate flow metering over the full range of operation. both valve are open. 10 • . At large flow rates. the large valve is closed and the small valve provides accurate flow control. Split range flow control uses two flow controllers • • One with a small control valve and one with a large control valve At low flow rates.
01 Therefore. for accurate pH control for a wide range of flow rates for acid wastewater.004 0. a split range flow controller for the NaOH is required. 11 pH .002 0.008 Base to Acid Ratio 0.006 0.Titration Curve for a Strong Acid-Strong Base System 14 12 10 8 6 4 2 0 0 0.
Override/Select control uses select action to switch between manipulated variables using the same control objective.Override/Select Control Override/Select control uses LS and HS action to change which controller is applied to the manipulated variable. 12 .
Furnace Tube Temperature Constraint Control TC TT RSP FC FT Fuel Flue Gas Process Fluid LS TC TT 13 .
Column Flooding Constraint Control DPC LS AC RSP FC FT AT Lower value of flowrate is selected to avoid column flooding 14 .
To increase safety when using dangerously high reactor temperature. use of multiple sensors and select most conservative value ! Controller output Cold feed > TY Selects the largest of all inputs T1 T2 > TC Measured value to PID controller TY 15 .
internal reflux etc) Advanced Control – – – – Inferential control Predictive control Adaptive control Multivariable control 16 . reboiler duty.g. split-range. override control Feedforward and Ratio Control Computed Control (e.Summary of Control Strategies Feedback Control Enhancement of single-loop Feedback control – Cascade.
• Digital computer stores a record of recent alarms • Alarms should catch sensor failures .No action is automated! .A plant operator must decide. Alarms that require actions by a Person • Alarm has an anunciator and visual indication .2.But. sensors are used to measure variables for alarm checking? 17 .
example: One plant had 17 alarms/h .2. action required = Loss of RM..MEDIUM .Easy to include.LOW = Hazard to people or equip. incorrect) fix to prevent repeat of safety incident . close monitoring required = investigate when time available 18 . simple (perhaps.operator acted on only 8% • Establish and observe clear priority ranking .HIGH . Alarms that require actions by a Person • Common error is to design too many alarms .
Can stop potentially hazardous process.3. e.g.We must be able to start up and shut down . Safety Interlock System (SIS) • Automatic action usually stops part of plant operation to achieve safe conditions . combustion Capacity of the alternative process must be for “worst case” SIS prevents “unusual” situations .Can divert flow to containment or disposal ..More aggressive than process control (BPCS) Alarm to operator when an SIS takes action 19 • • • • .Very fast “blips” might not be significant Extreme corrective action is required and automated .
then. If L123 < L123min.Example The automation strategy is usually simple. for example. reduce fuel to zero steam PC LC How do we automate this SIS when PC is adjusting the valve? water fuel 20 .
3. reduce fuel to zero LS = level switch. Safety Interlock System If L123 < L123min. then. note that separate sensor is used s = solenoid valve (open/closed) PC LC LS s fc = fail closed 15 psig steam s water fuel fc fc Extra valve with tight shutoff 21 .
Shown as “box” in drawing with details elsewhere SIS 100 s 22 .. any one of which could activate the SIS If L123 < L123min. or If T105 > T105max …….SIS: Another Example The automation strategy may involve several variables. then. reduce fuel to zero L123 T105 ….
False shutdown s T100 Better performance.5 x 10-6 23 . e.5 x 10-6 2. instrument failure. but can shutdown the plant for false reasons.. more expensive T100 T101 T102 Same variable. multiple sensors! 1 out of 1 must indicate failure Failure on demand 5 x 10-3 5 x 10-3 2 out of 3 must indicate failure s 2.SIS: measurement redundancy • The SIF saves us from hazards.g.
sensors SIS and Alarms associated with SIS 24 i/o i/o BPCS and Alarms . sensors SIS system i/o …………. without common-cause failures .Separate systems Digital control system i/o ………….SIS & DCS • We desire independent protection layers.
compliance with governmental code 25 . equipment protection. reduced insurance. Safety Relief System Overpressure – Increase in pressure can lead to rupture of vessel or pipe and release of toxic or flammable material Underpressure – Also. environmental protection.4. we must protect against unexpected vacuum! Relief systems provide an exit path for fluid – Benefits: safety.
4. Safety Relief System • • • Entirely self-contained.Prevent high (over-) pressure . goal is to achieve reasonable pressure .Prevent low (under-) pressure • The capacity should be for the “worst case” scenario 26 .does not require a person Usually. no external power required The action is automatic .
liquid systems Safety Valve .gas and vapor systems including steam Safety Relief Valve . Safety Relief System • • • • • • • No external power required self actuating .liquid and/or vapor systems Pressure of protected system can exceed the set pressure. Process 27 .4.pressure of process provides needed force! Valve close when pressure returns to acceptable value Relief Valve .
Safety Relief System Rupture Disk • • • No external power required self acting Rupture disk / burst diaphragm must be replaced after opening . Process To effluent handling 28 .4.
In some cases. relief valve and diaphragm are used in series – WHY? • What is the advantage of two in series? • Why not have two relief valves (diaphragms) in series? Why is the pressure indicator provided? Is it local or remotely displayed? Why? 29 .
because we do not have to respond immediately to a failed disk . The valve closes when the pressure returns below the set value. relief valve and diaphragm are used in series – WHY? Why is the pressure indicator provided? If the pressure increases. • What is the advantage of two in series? The disc protects the valve from corrosive or sticky material. the disk has a leak and should be replaced. 30 . Is it local or remotely displayed? Why? The display is local to reduce cost.the situation is not hazardous.In some cases.
We should also protect against excessive vacuum overpressure underpressure This example uses buckling pins 31 .
Location of Relief System Identify potential for damage due to high (or low) pressure (HAZOP Study) In general. control valve (even fail open). when all other safety systems have not been adequate and a fast response is required! 32 . blockage of line Remember. closed volume with ANY potential for pressure increase – may have exit path that should not be closed but could be – hand valve. this is the last resort.
Flash Drum Example .
LET’S CONSIDER A FLASH DRUM Is this process safe and ready to operate? Is the design completed? F1 T 5 34 .
Basic Process Control System Where could we use BPCS in the flash process? F1 35 .
The level is unstable.The pressure will change quickly and affect safety. it must be controlled. it must be controlled. F1 36 .
Alarms Where could we use alarms in the flash process? F1 37 .
The pressure affects safety. add a high alarm PAH F1 A low level could damage the pump. a high level could allow liquid in the vapor line. LAH LAL Too much light key could result in a large economic loss AAH 38 .
Safety Relief System Add relief to the following system F1 39 .
We would like to recover without shutdown. pressure relief is required. F1 40 . we select a relief valve.The drum can be isolated with the control valves.
End of Topic 1.4 41 .
This action might not be possible to undo. Are you sure you want to continue?