You are on page 1of 9




Bavumon, Mohamed Baheer ,Student ID - 51553532


Equipment failure, operator error or environmental conditions may led to an increase in
pressure , temperature or liquid level in the vessel/ process system , when these parameters
exceeds the safe working level of the system, there is a chance for the pipelines, vessels
and/or other components to rapture and release the process fluid/other flammable chemicals.
This may lead to huge accident with high consequences. So it is very important to identify the
possible relief scenarios of process system at the design stage itself and add all possible layer
of protection to avoid the same.
Some of the possible cause of relief includes,

Heating up of the vessel, this may be due to some external fire or any other possible
source of heat radiation on to the vessel surface. When vessel gets hated up the
flammable hydrocarbon in the pressurised vessel gets vapoured and thus leads to an
increase in pressure in the vessel.


Operator error, it basically includes the failure in valve operation. Improper opening
or closure of value may lead to ,
1. If any valve in the liquid outlet line (upstream or downstream to pump P-101)
system is closed, the liquid level in the vessel will be increase this will lead to
the overpressure in the vessel and other associated components.
2. If the valve in the vapour outlet line is closed, the gas flowing out gets blocked
and thus leads to an increase in pressure in the vessel.

Instrumentation and valve failure, this includes the failure in the automatics control
systems or the valves itself got stuck. There are many possible ways , which include ,
1. If the level control valve (LCV-1) fails or the level indicator controller (LIC)
fails, i.e., either the level of the liquid in the vessel rise up (if LCV-1 stuck
closed) leading to the entry of the liquid into the vapour/gas line or more
amount of liquid gets out of the vessel (valve openings not controlled), which
may lead to the entry of the hydrocarbon gas into the outlet line causing
cavitation in pump,P-101.
2. If the temperature control valve (TCV-1) or the temperature indicator
controller (TIC) fails, i.e., the steam flow in the line got stuck (TCV-1 stuck
closed) leading to the decrease in the rate of vaporisation of the hydrocarbon
liquid due to insufficient heat .This can lead to a increase in the hydrocarbon
liquid level and causes same as the LCV-1 stuck close.
3. The failure of pressure control valve can be of,
a. PCV-2 stuck close, restricting the out flow of the hydrocarbon gas
from the vessel. This will lead to an increase in pressure in the vessel.
b. The pressure indicator controller (PIC) fails, so that PCV-2 remains
closed/open lead to an increase /decrease of pressure within the vessel.

Equipment failure, this includes the failure of the pumps and the pipe rapture. With
failure of the pump,P-101 the liquid outlet line gets stuck , leading to the increase in
the level of the liquid in the vessel and causes same as the LCV-1 stuck close. The
pipe rapture can be due to the external fire or due to the overpressure within the line.


Utility failure, this include the failure of electric power, instrument air etc.
1. The electric failure will lead to the failure of the pump, instrumentation ands
the motor operated valves .If there is local power failure in which a single
component or system is effected the consequences will same as those
discussed above. But if there is a total power failure there is a possible chance
of double jeopardy.
2. The failure in supply of instrument air will lead to the failure of the all
controllers and transmitters and pressure regulating valves.

Uncontrolled chemical reaction, this may be due to water, contaminants or other

chemicals. Some exothermic chemical reactions lead to high rate of vaporisation of
the liquid and thus pressurising the system.

Double Jeopardy means if two or more events can be related to a common cause, the
combined effect is considered as a relief scenario. An example for the possible
scenario of for the given system is the total power failure to the entire system will lead
to the stoppage of the feeding of the liquid into the vessel and at the same time the
liquid taken out will also be stopped. But there is possible chance for the TCV-1 to be
in open position which will allow the steam to flow and thus resulting in an increase
in temperature of the liquid in the vessel and thus leading to over pressure. At the
same time the operating position of the PCVs will also have an impact on the
pressure in the vessel.


Layers of Protection Analysis

Layers of protection analysis (LOPA), is a simplified form of risk assessment with some
standard rules for the assessment. In LOPA there are many different types of Independent
protection layers (IPL) to determine an approximation of the risk scenario. The figure, Fig-01
below illustrates the different layers of protection briefly.

Fig-01: Independent layers in Layers of Protection

The layer of protection analysis for the given system include,

Process Design and Basic Process Control Systems

The process design is the inherent safer design to eliminate the failure. The basic
process control system includes the normal control systems that are designed to
maintain the process in safe operating region. For the given system the basic control
devices like LCV, PCV, TCV, etc are include to assure the safe operation at normal
operating condition. But the given system may operate at normal working condition,
but when it comes to some unusual conditions, more inherent safety equipments or
instruments must be added to improve system safety/reliability. This include
1. Add a check valve at the upstream of both the pumps, to prevent the back flow
and other related consequences.


2. By pass system with a double block valves and a bleed valve for each control
valve will help in the maintenance of the valves without shut down.

Critical Alarms and Operator Response

The alarm system, with the intervention of operator in repose to the alarm can be used
as the second layer of protection. Generally the alarm system must be set to operate
the alarm at four different level i.e., level alarm high (LAH) and level alarm
low(LAL) which helps to have the operators attention for the intervention and the
high high level (HH) and low low level (LL) to initiate the emergency shutdown or
process shutdown to operate automatically. The operators must be well trained to
understand the meaning of each alarm signal and the possible action to be taken out to
control the system.
For the given system, different alarm should be added to improve the safety, which
1. An alarm system to indicate the level of the hydrocarbon liquid in the vessel.
2. An alarm system for indicating the temperature of the hydrocarbon liquid.
The alarm levels for temperature sensors include temperature alarm high
(TAH) and temperature alarm low (TAL).
3. An alarm system to indicate the pressure in the vessel. The alarm levels for
pressure sensors include pressure alarm high (PAH) and pressure alarm low

Automatic Safety Instrumented System

A safety instrumented system is a combination of sensors, logic solver, and final
elements with a specified safety integrity level that detects an out-of-limit (abnormal)
condition and brings the process to a functionally safe state. Basically these system
works with respect to the HH and LL alarm levels as motioned above , i.e. the
response scenario will be at the extreme condition and the resulting action will be
shut down.
For the given system the addition of Emergency shutdown valve (ESDV) at the
upstream of the feeding pump, P- 100 will be best possible and cost effective way for
shutting down the process system at the time of emergency. This ESDV is operated
with respect to the control signals from the level sensors.


Physical protection Relief devices

This layer of protection in a combination of active protection (relief valve, rupture
disc etc...) and the passive protection (insulation).Automatic deluge systems, foam
systems, or gas detection systems, etc can also be include under this layer of
For the given system a relief valve is provided as an active protection system, this
relief valve operates at pressure just above the maximum allowable working pressure
(MAWP) .If the pressure keeps on increasing there will be requirement for the more
amount of gas to be taken out. This can be achieved by adding a second relief valve in
parallel to the first one and its operating pressure should be higher than the first one
and also lower than the design pressure. In the given system the relief valve is kept
open to the atmosphere, which is not a safe design. The gas coming out of the relief
valve should be directed to the flare. Finally addition of a manual gate valve at
upstream and downstream of the relief will be helpful for the maintenance of the relief
A blow down valve (BDV) should be added to the vessel, to improve the safety of the
system at extreme pressure condition.
Providing proper layer of insulation to the outer surface of the vessel and the pipe
lines is the best passive layer of protection against the external fire or any other source
of heat radiation.
A gas detection system should be provided to indicate the level of hydrocarbon in the
surrounding atmosphere. It also helps in detecting any possible gas leakage within the
Another layer of protection of the system from the fire is Automatic deluge systems,
foam systems. They help in setting down the fire and also in cooling down the vessel,
thus eliminating the possible ways of thermal expansion and over pressure.

Plant emergency response

Plant emergency response is a protection layer which is usually activated after the
initial release, it include basic fire protection devises manually operated at the time of
fire , to protect the staff and the utilities within the plant. This response depends on
lots of variables like time delay etc... which are undetermined.


Community emergency response

Community emergency response include temporary refuge and other evacuation
procedures in the plant to safe guard the workers within the plant.
Both the plant emergency response and the community emergency response cannot
be considered as indented protection layer

as both are activated after the initial

release. But for considering the system/plant and workers safety as a whole these two
should be considered.

There are many possible relief scenarios for the given system which are discussed above. But
the maximum relief load is expected with the impact of the external fire on the vessel and
other components. At the same time probability of that event to happen is very low. Some of
the other possible scenarios are much likely to happen within the process but their
consequence is less. So while considering the overall risk each case is having its on important
in safe and reliable operation of the system.
The best possible layers of protections as discussed above will definitely help to improve the
safety and reliability of the system. But to attain the best result out of the system with all
mentioned layers of protection, the system components or equipments should be well
maintained. Each component should undergo periodic maintenance and since the system is
pressurised proper inspection must be carried out for all joints.
There can be more layers of protection to the system, like rapture disc at relief, flow control
valve to control the feeding rate of fluid, double block and bleed valve as a single unit etc.. ,
these being very expensive are not considered here. A stand by arrangement for both the
pumps will be as best arrangement, which helps in maintenance of the pumps and also the
failure of a pump wont be interrupt the process system. All these further recommendations
can only be implied after a cost effective analysis of the impact of these add-ons on the
process system.


API Standard 521, Sixth edition, JANUARY 2014: Pressure-relieving and

Depressuring Systems
Centre of Chemical Process Safety , 2001 : Layer of Protection Analysis: Simplified
Process Risk Assessment