Emergency Shutdown System or ESD System

whatispiping.com/emergency-shutdown-system-or-esd

Anup Kumar Dey

An emergency shutdown system or

ESD system is a highly reliable control
system for providing a safety layer during
emergency situations. It helps to prevent
situations from having catastrophic impacts
economically, environmentally, or
operationally. Emergency Shutdown
Systems in any plant minimizes injury to
working personnel & the environment or
damage to equipment, by protecting against
leaks, hydrocarbon escape, fire outbreaks,
explosions, etc. The application of emergency shutdown systems has been substantiated
in the oilfields (oil well heads), Nuclear plants, oil and gas processing plants, steam and
gas turbine power plants, chemical & petrochemical plants, boilers, geothermal
industries, etc. During an emergency situation, the process operations are stopped by the
ESD system, therefore, isolating the hazard to escalate.

Functions of an Emergency Shutdown System

All emergency shutdown systems should always work at the back-end throughout the
plant operation as it is one of the main security systems. The major functions of an
emergency shutdown system are:

Shut down of the system or equipment during a critical situation

Isolate electrical equipment
Proper control of ventilation during an emergency
Stop or isolate hydrocarbon sources from potential hazard situations.
Blowdown and depressurization.
Prevent dangerous event escalation like prevention of ignition and explosion.
To protect personnel, asset, and the environment.

Note that critical situations may be triggered in any plant by various factors but
emergency shutdown systems should be able to handle those in an effective manner.

Emergency Shutdown system design considerations

The design of the Emergency Shutdown or ESD system shall take into account the needs
resulting from normal operation and shall also fulfill the requirements that may arise
during other possible (and likely to occur) abnormal or down-graded configurations.
Depending on the type of operating plant and functions, ESD system design will vary.
However, the below-listed issues shall be adequately addressed when relevant:

1/3
 Tripping or stopping a unit or equipment does not necessarily eliminate all sources
of hazards.
Due to the loss of essential utilities like air, essential power, hydraulics, etc. new
hazards can appear anytime. The emergency shut down system should be designed
to identify and mitigate or alarm regarding the risk of such hazards.
All operating configurations that the ESD system generates shall be stable, safe, and
reversible.
The ESD system shall be compatible with the re-start philosophy. The inevitable
inhibitions of the control and safety systems during the re-start sequence shall be
identified, and shall be limited in number, time, and duration.
ESD system design shall provide specific attention to non-routine operating
conditions, simultaneous operations, and down-graded situations.
Particular operating conditions may require a different shutdown logic than that, or
the combination of those, applicable under normal circumstances. For example, An
installation normally operates under different conditions, e.g. high, medium, or low
pressure. Each condition may require a different ESD logic, but the differences shall
be limited to process shutdowns. Emergency shutdowns shall result in the same
actions independent of the condition. Before switching over between different ESD
logics, the proper line-up of equipment and the status of valves need to be verified.
The Emergency Shutdown system shall be used to continuously monitor the safety
parameters of the plant and shall take actions to maintain the safety of the plants on
demand.
The ESD system diagnostics shall show the following minimum fault / healthy state
status but not limited to:
Circuit breakers tripped
Power feeders healthy
Fuse Failure
Power supply removed
CPU fault
Battery failure
Power supply failure
Communication Failure
Input/ Output Module failure
Input/ Output Module removed
Each channel failure
Panel internal temperature high
Others as supplied by the manufacturer.

Working of Emergency Shutdown System

An emergency shutdown system works by monitoring the plant condition using field
mounted sensors, valves, trip relays, and inputs to a control system as alarms. The control
system performs a cause and effect analysis of the above parameters to determine plant
health. The system will minimize the effects in case of abnormal behavior by reducing the

2/3
number of plant items available or shutting down part of the systems. For example, In
case of a fire hazard, a Fire Damper control system may override the existing controls to
open or close vents as needed, and close fire doors.

Normally, for plants, a shutdown matrix is defined. Three to four shutdown levels based
on decreasing criticality are decided and the complete plant is categorized. In the process
control system, various safety loops and devices are organized as complementary barriers.
For each installation an ESD/SD logic shall be defined covering all the installation and
represented in an ESD/SD logic diagram.

Components of an Emergency Shutdown System

The following components shall be part of an emergency shutdown system:

Dedicated Process Transmitters

Shut Down Valves, Normally Fail to Close Type
Logic Solver
Blowdown valves

Fig. 1 below shows a Typical Emergency Shutdown System in its basic form.

Fig. 1: Typical Emergency Shutdown System

3/3