Professional Documents
Culture Documents
Lifecycle
The next step is to identify risk scenarios for areas of concern, which
will define what type of hazard detection may be needed. This
includes identifying the potential sources of released hazardous mate-
rial as well as the flammable and toxic hazards associated with those
sources.
7
8 Performance-based Fire and Gas Systems Engineering Handbook
3 ͻ Analyze Consequences
For each hazard scenario, the next step is to analyze the consequences
that may occur as the result of the hazardous event. Consequences can
include hydrocarbon fires, combustible gas cloud formation and igni-
tion, or toxic gas dispersion. Analyzing the consequences includes
determining the possible impact on people and the plant in the event
the consequences were to occur. As the consequences increase in
severity, a correspondingly higher level of FGS performance would be
specified.
If the assessment of the hazard and risk determines that the unmiti-
gated risk is tolerable, then no FGS would be considered to be
“required.” Implementing an FGS would be “optional” in this case
unless otherwise dictated by legal or good practice requirements.
However, if the unmitigated risk is not tolerable, then the FGS design
should proceed to the next step of the safety lifecycle, which is identi-
fying risk reduction requirements for the FGS. These requirements
define the necessary performance of an FGS in terms of detector cover-
age, a measure of the ability of an FGS to detect a fire or gas cloud, as
well as safety availability. The performance requirements will drive
the equipment needs, voting schemes for the system, the placement of
detectors, and the testing and maintenance of the FGS.
The next step is to develop an initial FGS design. The benefit of the
designer’s experience is not discounted in the ISA technical report and
it should not be ignored. The initial selection and layout of FGS detec-
tors should use heuristics from experienced engineers based on the
type of process equipment, the type of facility, and how the various
pieces of process equipment are laid out. The initial design can use
heuristics and rules of thumb similar to prescriptive methods, but it
will also use a trial-and-error approach to achieve sufficient perfor-
mance of the system. The key step advocated by ISA-TR84.00.07 is that
the initial design is verified by rigorous detector coverage mapping and
safety availability assessment.
After the initial design is laid out, detector coverage is assessed. The
suitability of detector type and layout, in terms of how much coverage
a detector array can achieve, is specifically calculated instead of simply
looking at rules of thumb as the final arbiter on where equipment
should be placed. The detector coverage is analyzed in a quantitative
manner and this usually necessitates the use of sophisticated, comput-
10 Performance-based Fire and Gas Systems Engineering Handbook
It is not appropriate to use the ISA lifecycle as a precise flow chart for
executing a full engineering project, as it was never intended for that
purpose. Therefore, the safety lifecycle shown in figure 2-1, and as pre-
Chapter 2 – Lifecycle 11
Identify Requirement
for FGS
Design Specification
Management of Change
Modify Design
(if required)
The typical work flow begins with identifying the requirement for
the FGS. An evaluation of the need for an FGS might be prompted by
any of the following:
• Regulatory requirements
The next step in the work flow is to define the hazard zones. An FGS
often monitors multiple hazards in distinct and separate zones which
are geographically limited. Zones are defined with regard to specific
FGS actions that need to be taken and hazards that are present within a
certain area. Zone definition aids in identifying and analyzing perfor-
mance requirements that are aligned with the hazards within a specific
Chapter 2 – Lifecycle 13
After the performance targets have been specified, the designer should
select an initial FGS design and then verify that those performance
targets have been achieved. The first step in verification is to verify
detector coverage using quantitative models to calculate the coverage
that is achievable in a zone. This is done by modeling the proposed
layout of detectors and comparing that value against the target cover-
age. The second step is to verify the safety availability of the FGS func-
tions. This is accomplished by using reliability engineering methods
defined in IEC 61511 and ANSI/ISA-84.00.01 standards. The best
resource for the techniques and tools for safety availability calcula-
tions is the ISA technical report on SIL verification: ISA-TR84.00.02
Parts 1-5, Safety Instrumented Functions (SIF) – Safety Integrity Level (SIL)
Evaluation Techniques.
After the performance of the FGS design has been verified, the next
step in the work flow is to create the design specification, the concep-
tual design of the FGS. This design will be contained in a set of FGS
Requirements Specification documents, similar to a safety requirement
specification (SRS) for a traditional SIS. The specification should
include detector placement drawings, FGS cause and effect diagrams,
and general requirements for the FGS, including proper equipment
configuration, system response to fault conditions, and human
machine interface (HMI) requirements.
After the FGS has been specified, the detailed engineering com-
mences. This step includes many work tasks, most of which are not
uncommon to any instrumentation and control engineering project.
The detail designers develop loop diagrams, cable schedules, and pro-
grammable logic controller (PLC) programs. Cabinets are designed
and instruments are procured. The control system equipment is then
assembled and configured at the vendor’s factory. Procedures must be
developed for operating and maintaining the FGS, including testing
procedures and other preventive maintenance tasks. Detailed FGS
engineering concludes with a factory acceptance test (FAT) that veri-
fies the functionality of the FGS logic. Throughout this step, it is
important to conform to the FGS Requirements Specification devel-
oped in the conceptual design.
After the SAT, the system is turned over to site operations and main-
tenance for day-to-day use. Normal operations and maintenance
include simple things such as responding to alarms, responding to sys-
tem fault alarms, periodic function testing, and preventive mainte-
nance tasks. The maintenance tasks ensure that the specified FGS level
of performance will be achieved throughout the lifecycle of the facility.