JCCP SIS Training

Workshop
 C
Concept
t

Overall scope definition

HAZOP
Hazard and risk analysis

Overall safety LOPA

requirements

Triconex Logic
SIS design

Dynamic simulator
SIS Checkout
 1 HAZOP
1.
• HAZOP uses Brain
B i Storming
St i method.
th d
• Case: Furnace process (See P&ID)

<Step 1>
• Define the Node.
– Node1: Crude Line
– Node2: Fuel Gas Line
– Node3: Air Line
– N d 4 Combustion
Node4: C b i Gas G Line
Li
• Let’s talk about Node1: Crude Line.
1 HAZOP
1.
1 HAZOP
1.
 1 HAZOP
1.
<Step
St 2>2
• Imagine the situation which crude flow is lower
than normal
normal.
• Define the scenario as much as possible.
• Then,
Th d define
fi the
h following
f ll i things
hi f each
for h
scenario.
– What is the cause?
– What is the consequences?
– What is the safe guards?
• Write down to HAZOP sheet.
 1 HAZOP
1.
Example
Project JCCP Training Safety System
Unit Furnace
Node 1
Node 1 description Crude inlet line from crude pumps passing the foure crue lines in furnace to the distillation tower
Deviation Cause Consequnces Safegards
Low or No 1.1.1 Loss of crude oil pumps Crude oil high temperature, possible break in the pipes . Low flow trip FALL-101, 2oo3 high temperure trip TAHH-
flow Pool of crude oil in the furnace lead to a fire and possible 121(122/123/124) A/B/C. High temperature alarm
explosion TI141/142/143/144 TC 131 TI 311 Low flow alarm FI
TI141/142/143/144,TC-131,TI-311. FI-
101,FC-111/112/113/114. Pump trip alarm. Control loop
of TC-131/FC-201.
1.1.2 Failure close on control loop same as above Low flow trip FALL-101, 2oo3 high temperure trip TAHH-
FC-111/112/113/114 121(122/123/124) A/B/C. High temperature alarm
TI141/142/143/144,TC-131,TI-311. Control loop of TC-
131/FC-201.
113
1.1.3 Bl k
Blockage iin oilil liline same as above
b L fl
Low flow trip
t i FALL-101,
FALL 101 2oo3
2 3 high
hi h temperure
t trip
t i TAHH-
TAHH
121(122/123/124) A/B/C. High temperature alarm
TI141/142/143/144,TC-131,TI-311. Low flow alarm FC-
111/112/113/114. Control loop of TC-131/FC-201.
1.1.4 EV-101/102 fails close same as above same as above
 1 HAZOP
1.
<Step
S 3
3>
• Imagine crude flow high. And define the scenario,
then describe it’s cause, consequences and
safeguard same as low flow.
<Step 4>
• Define and describe the crude pressure and the
crude temperature same as the crude flow.
<Step 5>
• Define all Nodes.
 1 HAZOP
1.
<Practice>
• There are the HAZOP sheets but not completed
p
yet.
• Let
Let’ss try the HAZOP study.
study And finish it
it. (15min)

Team 1 & 2 ‐> Node 2 Fuel Gas Low flow

Team 3 & 4 ‐>> Node 3 Air Low flow
Team 5 & 6 ‐> Node 4 Combustion Gas Low flow
 2 LOPA
2.
• Layer Of Protection Analysis (LOPA)
• Case: Furnace Process (See P&ID, HAZOP)
 2 LOPA
2.
<Step 1>
<St
• “Safe guards” are needed in HAZOP study, then these might
be Safetyy Instrument Functions. ((SIF))
• Define all of the SIF.
– SIF‐01 Furnace Temperature High High
– SIF‐02 Combustion Air Flow Low Low
– SIF‐03 Loss of Flame
– SIF‐04
SIF 04 Furnace Pressure Low Low
– SIF‐05 Furnace Pressure High High
– SIF‐06 Fuel Gas Pressure High High
– SIF 07 C
SIF‐07 Crude
d FlFlow LLow Low
L
• Let’s talk about SIF‐01 Furnace Temperature High High.
 2 LOPA
2.
<Step 2>
• Impact Event Description (Column 1) and
Initiating Cause (Column 2) are copy and paste
from HAZOP.
HAZOP
 2 LOPA
2.
<Step 3>
• Define Initiating Likelihood (Column 3) for
each cause.
Equipment /Instrument Failure Frequency LOPA Entry
Control System 1 in every 10 years 1.00E-01
Valve 1 in every 10 years 1 00E 01
1.00E-01
Blockage 1 in every 10 years 1.00E-01
Pump Failure 1 in every 10 years 1.00E-01
Fan Faliure 1 in every 10 years 1.00E-01
Instrument Failure 1 in every 10 years 1.00E-01
 2 LOPA
2.
<Step 4>
• Select Safety Category (Column 7).
LOPA Entry Target Frequency LOPA Entry Safety
1 1.00E-01 1 in every 10 years None None / MTI (Medical Treatment
Only - Return to work)

2 1.00E-02 1 in every 100 years Minor Injury LTI (Lost Time Injury) absence
of less than 6 weeks

3 1.00E-03 1 in every 1,000 years LTI LTI absence of more than 6

weeks

4 1.00E-04 1 in every 10,000 years Serious Injury Permanent Disability

5 1.00E-05 1 in every 100,000 years Single Fatality

6 1 00E-06
1.00E-06 1 in every 1
1,000,000
000 000 years Multiple Fatalities Single Fatality (between 1-3
13
fatalities)
 2 LOPA
2.
<Step 5>
• Define Layers
y of Protection (Column
( 7a – 7e))
• Define Failure Frequencies for each Layers of
Protection using following guidelines.
guidelines
– Basic Process control Failure: 1 in 10 years
– Alarm & Operator Response Failure: 1 in 10
– Other SIF Failure (Additional mitigation): 1 in 100
– Safety
f Device Failure
l (ex
( Pressure reliefl f Valve):
l ) 1
in 100
 2 LOPA
2.
<Step 6>
• Define the Occupancy (Column 9) around the area.
• Define Occupancy, possibility of Ignition, and Fatality.
– Occupancy: Percentage of time the exposed area is
occupied during a normal working period. Ex. 2hr per 1Day
= 2/24=0.08.
– Possibility
P ibilit off Ignition:
I iti a high
hi h probability
b bilit off catching
t hi a fire
fi
is 0.5, Rupture or explosion is 1.0
– Fatality: No.
No of people present when the area exposed to
the hazard is occupied.
 2 LOPA
2.
<Step 7>
• Define all causes for SIF.
• Finallyy yyou can find out the required
q Safetyy Integrity
g y
Level. (SIL)
Column8=Column3*Column(7a*7b*7c*7d*7e)
( )
PFD(probability of failure on demand)=Column7/(Column8*Column9)
Summary of PFD PFD=1/(sum
1/(sum of (1/each event PFD))
Safety integrity level Average probabliy of failure to perform its design
(SIL) function on demand
4 <10‐5 to < 10‐4
3 < 10‐4 to < 10‐3
2 < 10‐33 to < 10‐22
1 < 10‐2 to < 10‐1
 2 LOPA
2.
• This is example.
1/(1/1.25*10‐1+ 1/1.25*10‐1 +1/2.5+1/3.13)
=5.98*10‐2 ‐> SIL1

1.25*10‐1

* ‐11
1.25*10

25
2.5

3 13
3.13
 2 LOPA
2.
<Practice>
• There are the LOPA sheets but not completed
p yet.
y
• Let’s try to finish the LOPA. (15min)

Team 1 & 2 ‐> SIF‐02 Combustion Air Flow Low Low

Team 3 & 4 ‐> SIF‐03 Loss of flame
Team 5 & 6 ‐>> SIF‐04
SIF 04 Furnace Pressure Low Low
 3 Logic Development
3.
• Develop the logic using TriStation.
• Reference: Cause & Effect Matrix
• There is the logic, but not completed yet.
 3 Logic Development
3.
• 3.1 How to use TriStation
– In case of changing
g g from 1oo1 to 2oo3 ((Sheet 2))
– Use Function Block
– Connect the line
– Change the value
 3 Logic Development
3.
• 3.2 Practice
– Correct the logic
g refer to cause & effect. (15min)
( )
– 1oo1 to 2oo3 (Sheet 3)
– 1oo2 to 2oo2 (Sheet 6)
– Set point change (Sheet 9)
• 3.3 Compile & Save
 4 ESD Control Checkout
4.
Now We discussed as “Safety”
Safety and made a emergency
shutdown logic by Triconex emulator (Tristation)

Does it function really correctly?

• ESD has to work properly in the case of accident.

• The
Th checkout
h k t off ESD llogic
i iis very iimportant.
t t
• However what checkout procedure is most
appropriate?
Off course,, we cannot test the emergency
g y operation
p
intentionally in actual plant.
 4 ESD Control Checkout
4.
““Integration test with
h Virtuall Plant”
l ” by
b using
dynamic simulation technology would be one of
the
h suitable
bl procedure
d ffor ESD logic
l checkout.
h k
The newest procedure of ESD logic checkout!

Virtual Plant model is made by dynamic simulator

Invensys Systems, Inc. “SimSci‐Esscor Dynsim”
 4 ESD Control Checkout
4.
• Validation of HAZOP
– If ESD logic
g does not work,, what happen?
pp
• Validation of ESD Logic
– Integration
I i Tristation‐Dynsim
Ti i D i
– Let’s checkout your logic!
• Re‐examination of HAZOP
– “Not
Not A Hazards Possible loss of production “ is
true? Check FC‐114 Fail open.
 4 ESD Control Checkout
4.
• What do you think this Furnace flow?
– Is it perfect? Are some insufficient?
– What would you like to change?

 By integrating with dynamic simulation,

simulation we can checkout
whether ESD works properly at the early engineering phase
without actual p
plant operation.
p
 If the designed ESD logic is not appropriate or includes miss‐
programming parts,
parts we can modify it and confirm the results
instantly by the simulation again.
 Mechanical design such as valve,
valve measurement device etc
etc.
are also able to be validate simultaneously.
 4 3 2 1

TI
311 339℃

XI
EV EV FA FI 311
D 101 102 101 101
FC
111 O2
3%
TI TI TI
D
121A 121B 121C
116 m3/h TA TA TA
Crude Pump
121A 121B 121C
340℃
FC MIN.
464 m3/h
112 TI TI TI TI
220℃
141 122A 122B 122C
116 m3/h
TA TA TA
122A 122B 122C
340℃
MIN.
FC
TI
113 TI TI TI
142
123A 123B 123C
116 m3/h
TA TA TA
123A 123B 123C
340℃
MIN.
FC
TI
114 TI TI TI
143
124A 124B 124C
C 116 m3/h
TA TA TA
C
124A 124B 124C
PA 340℃
401A MIN.
TI
PA 144
401B

PA
401C XA
401A
-0.08 kPa-G MEDIAN Frame Detector
PC XA To Topper
401 401B
Frame Detector 340℃
TC
131
EV EV FC 18.4 kPa-G
201 202 201
PA PI
3995 kg/h 201 201

Fuel Gas
F
B B
Methane 29.2%
Propane 41.1%
Butane 26.4%
N2 2.2% 63℃ -1.2 kPa-G
H2O 1.1% TI PI
321 321

ATM

322℃

FA TI
301 301
FC
301 M

Air

56,300 Nm3/h

A M
A

Forced Draft Fan Induced Draft Fan Furnace

800,000Nm3/h×900m 90,000Nm3/h×900m 1500m3, 2Pass

AMB.Temp. 120deg(max) Press: -1.0 to +2.0 kPa-G

4 3 2 1
 4 3 2 1

TI
311 339℃

XI
EV EV FA FI 311
D 101 102 101 101
FC
111 O2
3%
TI TI TI
D
121A 121B 121C
116 m3/h TA TA TA
Crude Pump
121A 121B 121C
340℃
FC MIN.
464 m3/h
112 TI TI TI TI
220℃
141 122A 122B 122C
116 m3/h
TA TA TA
122A 122B 122C
340℃
MIN.
FC
TI
113 TI TI TI
142
123A 123B 123C
116 m3/h
TA TA TA
123A 123B 123C
340℃
MIN.
FC
TI
114 TI TI TI
143
124A 124B 124C
C 116 m3/h
TA TA TA
C
124A 124B 124C
PA 340℃
401A MIN.
TI
PA 144
401B

PA
401C XA
401A
-0.08 kPa-G MEDIAN Frame Detector
PC XA To Topper
401 401B
Frame Detector 340℃
TC
131
EV EV FC 18.4 kPa-G
201 201 201
PA PI
3995 kg/h 201 201

Fuel Gas
F
B B
Methane 29.2%
Propane 41.1%
Butane 26.4%
N2 2.2% 63℃ -1.2 kPa-G
H2O 1.1% TI PI
321 321

ATM

322℃

FA TI
301 301
FC
301 M

Air

56,300 Nm3/h

A M
A

Forced Draft Fan Induced Draft Fan Furnace

800,000Nm3/h×900m 90,000Nm3/h×900m 1500m3, 2Pass

AMB.Temp. 120deg(max) Press: -1.0 to +2.0 kPa-G

4 3 2 1