You are on page 1of 48


Introduction Configuration Specification Codes & Standards

Flaring of hydrocarbons causes damage to the environment and the CO2 production is not in line with the Kyoto Protocol

HIPPS prevent over-pressurization by shutting down the source of the high pressure.

A mechanical and electrical safety instrumented system (SIS)

designed to prevent over-pressurization of a plant with isolating downstream (Piping & Pressure Vessels) from over pressure

HIPPS closes the source of over-pressure as fast as possible (within 2 seconds) with at least the same reliability as a safety relief valve

When extremely high pressure and/or flow rate are involved When Sizing of relief device is difficult to define or inadequate due to chemical reactions or multiphase fluids On existing systems in order to avoid replacement of flare system when adding new units

Reduces relief load by reducing frequency of overpressure events Reduces frequency that multiple relief devices will operate simultaneously Provide protection when a pressure relief device is ineffective

HIPPS are more complex, requiring many components to work as designed Redundancy, inspection and proof test requirements increase long term operation and maintenance costs

Pressure Range 1480-15000 psi Temperature Ambient Valve sizes 2-52 inches

The HIPPS system is based on

Three pressure transmitters


A logic solver Two shutdown valves

(Final Elements)

Logic Solver Initiators

Final Elements

Logic solver

To providing the safety assurance of a pressuresensitive environment Noise reduction Velocity management

An overall HIPPS loop requirement


Manifolds Logic Solver HIPPS Ball Valves Actuators Solenoid valves Communication and sequence of event registration Plant Resource Manager


T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4

T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4

T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4

Process Resource Management


T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4 T E XT 1 T E XT 2 T E XT 3 T E XT 4

Sequence of event

Communication Logic solver

Matrix interface

Fail safe outputs

Digital inputs Resets

Analog inputs voting




Manifolds for the transmitters have to provide the necessary double block and bleed interlocking 2oo3 arrangement specially for HIPPS

Pressure Measurement Component

To meet over pressure at least in a single instrument in SIL2 loop or two transmitters in SIL3 Loop

Used to detect high pressure The pressure sensing initiators should be electronic pressure transmitters Two wire 4-20 mA Mounted on an Interlock Manifold Wired to separate card in the logic solver

Most HIPPS applications require 1oo2, 2oo2 or 2oo3 voting transmitters on all field inputs

The 2oo3 voting logic is generally implemented in the logic solver

Reduces the probability to fail on demand (PFD) for the field inputs Decrease common cause faults, such as plugged process taps

Two methods of process measurement:


Tradition method After evolution method

Traditionally, variables were monitored using discrete switches as the input sensor to the safety instrumented systems (SIS)

Switches used for three reasons:

Relay systems and early PLCs processed discrete signal much easier than analog signals Switches were usually less expensive than analog transmitters

The evolution has made it easy to use analog PV inputs Transmitters can be continuously monitored A single transmitter providing multiple levels of trip/alarm functions (i.e., low, high and highhigh level) can replace multiple switches

Determines the proper steps to make changes to the final element

The logic solver hardware must be designed to meet the assigned SIL3 as provided in IEC 61508 and IEC 61511 It can be Relays or PLC The system consist of a Central Processing Unit (CPU) and fail-safe redundant I/O

IEC 61511 covers the application of electrical, electronic and programmable electronic equip This standard defines the functional safety requirements established by IEC 61508 in process industry sector

Defines functional safety as: part of the overall safety relating to the EUC (Equipment Under Control)

The EUC control system which depends on the correct functioning of the E/E/PE safetyrelated systems Other technology safety-related systems and external risk reduction facilities

All safety communication between the control unit and the associated I/O cards must be redundant Control Cabinet can be supplied suitable for hazardous area installation in EEx-d enclosure IP-66 or for safe area installation in standard 19 rack cabinet IP-54


4 or 3 certification Inherently Fail-Safe Zone2 applications Very high mechanical and electrical robustness High temperature range Very low power consumption Very long technical life span (>30y) Test intervals many years Event Recorder (1ms resolution)

Based on the ANSI/ISA S84.01, IEC 61508, and IEC 61511 the safety logic must be independent from the basic process control system logic

Independence of the safety logic reduces the probability of loss of the basic control system hardware functioning  Independence also reduces the possibility of inadvertent changes to the HIPPS safety functionality occured during modification of basic process control functions

Performs the necessary steps to bring the process back to a safe state of being Includes the valve, actuator and solenoids

Generally have a quick quarter-turn on/off ability Generally have a soft seating Generally have blow-out proof stems with radial operation

Should be two components, because the single component will not support the safety requirements (series and parallel components) Designed to be opened against full differential pressure, so that there is no need for a bypass arrangement for pressurization and start-up as typically the case with ball valves

Safety Integrity Level (SIL)

(in many HIPPS Systems SIL3)

Process Safety Time (PST) Probability of Failure on Demand (PFD) Safe Failure Fraction (SFF) Hardware Fault Tolerance (HFT) Risk Reduction Factor (RRF)

The metric for measuring the performance of a safety function is called the average Probability of failure on demand (or PFDavg) and this correlates to the SIL level as follows
PFD=1/2 ( PT ) T= Test Interval P= Failur Rate

The relationship between the SIL, RRF and PFD

IEC 61508: Functional Safety of Electrical/Electronic/Programmable Electronic Safety Related System IEC 61511: Functional Safety: safety instrumented systems for the process industry sector ANSI/ISA S84.01, Application of Safety Instrumented Systems for the Process Industries

ASME Code Case 2211 API 521


alternatives in the design of overpressure protection systems. These alternatives revolve around the use of an instrumented system that exceeds the protection provided by a pressure relief valve and flare system you need a pressure relief device for any scenario, it must be sized for the worst case no pressure relief device is installed, the MAWP (Maximum Allowable Working Pressure) of the vessel must be greater than the highest pressure reasonably expected



Applies to flare load and header sizing


evaluation of relief loads based on credible overpressure scenarios  requires sizing the main flare header for the worst case relieving scenario (involving the simultaneous venting of all affected vessels)

Recommends use of HIPPS only when the use of pressure relief device is impractical

A guide for plant engineers in the design, installation, and operation of pressurerelieving and depressuring systems Suggests solutions to the immediate design and economic and safety problems involved in pressure relieving discharge systems Includes a new section on flare gas recovery

General description of the process to be protected General description of how HIPPS is integrated into the process and other safety systems The required SIL level of the loop

Specification of the system response time Detailed specification of the final element (shut-off valve) describing materials, design standards, actuator sizing/integration, details of the instrumentation such as solenoids and actuator

Detailed specification of the pressure transmitters and their safety aspects Detailed specification of the controller including the required logging, test buttons, and communication to other controllers like the DCS

Components tests and integrated factory acceptance test (FAT) requirements for the complete system Documentation requirements that may include procedures and checklists for the site acceptance test (SAT) and proof testing of the system


go shopping for bargains when you want to realize a HIPPS solution.

for the balanced solution for both functional and safety requirements. Be sure there is sole responsibility for your total loop and be sure this is a competent person or company.