Storage Tank SIL Selection and Verification Spreadsheet Designed by Kenexis Consulting Corporation 2929 Kenny Rd Suite 225 Columbus OH 43221 USA www.kenexis.com
[email protected] This document was prepared using best effort. The authors make no warranty of any kind and shall not be liable in any event for incidental or consequential damages in connection with the application of the document.
This document may be circulated for distribution, but it may not be circulated as part of a commercial product under any circumstances. IT IS CRITICAL THAT THE FAILURE RATES USED IN THIS SPREADSHEET BE REVIEWED AND CONFIRMED (OR REVISED) TO ACCOUNT FOR YOUR OWN FACILITY. THIS CAN BE DONE THROUGH REVIEWING INDUSTRY/LOCATION SPECIFIC INFORMATION, EQUIPMENT VENDOR DATA, LOCAL MAINTENANCE RECORDS, OR OTHER METHODS. IF THIS IS NOT DONE THE RESULTS WILL NOT NECESSARILY REFLECT THE RISK REDUCTION ACHIEVED AT YOUR SITE! Instructions on Using the Spreadsheet The purpose of the spreadsheet is to assist in SIL Selection and SIL Verification for a high-high storage tank level safety function. Each safety function should be analyzed using its own spreadsheet. This spreadsheet should ONLY be used for simple functions whose SIL target is 2 or less. Complex functions can't be handled by this spreadsheet; a safety specialist should be consulted. SIL Selection must be conducted with a multidisciplinary team including a representative from process engineering, instrumentation, operations and specialists as required. It should be the same kind of team normally used for a PHA. Review the accompanying presentation that further discusses related aspects of safety engineering. Read the information in the "Usage Notes" tab of this spreadsheet.
The team should start at the "SIL Selection" tab and describe the function, hazard the function is intended to prevent, and consequences. The spreadsheet has capability for three different initiating events. All initiating events and protection layers should be identified, then check the RRF Required and SIL Rating for the function. In general, purple spreadsheet cells are user entered and light brown spreadsheet fields are automatically calculated by the spreadsheet. You can click the in-spreadsheet links that are in underlined blue text to get more information on the item in question. On the "SIL Verification" tab enter the equipment details for the function. REVIEW THE FAILURE DATA to be sure it matches your site experience. Failure rate data can be modified on the "Data" tab. If your equipment is not listed you can enter a custom equipment and failure rate on the "Data" tab. Review and print the "SIL Assumptions" tab to make sure that the relevant assumptions are being used on your function. Verify the RRF Achieved is greater than or equal to the RRF Required, and also make sure each equipment subsystem's fault tolerance requirements are satisfied. Complete and print the report cover letter that should have come with this spreadsheet. Keep documentation that justifies failure rate information, initiating event frequencies and protection layer risk reduction factors.
STEP 1: Provide Safety Function background, Hazard Prevented, Consequence and TMEL:
In general, the purple spreadsheet fields are user entered and the light brown spreadsheet fields are calculated by the spre Service Safety Instrumented Function (SIF) Description Hazard Prevented
Tank #219, West Facility High-High Storage Tank Level closes tank inlet valve High-high tank level could result in overfilling of tank with petrol, which could result in loss of containment. Loss of containment with continued filling could result in large cloud of flammables, which if ignited could result in fire or explosion.
Consequence
Fire or explosion could result in multiple injuries to on-site and possibly off-site personnel. High (potential life-threatening injury)
Consequence Rating
0.00001 100,000
TMEL Equivalent, per year: Event period (==1/TMEL), years: STEP 2: Initiating Events and Protection Layers Initiating Event #1: Description Frequency Frequency, in years
Operator error during filling process (wrong setpoint) Medium (once per ten years) 0.1
Independent Protection Layer (IPL) for Initiating Event #1: Description IPL RRF Operator Intervention BPCS (Control Loop) Occupancy (
