SHORT COURSE FOR INDUSTRY Recent and historical incidents have highlighted the importance of having a clear understanding of the principles of process safety management throughout an organisation. This must include staff at all levels from board members through engineers and other technical staff to plant and shift managers and supervisors. This intensive course covers the safety engineering fundamentals and aims to provide a core understanding for analysing and mitigating process safety hazards during design and operation of oil and gas facilities. Learning outcome • Get involved in safety reviews such as HAZOP, HAZID, design and constructability reviews • Understanding of hazards faced in industry and prevention and mitigation strategies • Understand the key process safety requirements at each stage in the life cycle of process plant from conceptual design through to operation, maintenance and modification Who will benefit • Managers, Supervisors, Engineers, Safety Personnel, and others involved in the design • Operators and Maintenance Personnel of major process plant • Graduates and Chemical Engineers interested in developing a career in Technical Safety • Anyone who would like to develop an understanding of Technical Safety Engineering Cost 1500GHC including VAT , discounts of 5% available if company books more than one person. Course will take place at Royal Nick Hotel, Tema. http://www.royalnickhotel.com Dates will be confirmed when numbers are sufficient to hold course. To take part please send mail to
[email protected]
FUNDAMENTALS OF PROCESS SAFETY ( Technical Safety) Fundamentals of Process Safety Course Outline Day 1 – Morning Session : Introduction To Technical Safety, Legislation, Past Incidents, Risk Management, & Process Safety Common Hazards Afternoon session – Hazard Identification focusing on HAZOP, HAZID, Human Factors, Plant Layout And Equipment Spacing & BOWTIES, Day 2 – Morning Session : Hazard Assessment focusing on Quantitative Risk Assessment, Layers Of Protection Analysis, Dropped Object Studies, Consequence Modeling, Ship Impact Studies, Flare Radiation Modeling, Explosion Modeling Afternoon session – Hazard Mitigation focusing on Fire Protection (active & passive),F&G Detection , Safety Instruments Systems, ESD, Hazardous Area classification, Flare, Ignition Control, Drainage, HVAC, Overpressure Protection, Maintenance – SCE Performance Standards & Emergency Response Day 3 – Morning Session : Inherent Safety Principles, Technical Integrity, Safety Cases, Management of Change , Process Safety Indicators, BP , SHELL, TOTAL & WOODSIDE Technical Safety Process Afternoon session – Case Study – BP Texas Refinery Explosion Course Review and Summary Course Director – Mrs Ella Tieku is a seasoned Technical Safety Engineer with working experience obtained working on projects with SHELL, WOODSIDE, BP, TULLOW and TOTAL. She has over 12 years in the Oil & Gas Industry working on various projects including the SHELL BONGA project, TULLOW Jubilee Project. She is a graduate of University of Bradford, UK and holds an MEng in Chemical Engineering and also the NEBOSH General and Oil & Gas Certificate. She is also the Executive Director of SHEQ Foundation.
EVERYONE IS RESPONSIBLE FOR SAFETY In the oil industry EVERYONE is responsible for safety From the lab technician to the cleaner to the managing director • Nobody wants to be involved with a major accident • Nobody wants to see their fellow coworkers injured or killed as a result of their work • Nobody wants to see their jobs or business destroyed
2
TWO ASPECTS OF SAFETY There are two aspects of safety • Process Safety • Personal Safety
Process Safety: Process safety hazards can give rise to major accidents involving the release of potentially flammable, reactive, explosive or toxic materials, the release of energy (such as fires and explosions), or both. These are events that have the potential to lead to multiple fatalities and/or major environmental damage. Process safety management ensures there are Adequate Barriers to MAE’s.
Personal Safety: Incidents that have the potential to injure one person and generally occur due to individual work habits. Occupational incidents – slips/trips/falls, struck-by incidents, physical strains, electrocution. Generally OHS are avoided by wearing PPEs & following procedures.
An effective personal safety management system DOES NOT prevent major accidents events!
PROCESS SAFETY VS PERSONAL SAFETY
4
PROCESS SAFETY VS PERSONAL SAFETY PROCESS SAFETY
PERSONAL SAFETY
5
FEYZIN – FRANCE, 1966 • Draining operation valves freezes • Release from a propane sphere •
Ignition source: car engine
• Flash fire, jet fire and BLEVE of adjacent spheres, fireball • 18 dead, 81 injured • Minor damage to buildings within 400 m
6
FLIXBOROUGH, ENGLAND 1974 • Accident occurred on June 1, 1974 • A vapor cloud explosion destroyed the Nypro cyclohexane oxidation plant • 28 fatalities • Deficient Management of Change procedure
7
MEXICO CITY 1984 • Marketing terminal owned by Pemex • LPG explosion caused by leak at a marketing terminal pipeline that was fed from distant source allowing major VCE. • Numerous BLEVE’s. • Over 650 fatalities, most of which were in the neighboring communities from shrapnel.
8
BHOPAL 1984 • Pesticide plant owned by Union Carbide. • Methyl isocyanate release from a 15,000 gallon intermediate product storage tank following water ingress to the tank. • Over 2000 immediate casualties; 100,000 injuries. • Significant damage to livestock and crops. • Long-term health effects difficult to evaluate. • It is estimated that as of 1994 upwards of 50,000 people remained partially or totally disabled. • Plant closed. 9
PIPER ALPHA 1988, UK • Operated by Occidental Petroleum • Located in North Sea, generated almost 10 percent of UK oil revenues • 226 people on the structure • Maintenance work being performed • On July 6, 1988, platform burned to the sea, killing 167 people, including two attempting rescue • Generated significant regulatory response, including extensive requirements for “Safety Cases” in the UK
10
PHILIPS , PASADENA, TEXAS 1989 • Phillips Petroleum, Petrochemical plant (ethylene) • A seal blew out on an ethylene loop reactor, releasing ethylene-isobutane, a compound used in making plastics. • A massive unconfined vapor cloud explosion and fire resulted. • 23 fatalities, 132 injuries • Deficient contractor safety guidelines (unaware of the design of the valve on the reactor and unsupervised as they made live repairs. • As a result a chair was established at Texas A&M starting the Mary K. O’Connor process safety center. 11
BP TEXAS CITY, 2005 BP Refinery • March 23, 2005 • Vapor Cloud Explosion. • 15 Fatalities, ~200 injuries. • Overpressure wave broke windows >5 miles. • Included multiple PSM gaps in mechanical integrity, PSI, design data, MOC, facility siting, incident investigation, PHA, auditing, & PSSR
12
BUNCEFIELD 2005 • Failure of overfill detection •
Spill of 300 tons during 25 minutes
•
Ignition of cloud at firefighting pumps ⇒
• Devastating explosion • 43 minor injuries, major environmental pollution, 630 businesses affected
13
IOC OIL DEPOT, JAIPUR, INDIA ON 29 OCT.2009 • The fire broke out when petrol was being transferred from the depot to a pipeline and soon got out of control. A leak in the pipeline is suspected to have started the incident. • 12+ people died. • 150+ injured. • More than 8,000,000 liters petroleum products burnt. • Environmental impact, beyond imagination!
14
INCIDENTS THAT DEFINE PROCESS SAFETY
15
PSM REGULATION FROM THE UK AND USA SEVESO II (COMAH) UK Process Description Surrounding Environment Management System Policy Organisation Processes Risk Assessment Permit To Work Moc Performance Measurement Audit & Review Major Hazard Identification Major Hazard Risk Assessment Safety & Environment Demonstration Of: Prevention Control Mitigation Emergency Response Plans Onsite & Offsite Safety Report
OSHA 1910.119 (USA)
SAFETY CASE (UK)
Employee Participation Training Process Hazard Analysis Mechanical Integrity Process Safety Information Operating Procedures Hot Work Permit Management Of Change Pre Start-up Review Emergency Planning & Response Incident Investigation Contractors Compliance Audits Trade Secrets
Platform Description Reservoir Description Management System Policy Organisation Processes Risk Assessment Permit To Work Moc Performance Measurement Audit & Review Major Hazard Identification Major Hazard Risk Assessment Demonstration Of: Prevention Control Mitigation Evacuation Rescue & Recovery Safety Case
Does this look familiar? How do these compare? Differences? 16
OSHA PSM ELEMENTS OSHA 1910.119 (USA)
Employee Participation Training - BP Texas Refinery fire Process Hazard Analysis Mechanical Integrity -Humber Refinery—Catastrophic Failure of De-Ethanizer Overhead Pipe Process Safety Information Operating Procedures - Feyzin LPG Disaster Hot Work Permit - Piper Alpha Management Of Change - Flixborough Pre Start-up Review – BP Texas Refinery fire Emergency Planning & Response – Piper Alpha Incident Investigation Contractors Compliance Audits Trade Secrets 17
PROCESS SAFETY COMMON HAZARDS • • • • • • • • • • • • • • •
Spec breaks at the wrong location Material of construction not specified for minimum temperatures expected Not meeting code requirement for area Wrong piping and fittings Tanks and Vessels Not Meeting Regulatory Requirements Sizing Secondary Containment Improperly Equipment Not Spaced Properly Forgetting Buried Lines at Production Facilities Not Installing any measures for Corrosion Control High temperature weakening, particularly with plastic construction materials High stress due to dilatation or bad supporting Corrosion (uniform, Pitting, Crevice, Stress Cracking, Galvanic) Equipment Ageing Erosion of internals due to sand or high velocities of the fluid 18 Runaway reactions
TYPES OF RISK EXPOSURES R i s k a n d U n c e r t a i n ty i n B u s i n e s s
B u s in e s s R is k s ( M a n a g e m e n t S c ie n c e s ) S o c ia l
C h a n g e s in c o n s u m e r ta s te s L a b o u r u n re s t P r o d u c tio n
C h a n g e in u n e x p e c te d c o s t s R e s tr ic tio n s o n s u p p ly o f r a w m a te r ia l s M a rk e tin g
L o s s o f m a rk e ts to c o m p e tito r s
E c o n o m ic
In fla tio n M o n e ta r y a n d fis c a l p o lic y
P u re R is k s ( R is k M a n a g e m e n t ) P e rs o n a l
D e a th S ic k n e s s
P o litic a l
N a tu r e
W ar P o litic a l u n r e s t
F lo o d in g E a r t h q u a k e , . ..
F in a n c ia l
B a d d e b ts
S o c ia l D e v ia tio n s
F ra u d T h e ft
M a jo r A c c id e n t E v e n ts
B r e a k d o w n o f p la n t E x p l o s i o n , f i r e , t o x ic e m i s s i o n
M a jo r R is k s
L a c k o f k n o w le d g e U n e fo r e s e e n s n a g s in n e w p r o c e s s e s
19
RISK MANAGEMENT • Just like in industrial investment, risk management is a project requiring resources and resulting in a Return of Investment being the avoidance of loss and the improved reliability/operability of process units Risk Management required:
But there are some constraints…
• To make a safe and reliable plant
• Budget limitations
• No accidents with damage to people or assets
• Lack of resources • Time constraints
• No spills with damage to environment
• Lack of knowledge
• No business interruption accidents
• Lack of information 20
WHY IS RISK MANAGEMENT REQUIRED ?
• Accidents can often be avoided by sound risk management • Studies have proven that the confidence of the stakeholders is proportional to their belief in the companies capability to manage the risks • Ignorance is not tolerated anymore as « just another point of view » • Risk management is a legal obligation • For pure economical reasons : managing risk = managing a profitable and sustainable business 21
WHY DO WE SOMETIMES AVOID RISK MANAGEMENT
• Risk Management can be frustrating: – Uncertainty is inherent to risk. Risk Management is management of uncertainties. Investing in risk management does not guarantee that no accidents will happen. – If no accidents happen the efforts will be seen as a waste of time and money. It is only when the accident happens that it becomes obvious how you could have avoided it.
• In particular when you will remain in place for a short period of time it is attractive to take the risk and to boost the short term financial profits.
22
RISK MANAGEMENT HIERARCHY
23
HOW RISK IS MANAGED
PRE-EVENT
EMERGENCY RESPONSE
POST-EVENT MAH EVENT
CAUSE
SEVERITY
CONSEQUENCE
MUSTER, EVACUATION & ESCAPE
RESCUE & RECOVERY
Initiating Events Gradual Deterioration Mechanical Failure Accidental Overload Extreme Conditions Human Error
ELIMINATE PREVENT
Shaping Factors Release (size, ...) Ignition (delayed, …) Explosion (strength, …) Energy Detection Success
DETECT & CONTROL
Mitigating Factors Environmental Conditions Manning Escalation Impairment Human Factors
MITIGATE
Success Factors Procedural Arrangements Drills & Training Lifesaving Equipment Rescue & Recovery Arrangements
RESCUE
CRITICAL MEASURES (PEOPLE, PROCESSES & PLANT)
Reducing Effectiveness 24
RISK MANAGEMENT PROCESS – SUMMARY QUANTITATIVE
Risk Management Process HAZARD IDENTIFICATION [HAZOP][HAZID][LAYOUT REVIEW] [BOWTIE][ FMEA] [HRA]
HAZARD ASSESSMENT [[FRA][EETRA][QRA][ALARP][DO][LOPA]
Sources of Information Legislation & Regulations International Codes & Standards, Industry Standards, Company Standards
HAZARD MITIGATION [F&G][[IGNCONTROL][AFP][PFP][BLOWDOWN][FLARE] [DOP]
New/ Major Facilities Brownfield / Sites Safety Cases, Hazard Registers, Site Standards, Procedures, PTW HSE Bulletins, Toolbox meetings
Task Risk Assessment -Qualitative Health Risk Assessment
Workgroup Non-Routine Activity Inspection checklists, Induction handbooks, Incident Report feedback, Job Start meetings
Risk Potential Matrix
Routine Activity by Individuals and Workgroups
25
QUALITATIVE
END OF MORNING SECTION DAY 1
We Have Looked At Introduction To Technical Safety, Legislation, Past Incidents, Process Safety Common Hazards And Concept Of Risk Management.
26
HAZARD IDENTIFICATION – HAZID 1
27
HAZARD IDENTIFICATION – HAZID 2
28
HAZARD IDENTIFICATION – HAZID 3 SAMPLE HAZID Checklist • Lifting/tugging operations & dropped object or released energy • Marine vessel collision, including 3rd party or loss of stability • Helicopter, crane, vehicle collision • Structural failure (including seismic) • Gas/air pressure release • Process upset, (flow – no, more, less, reverse, misrouted; pressure, high / low / surge / vacuum; temperature, high/low; composition, other), startup/shutdown, HP/LP interface • Process/pipeline/well loss of containment • Process start-up/shutdown, maintenance, isolation • H2S/toxic-vapours/asphyxiation • Other loss of containment (including fluids mis-routed & venting) • Ignition/fire/explosion causes, consequences, escalation • Thermal radiation, hot surfaces, extreme cold • Ionising radiation • Electrical • Helicopter transit • Noise • Chemical/Dust exposure • Ground disturbance/collapse • Environmental release/spill/discharge/venting/disposal hazards • Slips, trips, and falls from height • Machinery/rotating equipment/missiles/vibration • Adverse weather
29
HAZARD IDENTIFICATION – HAZOP 1 REQUIREMENTS
NODES
HAZOP Team Process description
PID
Documentation
DEVIATION
Likely
Report
Unlikely
Very unlikely
Extremely unlikely
Remote
Moderate
RECOMMENDATIONS
Serious
Major
Catastrophic
Disastrous
CAUSES
POTENTIAL RISK
RESIDUAL RISK
UNDESIRED EVENT EFFECTS
IMPACT
SAFEGUARDS 30
HAZARD IDENTIFICATION – HAZOP 2 Preparation for HAZOP process design
chemistry
S o ft w a te r
V e n t
2 ”
E m e rg e n c y
A V 1
v e n t
1 0 0 %
0
H S
6 0 0 m m Ø
%
F T
F A L
F I
P la n t a ir s u p p ly
D ry
a ir A c r y la m id e S to ra g e M ixe r T a n k T I
L A L
E le c t r ic a l
L SH
h e a te r A ir d r ie r
T o
P u m p
p r e p a r a t io n
p la n t
F Q L T P a c k a g e
C O
M
B
U S T IB L E
L I
P a c k a g e
IN E R T
A V 2 W T T
T T
T A H
P I W
2 ”
F L A M
M
A
W
B L E
a te r
a te r A V 3
V e n t to
F i lt e r
a tm o s p h e re C o n tro l u n it
R A
N G E
N R V V e n t S o ft W T o
U F L
a te r
d r a in
S e a l p o t
A d d it iv e
L F L 0
% 1 0 0 %
0
% A c r y la m id e
D e liv e r y
H o s e
T ru c k
O X ID A N T
substance properties
equipment design
operating procedures 31
a te r
A ir
HAZARD IDENTIFICATION – HAZOP 3 The team investigates process parameters deviations
32
HAZARD IDENTIFICATION – HAZOP 4 SOME TYPICAL CAUSES IDENTIFIED DURING HAZOPS • HIGH TEMPERATURE due to Control failure Cooling failure External fire •
LOW TEMPERATURE due to External temperature (icing, plugging) Sudden depressurisation of liquefied gases
•
HIGH LEVEL and OVERFLOW due to Control failure Outlet isolated or blocked
•
OVERPRESSURE due to Control failure Cooling failure (distillation condenser) Overheating (external fire, ambient temperature, …) Vent plugging (polymers, crystallisation,…) Badly designed collecting network (back pressure) Badly designed pressure limitation devices Connection of vessels at different pressure
PRESSURE LOWERING UNDER VACUUM due to Vent plugging Under cooling (ambient temperature, strong rain…) Distillation column boiler failure Watering by fire fighting MECHANICAL RISKS due to Low temperature weakening of not resilient construction materials High temperature weakening, particularly with plastic construction materials High stress due to dilatation or bad supporting Cavitation Water hammer Vibration
33
HAZARD IDENTIFICATION – BOWTIES 1
Bow-tie diagrams to visualise major scenario, barriers and SCE’s
34
HAZARD IDENTIFICATION – BOWTIES 2
Barrier
Recovery Measure
Barrier
Mechanical Failure
Barrier
Barrier
Helicopter crash
Barrier
Pilot Error
Helideck Consequence 1 Fire
Helicopter Operations
Contaminated Fuel
Barrier
BARRIERS: Prevent MAE from occurring
Recovery Measure
Recovery Measure
Recovery Measure
Recovery Measure Recovery Measure
Injury Consequence 1 Fatality
Major equipment Structural1 Consequence Damage
RECOVERY MEASURES: Prevent or reduce the consequence of MAE
INHERENT DESIGN FEATURES + SAFETY CRITICAL ELEMENTS 35 (Layout, Structural Integrity) (Procedures, Equipment, Tasks)
HAZARD IDENTIFICATION – LAYOUT 1 The objectives of “layout design” are: • Segregation of different risks; • To permit access for firefighting and emergency services; • To minimize involvement of adjacent facilities in a fire and hence prevent further equipment failures; • To ensure that critical emergency facilities are not subjected to fire damage; • To minimize vulnerable pipework; • To limit exposure; • To ensure safe control room design; • To ensure security. The following topics should be considered in early plot layout: • Location of process areas and storage areas • Location of people and minimization of potential exposure • Site roads and traffic • Congestion (e.g. overlapping hazard zones, difficult access, possible confinement of vapour release, etc.); • TLocation of control rooms, offices and other permanent and temporary buildings; • Drainage and containment, Effluents, sewers • Fire fighting including fire breaks in process areas and access for fire fighting • Emergency • Security
36
HAZARD IDENTIFICATION – LAYOUT 2 Layout Review Brownfield Projects
Considering layout and escape routes, access to Equipment, also ensuring the hazardous area zoning of the platform is not compromised
37
HAZARD IDENTIFICATION – LAYOUT 3 Hazard Identification - Layout Review Greenfield Projects For Greenfield projects layout is a bit easier as you are starting with a clean sheet. Layout must prevent fires and explosions in areas with hydrocarbons (process area, risers etc) escalating to less hazardous and safe areas Create a “safety gradient” on the topsides layout from “safe” areas (accommodation) through to areas with maximum hydrocarbon “risk” by distance As much as possible (large) liquid hydrocarbon containing vessels should be located at lower elevations, HP gas equipment at upper levels. Reduce the probability of flammable gas build-up and the increased likelihood of an explosion Prevent escalation of fires and explosions 38
HAZARD IDENTIFICATION – HUMAN FACTORS Need to consider the guys who are going to maintain and operate equipment etc Work Environment Organizational Structure (lighting, noise, chemical exposures, climate)(job design, communication, task) Individual Constraints (age, size, training, skills, intelligence)
Sensory Information
Action Human
TASK Controls
Displays
Output
Input Machine
39
HAZARD IDENTIFICATION – EXAMPLE 1 Design Flaw (construction material)
Hazards and their causes Scenario 1
Low temperature (brittle fraction) Scenario 2 External loads (heat radiation, blast,…)
Scenario 3
Wrong manipulation (operator error)
Scenario 4
Fatigue
Scenario 5
LPG Leak
Mechanical failure (valve, gasket, flange,..)
Scenario 6 Scenario 7
Overpressure Scenario 8 Overfilling
Corrosion
40
External impact (missiles, collision,…)
Scenario 9
Scenario 10
Undesired event : major leak
HAZARD IDENTIFICATION – EXAMPLE 2
HAZOP Accident scenario :
Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.2 = 7.28 10-8/yr Risk = 5.2 10-5/yr x 0.07 x 0.1 x 0.5 = 1.82 10-7/yr
Risk = 5.2 10-5/yr x 0.07 x 0.1 x 1 = 3.64 10-7/yr Probability of fatality
Medium Leak (35 mm) = 5.2 x 10-5/yr
Probability of Wind Direction = 0.07
Probability of Ignition = 0.1
1
0.5
Leak
Deviation : other than water Cause : error during41 water drain operation
Undesired event : 10 kg/s LPG to atmosphere
Effects : LPG cloud with distance to LFL = 200 m, risk of flash fire
Impact : fatal injuries to people outside within 200 m radius
0.2
END OF SESSION DAY 1
• VIDEO animations of these two incidents • PIPER ALPHA & FEZIN •
•
•
•
Relief valves and rupture disks are part of an emergency pressure relief system. Its design must not only prevent equipment overpressure, it must also make certain that material discharged does not lead to personnel injury. The system needs to ensure that there is no fire, explosion, or toxic material exposure hazard from the material released through a relief valve or rupture disk. Plant modifications include new platforms, vessels, piping and a variety of other additions. Potential exposure to effluent from existing and new pressure relief devices must be included in your management of change process. Drain, vent and sample valves from equipment or piping as well as vessel overflows can have similar hazards. Any material which could be released from process equipment, including pressure relief valves or rupture disks, must discharge to a safe location. Any open pipe has the potential for an unexpected discharge. The release could occur for a variety of reasons and will often be a surprise Use extra caution when working around them – expect the unexpected !
42
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 1 CONSEQUENCE ANALYSIS RELEASE (Discharge) • gas • liquid or two-phase DISPERSION (H2S, SO2, CO2, ...) • gas, pool vaporisation liquid or two-phase (droplets, aerosol) FIRE •gas (Jet Fire) •liquid or two-phase (Jet Fire, Pool Fire, BLEVE) EXPLOSION (Vapour Cloud Explosion) •Gas •liquid or two-phase (aerosol) 43
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 2
44
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 3 Modeling - How do we do it? Identify Isolatable Inventories size / volume hydrocarbon composition Assume hole size and use design condition to calculate leak rate and subsequent fire sizes based on ign prb. Types of fires – scenarios • Jet – ignited releases of high pressure gas streams • Spray – ignited releases of 2 phase or liquid streams • Flash / Vapour Cloud Explosion (VCE) – delayed ignition of a gas cloud • Pool / Sea Surface – ignited releases of low pressure streams accumulated on plated deck 45
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 4 PARAMETERS – Vessel Pressure (P) – Vessel Temperature (T) – Composition (MW) – Hole size – Liquid release rate (pool fires)
RESULTS – Release rate (kg/s) – Release velocity (m/s) – T after expansion – Flash (liquid fraction) – Droplet diameter (mm)
WEATHER PARAMETERS – – – –
Ambient Temperature: Ta Humidity: H Wind speed: VW Roughness (surface nature: sea, flat land, open countryside, urban area,... ): Z – Atmosphere Stability: Pasquill's classification
46
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 5 DISPERSION Used to ensure no gases or exhaust fumes or smoke can reach the helideck or crane cab, HVAC for switch rooms and accommodation during normal operations Based on isolatable inventories utilised for fire modelling What happens if the flare ignition fails, can the gas reach the accommodation block before shutdown of the HVAC The use of wind rose to determine predominant wind direction
47
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 6 FIRES ( JET AND POOL)
Effects •Heat released - thermal effects •Products of combustion - toxic release
Consequence exposition × effect = consequence
Effects of fires will depend on •Liquid properties •Flammability characteristics (LFL) •Thermodynamics properties (heat of combustion, latent heat of vaporisation) •“quantity” of liquid or gas •Atmospheric condition i.e. Wind, Relative, humidity etc
48
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 7 25mm Release at Time t = 0
• SHELL FRED v 4.0 – Consequence modelling software • Hole of 2mm, 10mm, 25mm and 50mm in diameter • Flame sizes, extent of isopleths of interest (37.5 kw/m2, 12 kW/m2 or 6.3 kW/m2) 25mm Release at Time t = 2 min
25mm Release at Time t = 10 min
49
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 8 EXPLOSION An explosion is a rapid combustion of a mixture of flammable gas or vapour with a suitable supporter of combustion, most commonly air. Explosion modeling •Explosion overpressures •Blast loading •Blast and structural interaction •Structural vulnerability assessment When new equipment and pipework is added to the platform it has to be designed for blast, sometime the new equipment will increase explosion overpressures as it blocks explosion vents, all these need to be checked.
50
HAZARD ASSESSMENT - CONSEQUENCE ANAL. 9 Overpressure Level (mbar) 70
150
200
300
500 Within cloud
Damage Roof of cone-roof tank collapsed Damage to above-ground telephone and public address systems Piping, instruments and cables hit by debris, causing limited damage Instrument windows and gauges broken Breakage of gauge glasses Extensive minor damage due to debris Some fire heaters moved and pipes broken Exposed pipework and fire hydrants damaged Missile damageInstrument and power lines severed Failure of hold-down on half-full conventional storage tank Cooling tower badly damaged Failure of hold-down bolts on most storage tanks Collapse of steel stacks Fire heaters overturned Pipework by movement of large or distortion of pipe supports Substations severely damaged All above ground wrecked Transformer power lines severed Some columns overturned or destroyed Failure of bracing on spheres Reactors, horizontal vessels and exchangers overturned Loss of power to motors
USACE CDL Superficial Damage
Moderate Damage
Heavy Damage Hazardous Failure Blowout
Description of Component Damage Component has no visible permanent damage Component has some permanent deflection. It is generally repairable, if necessary, although replacement may be more economical and aesthetic Component has not failed, but it has significant permanent deflections causing it to be unrepairable Component has failed, and debris velocities range from insignificant to very significant Component is overwhelmed by the blast load causing debris with significant velocities
51
HAZARD ASSESSMENT - CONSEQUENCE ANAL. 10 240 mbarg
100 mbarg
Impact of blast overpressure on reinforced concrete frame building 300 mbarg
52
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 11 How this Information is used •Layout reviews •Equipment - provide separation and segregation •Escape ways •Fire Protection Philosophy and Study •Fire zones •BOD Sheets •Use of AFP and PFP •Used in QRA model
Potential target of fires •People •Material, structures •Environment (residue of combustion)
Fire size and duration - potential to cause escalation •structural failure •equipment failure / BLEVE •impairment of escape routes •fatalities 53
HAZARD ASSESSMENT – CONSEQUENCE ANAL. 12 SUMMARY OF CONSEQUENCE ANALYSIS OUTCOMES
54
HAZARD ASSESSMENT – FLARE RADIATION 1 Flare height determines the radiation levels on the platform and this has to be considered in the design. •Minimise atmospheric emissions. •Dispersion of hydrocarbon and toxic gases from an unignited flare. •The impact of heat radiation on equipment and personnel. •The potential for liquid carry-over to the flare. •Integrity of the flare system seal/purge arrangements. Also consider crane driver in the crane cab offshore When new equipment is placed offshore you have to consider the effect of the flare on new equipment.
55
HAZARD ASSESSMENT – FLARE RADIATION 2 A flaring event is normally unplanned and likely to happen during a process upset. Heat radiation on various parts of the platform have to be calculated for the worst case flow rate to ensure that personnel will be expose to high temperatures and result in injuries.
56
HAZARD ASSESSMENT – SHIP IMPACT STUDY Offshore platforms are located around shipping lanes and therefore in designing the platforms/ FPSO you ought to consider what will happen if it is impacted by a ship. You cant design for every scenario, but you can determine which member can result in total collapse of platform and perhaps strengthen them for anticipated loads . You can also provide ship impact protection for the platform legs. Risers should also be protected ideally you don't want to offload cargo where the risers are.
57
HAZARD ASSESSMENT - LOPA • LOPA( Layers of Protection Analysis) is a tool to determine the SIL (Safety Integrity Level) of a SIF( Safety Instrumented Function) and evaluates the other protection layers individually by looking at the risk mitigation they lead to. Any layer of protection could be small, or significant, but overall the total risk reduction strategy should deliver an acceptable risk. • Independent Protection Layers are often depicted as an onion skin. • Each layer is independent in terms of operation. • The failure of one layer does not affect the next. • Designed to prevent the hazardous event, or mitigate the consequences of the event.
58
HAZARD ASSESSMENT – SIS 1 What is a Safety Instrumented System (SIS) & Safety Instrumented Function (SIF) ?
Process
A SIS have several Safety Instrumented Functions to mitigate several process hazards. SIF is a Safety Instrumented Function with a specified Safety Integrity Level which is necessary to achieve functional safety. SIF is a function to be implemented by a SIS which is intended to automatically achieve or maintain a safe state for the process with respect to a specific hazardous event.” (IEC61511 ISA SP 84.01)
SIF
Process Output
Input
SIS Program
Safety valves
Transmitters Sensors
SV
Logic solver
Final Elements
Typical applications for SIS ESD - Emergency Shut Down System HIPPS - High Integrity Pressure Protection System WHCP - Well Head Control Panel
SIS
Logic Solver Sensors Final elements
59
HAZARD ASSESSMENT – SIS 2 SIF Safety Instrumented Function , it’s the individual loops that make up your SIS including any hardware software and final control element . Traditional names: •
Emergency Shutdown System
•
Critical Control Systems
•
Protective Instrumented Systems
•
Equipment Protection Systems
•
Safety Critical Systems
•
Interlocks
•
Do I need a SIS , maybe , maybe not?
60
HAZARD ASSESSMENT – SIS 3 M I T I G A T I O N P R E V E N T I O N
Plant and Emergency Response
Emergency Response Layer
Blast wall Dike Fireproof
Passive Protection Layer
Relief valve, Rupture disk
Active Protection Layer Emergency Shut Down
SIS
Safety layer Trip Level Alarm
Process Shutdown
Operator Intervention
Process alarm Basic Process Control System
Process value
Inherently Safer Design
Normal behaviour
Process Control Layer
Process Design Layer 61
HAZARD ASSESSMENT – DROPPED OBJECT
Items can be dropped on people , process and subsea pipelines Dropped object protection can be recommended if the likelihood of dropping on equipment is high but following ISD principles the crane should not lift over lift equipment and pipelines.
62
HAZARD ASSESSMENT - ESCAPE AND RESCUE Need to know how to escape in an Emergency, where to go, Whose in charge etc. How long to get to muster point
63
HAZARD ASSESSMENT – QRA1 Sometimes We Have To Quantify The Risk , Using Past Equipment Failure And Leaks To Give Us Likelihoods And Probabilities Of Failure. Lots Of Assumptions Are Used And They Have To Be Reasonable R equired Input Data For a TRA Study Assumptions. Process Design &Equipment Lay Out Data & Manning Data & Structural Plot Data Meteo Data
Operating Procedures
Compositions Operating Conditions Substance Properties
Ignition Data
Lifting Data
Trafic Transport data
Leak Frequency Data & Reliability Data
64
HAZARD ASSESSMENT – QRA 2 Equipment leak Frequency & Hole Size Distribution
Evacuation-Rescue.xls Evacuation & Rescue Event Trees
Cargo.xls Cargo Offload Release rate & Fire Modelling Evacuation & Rescue Fatality Probabilities
Parts Count.xls Parts Count Leak Frequency & Hole Size Distribution Data
Leak Frequency per Event
Ship Collision.xls Ship Collision Risk Assessment
Process Events.xls Total PLL for each event Fire Modelling Event Trees “Run” Button and raw results
Ship Collision Area Risks Cargo Fire Area Risks Process Event Area Risks
Enfield Results.xls Area and Event Risks for all worker groups. IRPA’s PLL Area and Event Risks
Manning Distribution for each worker group
Manning Distribution.xls Distribution of each worker group
Worker Group Manning Levels and Exposure
Others.xls Cargo Tank Fire Engine Room Fire Structural Integrity / Stability Occupational Pilot Transfer Helicopter Transport FRC Operations
65
HAZARD ASSESSMENT – QRA 3
Event Tree Analysis Example The probability of occurrence of the consequences for a given process accident scenario (starting from the undesired event) can be derived using a Event Tree Analysis approach .Documents the sequence of events
66
HAZARD ASSESSMENT – QRA 4
D W
V E R G
K A T O E N
U N D
N A T I E P R
O JE C T
N IE U
W E C
R E S S O R S
P T U
2
N IE
U W E C
O M P
R E S S O R
P TU
2
O JE C
T
P R
2 T
P L AT F O R M O P
3 T
G F - 6 5 0 3A
G F - 6 5 0 3B
C -6 0 0 1 A
B E S T A A
N D
O P V A N G I N S T A L L A T IE
P C - 60 0 1 B B E S
P P 9 0 3A M F 9 05
R E C Y C LE A & B
P C 6 00 1C
M S9 41
J
M S 9 11 M S 9 10 O P SL AG &
O P S LA G
E LE K T R IS C H
O N D E R H O U D
O N D E R S T A T IO N 2
T R A N S FO R M A T O R E N
A D M IN I S T R A T I E F G E B O U W
K A T A LIS A T O R
L A B O R A T O R IU M
A C T IV E R IN G Z . 20 0.00 0
M EN G T A N KS
214600
AA R DE W E G
O .7 4 5 .9 0 0
O .6 5 2 .6 0 0
B A AN
B A AN 1 5
O U D E O O S T E R W E E LS E S T E E N W E G (=V R O E G E R E G E M E E N T E W E G )
B U R E L E N C O N S T R U C T IE
L O SP LA AT S V O O R V R AC H T W AG E N S
T T 21 8
M S1 8 5
AS2 03
T T 14 3 AS1 0 8
M S1 19 3
T T 1 19 3
A S1 03
A S1 02
V E R Z A M E L P LA A TS A FV AL S T O F FEN
O .5 8 8 .0 0 0
PP1 63 A &B
P P 16 4 18 m x 32 m
B AAN 1 4
M S 1 10 1 M S 1 19 2
HO O F D
P P 2 28 A & B
Z .1 4 7 .7 5 0
B A A N 2B
Z .1 3 4 . 7 5 0
B AA N 2
B AA N 2
Z .1 4 7 .7 5 0
Z .1 4 7 .7 5 0
O PS L AG P LA A TS H U LP S T O F F E N
P C 98 0 A
HF 9 02 B
H F 90 2A
PC 98 2A
M F 14 2D M F 2 4 2G
M F 2 42 H
M F1 42 E
R E A KT O R G E B O U W
M F1 4 2F
M F 24 2K
M F 91 4
M F 14 2C
M F 14 2B
M F1 4 2A
M S 1 12 5 A ,B O F C
BA AN 1 3
O N DE R S T A T. R 8
O .38 8.00 0
P C 98 2B
E LE K T R IS C H O N D E R S T A T IO N R 2 .
Z U IV E R IN G R E A K T O R T O P P R O D U K T
M S 9 01
M S 1 72
M S 2 6 5
M S 1 73
M S 2 6 6
A S 1 13 1
G F 1 10 5
O .6 5 2 .6 0 0
M S 11 10
M S 9 08
T R A N S F O 'S
V E R Z A M E L P LA A TS A FV AL S T O F FEN
S TE L C O N D A L S (S T E L L I N G M A T E R IA A L )
18 m x32 m
Potential Loss of life PLL
18 m x 24 m
B AAN 1 5
G E BO U W Z U U R D O S E R IN G
P C 98 0B
O N D E R S T A T IO N R 2
G Z1 24 2
M S 1 2 42
BA AN 12
L
P R O D U KT
T R A N S F O T R 9 + O N D E R S T A T IO N R 0 9
O PS L A G TA N KS P R O D U C T AF V A L (2x 2 4, 5m 3 )
T R A N S F O 'S T R 2 A & B V E R Z A M E L P LA A TS A FV AL S T O F FEN 18 m x 24 m
M S 11 26 A /B
AF V AL W A TE R M E E T S T A T AI OF NV A L W O A NT DE ER R H O U D S G E B O U W M E E T S T A T IO N B A A N 1
6 m
I
M A G A Z IJ N ( B O O G L O O D S ) M F -9 0 6 A
6 m B A A N 2 STO O M KE TE L S
E .3 5 0 . 0 0 0
M S 6 03 K
& O P L O S M ID D E L
P P 90 5A B C
Z .1 7 0 . 0 5 0
Z . 1 7 3 .3 0 0
ET H YL E EN
I
H
Z U IV E R I N G V A N M O N O M E E R
P P 9 68
M S 1 24 0
M E ET S TA TIO N
G
F
B U L K S T A T IO N 3
K O N T R O L EG EBO U W
S O L V E N T H E R W IN N IN G
G Z 12 41
V O E D IN G S K A B E L S 3 6 k V E L E C T R A B E L
K
L
E S 1 01
A
B
O .4 9 0 .0 0 0
G E BO UW
E X T R A K T IE
M S1 21 0
0 .4 2 0 .5 0 0
M S 12 46
M S1 19 0
P P 96 0
M F 90 6B
P D 93 2 M S 94 6
A S1 04
A S2 01
M S9 40
E LE K T R IS C H O N D E R S T A T IO N R 1
O .5 8 8 .0 0 0
M S6 32
M S 9 03
W A T ER TA NK
V R IJE H O O G T E : 4 3 00
B AA N 1
Z .1 7 3 . 3 0 0
M A G A Z IJ N ( B O O G L O O D S )
Z .1 0 3 .7 5 0
M F -11 00
T A 1 19 2
BA AN 1 4
D
V E R Z AM E LPU T
B A AN 1
M S 6 0 1 N /P B AAN 1
A AN N E M E RS P A R K
M F 14 0
M F 1 27
B AA N 3
P D 16 2A &B
M S1 37
B
C
S I L O 'S M S 6 3 0 M S 6 3 1
B
M S 5 00 6 A /B
C
K O N T R O LE G E BO U W
B AAN 1 0
A E S 10 0
M S 95 0
B
P C 6 0 1 F /J
M S 6 0 2 R /Y
Z . 6 2 .6 0 0
M F 12 2B
Z . 1 0 3 .7 5 0
M S1 13 1
A
A
A
C
M S 5 0 0 1 A /D
E L E K T R IS C H O N D E R S T A T IO N 1
M S6 1 3
M F14 1 B
M S 11 30
B
TR A N FO R M AT O R E N
M S 6 18
M S 1 11
M S1 1 0
B
BA AN 13
F
E
M F 5 0 1 E /F
P C 9 0 1 A -B A
M S 9 51
A C T IV E R I N G
B A AN 4
M F1 22 A
M F14 1 A M S 1 01
B AA N 3
M S 1 50
O . 4 9 0 .0 0 0
B
M A ST ER B AT C H K O N T R O LE G E B O U W
G S 51 4 H
A
KO ELTO R EN S
HF 1 2 40
A
M F 5 0 1 A /D K A T A L IS A T O R S O C IA A L G E B O U W
100m
M S 92 1
M F 12 9
Z .1 0 3 .7 5 0
A
B AA N
H YD R A N T
H Y D R A N T
G S 5 1 4 G
E XT R U D E R G E B O U W 2
50m
P R O P IO N Z U U R -O P S LA G T A N K
M S 1 19
G T 9 01 O .3 8 8 .0 0 0
B
B
G T 92 0
B AA N 1 2
A
P R O D U KT O P S LA G D
G T 93 0
HF 9 0 1A
M S9 02
D
T R A N S F O 'S
H F 9 0 1B
C
M S 60 07
P R O DU K T O P SL A G C
B AA N 3
T R A N S F O 'S
P C 5 05 H
P C 5 05 I
D T T 50 2F
LO S P LA A T S V O O R V RA C H T W A G E N S
M S 10 5
M F 9 06 C
M S 9 36
P C 5 03 J
M S 6 00 3
P C 50 6
M S 6 07 C
H E R W I N N IN G
P C 5 03 I
B
BAA N 1 0
B
M S9 47
P C 6 01 L
E
C
B
P C 6 21 C
D
B
A
A
+ N IE U W E E X T R U D E R " H "
P C 6 21 B
C
K 0
P C 6 01 K
F P 9 01 B
B A A N 3 Z. 1 0 3 .7 5 0 LO S P LA A T S V O O R V R A C H T W A G E N S
N IE U W E X T R U D E R G E B O U W
P C 6 21 A
A B
LO SP L AAT S VO O R V R AC H T W AG EN S
BAA N 1 9
0 .9 7 .0 0 0
M S41 0
M R 4 0 4 A /B
M R 40 0 3
K
M S 60 1Q
B 5 01
A
G EK L EU R D PR O DU KT
M S 4 07
0 .1 6 7 .0 0 0
D
R EA C T O R EN
R E A CTO R D L
E E N H E ID
AF V A L W A TE R
0m
TO EVO ER
C
B
H YD R A N T
B
M F 50 1 M
RU B B ER
LU C H T & K O E L-
M F 11 2 B
B A A N 13 B
IN S T A L L A T IE
A M S 4 20
F I L T E R IN S T A L L A T I E ( 5 + 1 R E S .)
A
PO E D E R O P S LA G
N
P A R K
A N T I-O X Y D A N T
S E AK T PI EC 4 0 53 B
E X T R U D E R G EB O U W 1
BAA N 1 8
0 .4 0 . 0 0 0 B AA N 17
W .2 0 .0 0 0
W .7 . 4 0 0 B AAN 16
M S 60 3
D P C 4 05
S .10 8.50 0
0 . 2 8 0 .0 0 0
C
P C 50 7 L
P P 9 03 B
F P 9 01 A
PU T
P C4 00 4
M
M S 92 0
K A T O E N N A T IE P R O J E C T
P R O D U K T O P S LA G EN M EN G E R S
H YD R A N T M S 4 1 0E
P C 50 1
TR AN SF O R M A TO RE N
TR AN S F O "F"
P T U 2 P R O JE C T (C O M P R E S S O R E N )
T A A N D
T
M S 60 2 M F 91 2
M R 40 4E
V E R P A K K IN G
B E Z IN K V IJ V E R
O N D E RS T. P8
EL .3 2 5 0
3 T
BE ST A AND E P I J P EN B RU G ( E L .8 45 0 )
P
O ND E R H O U D
3 T
O M P
P R O J E C
M S 60 1
R EA CT O R E
P
LE K O LIE
2 T
4 T
3 T
2
BEST AAN DE ST A AL CO NST RU CT I E
A
M F1 12 A
O P S L AG P L AA T S
T A LK
D O S E R ING M E N G IN G
4 m
R E E D S O R Y
R 4
M S1 60
L
P R E S S
E N M E N G ER S
B
M S 41 9 H YD R A N T
(R E E D S V E R G U N D )
M S 92 5
C O M
T T - 6 5 0 3 F -6 5 0 3 C
P C - 6 01
B
P R O D U K T O P S LA G
M S 61 4 M S 41 9
M S 4 07 B
R E AC TO R C
M R 4 0 4 C
O N D E R S T A T IO N
G
M S 5 03
W .1 0 .0 0 0
A M S6 0 9
C
P C 10 03
Q
M S6 50 2 TR AN S FO T R 1 4
R E C IR C U L A T IE P C 10 02 B
R E C IR C U L A T IE
214700
BA AN 1 0
M S6 50 1 )
O .5 8 8 .0 0 0
)
O O G )
M S - 6 50 2 ( L A A G
80 00 P A R K IN G C O N S T R U C T I E
M F 12 1 B
6 m
B AAN 14
M S6 50 3
O O G )
M S - 6 50 4 ( L A A G
AF D A K
M S - 6 50 3 ( H
W
O PSL A G P L.
V
R U B B E R S N IJ M A C H IN E
S -6 0 1 W
M S - 6 0 1 V
B AA N 1 3B
M
T
M A G A Z IJ N M F1 21 A
Overpressure contours
W A A K V LA M
U
A F W E R K IN G S G E B O U W
S- 6 0 1 U
M S - 6 0 1 T
A F W E R K IN G S G E B O U W
M
S
E .4 4 3 7 4 5
R
E E N H E ID
0 1R
M S - 6 0 1S
O .3 5 1 .0 0 0
M S -6
C
LU C H T
M S 6 01
B
B -7 3
AA N N EM ER S
M S 6 20
B -7 2
AW W
N
M S 91 1
M
D
M S - 6 50 1 ( H
P R O D U K T M A G A Z IJN
M A G A Z IJ N
H Y D R A N T (M O E T V E R P LA A TS T W O R D E N )
M S 6 0 3 M /N
F
C
M S6 50 4
B C
B AA N 1 1
M F 6 0 3 A /F E
A M S 3 10
B
M S 9 16
PC 60 3 B A A N 4 Z . 5 0 .0 0 0
A
0.28 0.00 0
P R O DU KT O P S LAG M S 10 1
P C 1 00 1
P R O D U K T M A G A ZI JN 1
CO M PR ES S O R EN
M S 6 13
M S 1 03 B
Z . 5 0 .0 0 0
P C 1 00 2A
Z .4 . 5 0 0
G Z 1 2 39
P R O D U KT M A G A Z IJ N 2
P A R K ING
A W W
G Y 65 4
M F 10 2
B E Z I N K V IJ V E R
M S 1 01 B
W ATE R K A N O N HY D R AN T
B A AN 4
P R O D U K T M A G A Z IJ N 2
LU C H T & KO EL -
A
PU T
B AA R DG AS
M S6 0 7 M S 6 0 7
P R O D U K T M A G A Z IJ N 1
B
M S 12 04
LA A D S T A T IE
BA A N 13
B U LK LA A D S T A T IO N 2
O PV AN G P U T B LU S W A TER A
M S 1 20 5
P A R K E E R -E N LA A D P L A A T S
B A A N 5 B ZA . A4 . N5 0 5 0
VO O R V RA C H T W A G E N S
H Y D R AN T
M S 9 13 M S 42 4
K A S S E IS T E N E N
G E B O U W V E R B IN D I N G S G R U G T U S S E N F C A E N K T N
M S 6 13 J
S PO O R W E G
80 00
K A S T E L W E G (= G E M E E N T E W E G )
1 40 m m
K A S S E IS T E N E N
M S 61 4C
M S 6 04 B U L K LA A D S T A T IO N 1
R E G E N W A TE R
G Y 90 2
H YD RA N T
A W W % % c30 0m m ST A DS W A T E R
W A TE R K AN O N H Y D R A N T
TO O R T S
A AR D G A S
A W W % % c30 0m m S T AD S W AT ER
K A S T E L W E G (=G E M E E N T E W E G )
214800
80 00
QRA RESULTS QRA : (Quantitative Risk Assessment) • LSIR CONTOURS ON LAY-OUT MAPS •IRPA TABLES ASSOCIATED WITH EXPOSED WORKERS CATEGORIES AND PUBLIC •PLL TABLES
S T A A N P L A A T S C IT E R N E
Z .1 9 6 .5 0 0
B A AN 1
Z .1 9 6 . 5 0 0
B A A N 1
Z . 1 9 6 .5 0 0
B AA N 1
Z .1 9 6 .5 0 0
A D M IN IS T R A T IE F G E B O U W P A R K IN G
R E FT ER & BU R E LE N
S O C IA A L
G E B O U W
ETH YL E E N A F S L U IT V A L V E N
L A B O R A T O R IU M
P O R T IE R S
P A R K IN G
LO G E P A R K ING
P A R K ING V O E D IN G S K A B E L S 3 6 k V E L E C T R A B E L P A R K IN G
R 5 0m
O . 8 5 0 .0 0 0
O . 8 0 0 .0 0 0
O . 7 5 0 .0 0 0
O . 7 0 0 .0 0 0
O . 6 5 0 .0 0 0
R 5 0m
O . 6 0 0 .0 0 0
O . 5 5 0 .0 0 0
O . 5 0 0 .0 0 0
O . 4 5 0 .0 0 0
O . 4 0 0 .0 0 0
O . 3 5 0 .0 0 0
O O . . 330 000. 0. 0 0000
NA AR S C HE L D E % % c2 0"
G E C O N T R O L E E R DE L O Z IN G
O . 2 7 3 .0 0 0
O . 2 5 0 .0 0 0
O . 2 0 0 .0 0 0
O . 1 5 0 .0 0 0
O . 1 0 0 .0 0 0
O . 05 0.0 00
S E K T IE 4
00 0.00 0
O . 05 0.0 00
S E K T IE 1
SC HELD E
150100
150200
150300
150400
150500
150600
150700
150800
150900
151000
Individual Risk contours
1 0 -5
1 0 -6
67
END OF MORNING SESSION DAY 2 We have looked at Hazard Assessment focusing on quantitative risk assessment, layers of protection analysis, dropped object studies, consequence modeling, ship impact studies, escape and rescue and Flare radiation modeling
68
HAZARD MITIGATION – FIRE & GAS DETECTION 1 Fire and gas detection is required to Safeguard Life and Property. •
Provide Early Warning of Hazardous Conditions.
•
Provide Opportunity for Evacuation and Notification from Re-entry
•
Provide Time for Intervention and Correction.
•
Trigger Facility Protection Systems i.e. Ventilation, Water Mist, Fire Suppression
69
HAZARD MITIGATION – FIRE & GAS DETECTION 2 Provide rapid and reliable indication of the occurrence of a hazardous event involving fire and/or loss of containment of flammable or toxic inventories to : •
Emergency Shutdown (ESD 1) of affected Fire Zone ( on confirmed gas detection or fire detection )
•
Initiate Alarms
•
Trigger emergency isolation and depressurisation of hydrocarbon inventories
•
Initiate fire water deluge system (fire, sometimes toxic or flammable gas)
•
Initiate CO2 or INERGEN or FMC 200 fixed fire extinguishing systems
•
Trip power generation and electrical equipment
•
Increase ventilation in enclosures
•
Close dampers in HVAC air intakes
70
HAZARD MITIGATION – FIRE & GAS DETECTION 3 Types of detectors • Smoke Detectors (Optical/ Ionisation) • Heat Detectors ( FT/ RoR) • Flame Detectors (UV/ UVIR/ IR/IR2/IR3) • Hydrocarbon Gas Leak Detectors ( Line of sight , ultrasonic) • Toxic Gas Detectors • Open Path Gas leak Detectors • VESDA The use of fire and gas mapping to ensure coverage is adequate
71
HAZARD MITIGATION – FIRE & GAS DETECTION 4 For gas detectors - sensors should be placed as close as possible to potential leak sources. – Seals and flanges, fittings and welds – Expansion joints and gaskets – Engine combustion – Storage, loading and unloading areas – Runoff areas For flame detectors -there are various types and the type of detector determines the position
72
HAZARD MITIGATION – FIRE PROTECTION 1 Active fire protection objectives are achieved by reduction of the fire effects through: •cooling of the hydrocarbon equipment •shielding against radiation •fire suppression Active fire protection is activated: •By Fire and Gas detection logic (automatically) •manually (local and remote) Active fire protection ( fire pumps, ringmain, deluge valves and nozzles). Type of protection depends on required duty – this may be to extinguish the fire, control the fire or provide exposure protection. 73
HAZARD MITIGATION – FIRE PROTECTION 2 Types of AFP include: •water deluge • foam •water mist / steam •dry powder •inert gas (Inergen), CO2
DAN FE
X- 03 0 1 DAN FA
P- 03 0 3
L AR G E M O NI TO R
X- 0 3 22 X- 0 314 X- 03 13 X- 0 31 2
DAN FB
h elid ec k m on it o r s
X- 031 7 X- 0 3 28
X- 03 1 5 X- 0 3 18
X- 0 32 8
X- 0 31 6
P- 03 05
P - 0 30 6
X- 032 7
DA N FF SYS TE M
X- 03 2 5
H
X- 03 2 6 DAN FC
X- 0 3 2 2 P - 0 30 1
P- 0 30 2
X- 0 32 3 L ARG E M O NI TO R
P- 0 3 03 P - 0 3 04
XV- 035 25 5 XV- 0 35 35 4 X V- 0 3 5 35 3 XV- 03 53 5 1
XV- 035 25 6
XV- 03 520 6
XV- 0 35 3 52
XV- 035 205
XV- 035 203 XV- 0 35 20 1 XV- 03 52 0 4 XV- 0 3 520 2
DAN FF SYSTEM
L
DAN F F
DA N FF SYS TEM
G
74
HAZARD MITIGATION – FIRE PROTECTION 1 Types include: •water deluge • foam •water mist / steam •dry powder •inert gas (Inergen), CO2 Carbon dioxide supply Carbon Dioxide is a colourless, odourless, electrically non conductive inert gas agent for extinguishing fire CO2 extinguishes fire by lowering the concentrations of oxygen in air to the point where combustion stops CO2 being dangerous to personnel, it should be used in unoccupied spaces Foam extinguishes fire in four ways: Smothering fire and preventing air from mixing with flammable vapours Control and reduction of flammable gas release Separating flames from fuel surface Providing some cooling effect for fuel and adjacent metal surfaces
75
HAZARD MITIGATION – FIRE PROTECTION 3 Passive fire protection -Fireproofing to prevent failure of structures and equipments. Coating applied to the wall of vessel (mineral or organic-based). Resist to flames and slow down heat transfer to the wall ( fire walls, chartek, blast wall, fire blankets) Design for blast – possible explosion overpressure
Fire Barriers / Partitions between areas e.g. Process / Non Process :
The duration of the required stability and integrity
• Coatings on Bulkheads - For A / H / JF ( with wire mesh ) • Prefabricated GRP Panels - For A / H / JF • Prefabricated Panels with insulation - For A / H / Not JF
A = 60 minutes H = 120 minutes J = J-class is not a standard fire rating. SEV specification retains H capabilities of 120 minutes
Critical Structural Members / Risers / Flare Structure / Supports Intumescent or Cementious coatings - For H / JF ( with wire mesh)
Standard Fire Curves Temperature vs. Time
°C
Risers / ESDV's / Equipment / Panels GRP Cast Sections for risers and boxes for ESDV Intumescent half shells
1 200
1 000
Jet fire Hydrocarbon fire
800
Penetrations : Seals suitable for For A / H / JF
Cellulosic fire 600
J 45/ H60, 0.3 bar Blast wall
400
200
0
10
20
30
40
50
60
minutes
76
HAZARD MITIGATION – EMERGENCY SHUTDOWN 1 Emergency shutdown system contains different levels (process, emergency, fire & gas and if required ultimate safety system), each of them consisting in a set of safety loops. Safety loops consist of field sensors, logic solvers and final elements (e.g. valves). The main purposes of ESD systems are:
To limit the loss of containment, by isolating hydrocarbon production and processing.
To protect personnel, e.g. smoke and gas detection in the HVAC intakes of Buildings.
To prevent ignition by elimination of potential sources of ignition.
To reduce flammable or toxic inventory by depressurisation through the EDP system.
ESD system shall take into account the requirements that may arise during other possible (and likely to occur) abnormal or down-graded configurations. New hazards can appear as a consequence of the loss of essential utilities such as essential power, air, hydraulics, etc. These new hazards shall be identified, mitigated ad the associated risks shall be assessed.
77
HAZARD MITIGATION – EMERGENCY SHUTDOWN 2 In the event of a process upset that can lead to loss of containment or hydrocarbon leak we need to shutdown the process unit and sometimes the platform immediately so the event does not escalate to other areas of the Platform.
78
HAZARD MITIGATION – OVERPRESSURE Most of the plant is pressurised so what happens during an over pressure event. Design of relief disposal dependent on relief requirements (e.g. fire, overpressure by gas , overfilling by liquid, reaction runaway). Relief devices are installed and during an overpressure event they open and allow the gas to go to the flare thus preventing over pressure of equipment. Process engineers have to size these devices for the equipment they are protecting.
A flare or vent system consists of: • Relieving devices in the Process systems (PSV, BDV, Bursting discs,…) •Headers for collection of relieved effluents •Knock out (KO) Drum to segregate gas and liquid phases •Sealing devices to prevent air ingress (purge gas, seals) or Designed to •Sustain internal explosion •Disposal devices for the gas and liquid (Flare tip, liquid burners, burn pit,…) 79
HAZARD MITIGATION – OVERPRESSURE RELIEVING DEVICES •Relief valves •Rupture disk •Explosion vents, hatches, or panels •Pressure/vacuum relief valves •Open vent pipe (cannot be blocked off) •Floating roof, lifter roof or weak roof-to-shell seam (atmospheric tanks) •Self-closing manhole cover or weak gauge hatch •Hydraulic accumulators (liquid thermal expansion relief only)
80
HAZARD MITIGATION – UNDERPRESSURE Flare safety precautions should include: •Use of a automatic flame monitoring device to warn of flameout conditions. •Provision of a liquid knock out (KO) drum, which is equipped with high level alarms to •Warn of an excessive accumulation of liquid. •Prevention of the introduction vapors into the system when it is not operational.
81
HAZARD MITIGATION – DRAINAGE 1 Function Of Drainage Systems SAFETY • Minimise uncontrolled spillage • Minimise the risk of ignition (evacuation of flammable liquids away from ignition sources) • Prevent escalation of a fire across the installation (containment and evacuation of flammable liquids) ENVIRONMENT • Minimise direct discharge of polluted streams by channelling treatment units
to appropriate
Key Features For Safety Of Drainage • Architecture of network to prevent cross-contamination • Gas seals and fire breaks to prevent migration Closed Drains Are Connected To: • Hydrocarbon equipment under PRESSURE • Equipment handling TOXIC fluids (intentional release to atmosphere not acceptable) 82
Open drains are ATMOSPHERIC systems
HAZARD MITIGATION – DRAINAGE 2 Potential Hazards in drainage systems • Spread of gas and fire (transmission of explosive atm near ignition sources) • Over pressurisation (blockage, RPT, drainage under excess pressure, gas blow-by..) • Vacuum • Cross contamination • Overflow • Higher corrosion rates • Confined space entry, heavy gas accumulation in drum pits Main causes • Poor Design • Mal-operation • Inadequate segregation • Less interest than other process systems and profitable production systems
83
HAZARD MITIGATION – DRAINAGE 3 DIKING AND BUNDING Tank needs to be surrounded by a bund wall or dike in order to prevent uncontrolled liquid spillage. A bund is an embankment or wall of brick, stone, concrete or other impervious material, which forms the perimeter and floor of a compound and provides a barrier to retain liquid. Since the bund is the main part of a spill containment system, he whole system (or bunded area) is colloquially referred to as the ‘bund’. Bunds should be designed to contain spillages and leaks of liquids used, stored or processed above ground and to facilitate clean-up operations. As well as being used to prevent pollution of the receiving environment, bunds are also used for fire protection, product recovery and process Isolation. Containment pool is deemed counter-productive since a potential pool fire resulting from one single tank Failure will also be affecting all the other intact tanks installed inside the pool (risk of BLEVE). This hazard should be avoided by installation of a spillage collection system directing any leakages to a safe location away from where a bullet farm is located.
84
HAZARD MITIGATION – IGNITION CONTROL 1 Due to the flammable nature of oil and gas ignition control is very important because if there is no ignition source there will be no explosion or fires. Precautions: > Avoiding flammable substances (replacement technologies) > Inerting (addition of nitrogen, carbon dioxide etc.) > Limitation of the concentration by means of ventilation
Ignition sources identification: Apparatus which, separately or jointly, are intended for the generation, conversion of energy capable of causing an explosion through their own potential sources of ignition
Measures to limit the effect of explosions to a safe degree: > Explosion pressure resistant construction > Explosion relief devices > Explosion suppression by means of extinguishers, deluge, etc
85
HAZARD MITIGATION – IGNITION CONTROL 2 According to Standard EN 1127-1, 13 types of ignition sources : •Hot surfaces •Flames & hot gases •Mechanically generated sparks •Electrical apparatus •Stray electrical currents, Cathode corrosion protection •Static electricity •Lightning •Electromagnetic fields •Electromagnetic radiation •Ionising radiation •Ultrasonic •Adiabatic compression, shock waves, gas flows •Chemical reactions
When handling a number of different flammable fluids, classification to be based on the most volatile fluid anticipated.
Keep in mind that it does not address scenarios of major releases under catastrophic failures (ex rupture of a pressure vessel), but do not forget scenarios of operation and maintenance of equipment.
Do not forget drain traps on process decks (potential Zones 0 & 1).
Reduce risks through design improvements by reducing release sources, by grouping equipment and by optimizing ventilation.
Avoid non hazardous area surrounded by hazardous areas (unless ventilation protected enclosure).
Once minimum extent is determined, utilize distinct landmarks for the actual boundaries, to permit easy identification by operators.
Ref ATEX directives implementation guide
86
HAZARD MITIGATION – HAZ. AREA CLASSIF. 1 Hazardous Area Classification Reduce to an acceptable level the probability of coincidence of a flammable atmosphere and an ignition source, by means of: • Segregation of hydrocarbon sources and ignition sources, •Selection of equipment with the potential to cause ignition: Zone 0. In which ignitable concentrations of flammable gases or vapours are present continuously, or in which ignitable concentrations of flammable gases or vapours are present for long periods of time. • Zone 1. In which ignitable concentrations of flammable gases or vapours are likely to exist under normal operating conditions. (for a full definition refer to API RP 505). • Zone 2. In which ignitable concentrations of flammable gases or vapours are not likely to occur in normal operation, and if they do occur will exist only for a short period (for a full definition refer to API RP 505).
87
HAZARD MITIGATION – HAZ. AREA CLASSIF. 2 IDENTIFICATION OF LEAK SOURCES
CODE (IP15, API 505,…)
FREQUENCY OF RELEASE
FLUID CLASS AND CATEGORY
CLASSIFICATION AND EXTENT OF HAZARDOUS AREAS
GRADE OF RELEASE
Continuous grade release: Within tanks, above liquid interface, temperature > flashpoint sumps
GAS BUOYANCY
EXTENT OF ZONES
TYPE OF VENTILATION
Secondary grade release: Flanges & piping connections, valves, tapings PSV, vents, sample points,… which in normal operation do not generate release to atm Most pumps, compressors,
Primary grade release: Sample points, No release sources: PSV discharge, Pressure vessels, atm tanks, welded pipe, sealed drums, vents Pig launchers & receivers, sumps Some pumps, compressors, filters (if releases are part of 88 normal operation)
HAZARD MITIGATION – HAZ. AREA CLASSIF. 3 The lowest temperature at which, when mixed with air at normal pressure and as a consequence of chemical reactions initiated on account solely of temperature, the substance will ignite and burn in the absence of any initiating source of spark or flame. Classified : All hydrocarbons handled at a temperature above their flashpoint are liable to generate hazardous areas, or whose flashpoint is below 37.8°C (ref API 505 & NFPA 497) Unclassified : Liquid hydrocarbons with a flashpoint > 100°C Temperature class
89
HAZARD MITIGATION – HAZ. AREA CLASSIF. 4 Flammability limits change with • Inerts • Temperature • Pressure
90
HAZARD MITIGATION – HVAC & VENTILATION 1 HVAC unit usually is placed between the helideck and the roof of the quarters for offshore units. The living quarters and electrical switch rooms also requires a ventilation system , in the event of a gas release or fire the HVAC damper shut off preventing gas ingress. Note normally you will have fire and gas detectors at HVAC inlets to detect gas and shutdown damper especially if HVAC inlet is in close proximity to the process area.
91
HAZARD MITIGATION – HVAC & VENTILATION 2
Adequate ventilation = open area : At least 12 air changes/hr with no stagnant areas. Ventilation air can be taken from a nonhazardous area, or an external Zone 2 area, but must not be drawn from either Zone 0 or Zone 1 area.
Dilution ventilation (of enclosed areas) : Ventilation at such a rate that the probability of formation of a flammable atmosphere is so low that the area can be considered nonhazardous (i.e. gas concentration < 20% LFL).
92
HAZARD MITIGATION -SAFETY CRITICAL ELEMENT 1
SCEs are the principal elements constituting the barriers They can relate to equipment, processes or people SCEs shall be managed so as to provide the positive assurance that they are effectively operable on demand, they perform as expected and they have some capacity to survive incidents. Safety Critical Elements (SCE) are any part of the installation or plant: whose failure will either cause or contribute to a major accident the purpose of which is to prevent or limit the effect of a major accident »
93
HAZARD MITIGATION -SAFETY CRITICAL ELEMENT 2 SCE’s should have performance standards – PS Description – Identifies System, linkage to MAE/Bow-Tie, Scope (Individual SCE’s e.g. Shut Down Valves) and PS Goal (e.g. Isolation of Hydrocarbons). – Function – Performance Standard (Isolation of Hydrocarbons), Performance Criteria (e.g. Leakage Criteria or closure time referenced against a standard) & Assurance Task (e.g. Valve Function & Leak Test) via maintenance activities (e.g. AMOS, maximo, SAP) to help demonstrate that the critical systems achieve the performance standard with the required reliability throughout their life of service. – Reliability/Availability, Survivability & Interdependency – Level of performance (e.g. ESDV should achieve 100% reliability/availability of service) and interdependency (e.g. ESDV links with ESD system).
94
HAZARD MITIGATION - EMERGENCY RESPONSE No fire trucks offshore just the trained fire fighting team but can’t fight a major fire
95
END OF AFTERNOON SESSION DAY 2 We Have Looked At Hazard Mitigation focusing on Fire protection (active & passive),F&G detection , Safety Instruments Systems, ESD, Hazardous Area classification, Flare, Ignition Control, Drainage, HVAC, Overpressure Protection, Maintenance –SCE Performance standards, Emergency Response
96
TECHNICAL INTEGRITY Technical Integrity (TI) is all about management of SCE ( HAZARD MITIGATION MEASURES)
Risk Control Dimensions
H
Hydrocarbo n Leak
A Safe Operation
Shutdown Systems
Z A R D S
Prevention Barrier A
C
Plant Design
B
A
Inspection and Maintenance
Permit to work
D Plant change management
F
• Thickness
• Ignition Control
• PM checks
m’ment
Equip. online • Fire & Blast walls location
•Condition monitoring
• Defined & understood scope of work • Hazards identified, risk assessed & Controls in place • Work authorised
Risk assessment for potential impacts • Authorised management of change • Case to operate •
Mitigation Barrier
Staff Competence
E Operational
B Inspection & C Permit to D Plant Change Plant 8Design Dimensions of Integrity Maintenance Management Work Monitoring
• Mech Integrity
• • • •
Major Accident
H
Procedures
E
Operations Proedures
• Standard’sd Operating Procedures • Periodical review done • Temporary procedures for changed situations risk assessed.
G F
Alarms & Instruments
Staff Competence
• Role specific competency criteria for process safety • Periodic inputs for updating • Periodic assessment
Each Barrier is important Concurrent failure in barriers can result in Near Miss or MAE Significant Failing in just one critical barrier sometimes is sufficient to cause incident Continuous monitoring & testing of Barriers is needed through suitable tools
G
Emergency arrangements
Alarms & Instruments
Fire & Gas alarms • Routine monit’ng of alarms / trips • Defined procedure for management of inhibits / overrides •
H
C O N S E Q U E N C E S
Emergency Arrangements
Periodic testing of ESD / trips and emergency systems • Periodic Mock drills of ERP • Emergency procedures updated •
97
ESTABLISH DESIGN INTEGRITY Establish Design Integrity and Safeguard it during Operations Project Phase Establish Integrity by identifying MAE, SCE ( Safety Critical Elements) producing Performance Standards(PS) all contributing to the establishment of Technical Integrity (TI).
In the operation phase, safeguard integrity by maintaining equipment, reviewing, verifying and assuring integrity using performance standards, corrective action should be closed out appropriately all leading to maintaining TI.
Technical TechnicalIntegrity IntegrityManagement Management
MAXIMO
MAJOR ACCIDENT EVENTS (MAE)
98
SAFEGUARD TECHNICAL INTEGRITY WHAT
HOW
WHO
Audit
Corporate Audit Audit Program
Status Judgement
MA
Class Verification Regulator
Verify
Peer/Third Party Verification Maintenance Inspection
Testing Compliance
Review
KPI Effectiveness Review
Asset Manager / ICP
KPI/Target Verification Competency Assurance Operator Maintainer
Risk Overview Risk Overview
Status Judgement
MOC Standards , Regulations , & Class Compliance
Status Report
Technical Authority / OPS Manager
Status Judgement
Monitor
Critical Information Engineering TI Maintenance Status Processes Inspection Compliance Safety Action Monitor Compliance Case Morning Tracking MOC Performance SC Equipment Audit and call Standard Maintenanc Trip Process & e Condition Surveillance Compliance Classification etc
Status Judgement
Process
Change Management System
Procedure
BOD ,/ Technical Std’s Operating Envelope
CTO
Production Accounting System Risk Management
Incident Investigation Management
Competency Management System
Maintenance Management Sys
Technical Integrity Process
Permit
to work
Regulations Legislation
Technical Integrity / Safety Engineer
Process Owner Implementer
Gap
99
KPIS FOR BARRIERS - LAGGING AND LEADING • LAGGING (from near misses incidents) • Outcome indicator
(Outcome is the
desired performance that the barrier is designed to deliver
)
• Reactive monitoring that discovers weaknesses in the barrier in near miss or actual • Reveal actual failure of significant control barrier Reveal ‘holes in cheese’ following near-miss or actual process safety incident • • • •
• LEADING (audits in AMOS) 1. Process indicator (Process is the planned activity to test the functional deliverability of the barrier )
2. Pro active monitoring that catches weaknesses in routine PM checks 3. Reveal likelihood of failure of significant control barrier in a routine systematic check Detect ‘holes in cheese’ during planned routine checks
Both are Important Interdependent Compliment each other; giving full range of control Leading KPIs are more Important for Senior Management
100
SUGGESTED LEADING KPI’S
1. Number of deviations from codes & Standards ____________ 2. Number of plant modifications done to improve process safety
Safe Operation
Inspection & Maintenance
1. % of process safety PM checks completed on time ____________ 2 % of process safety PM checks with identified gaps to performance standard.
Permit to Work
1. % of Permits (sampled) where hazards identified and control measures specified 2. % of permit (sampled) with controls verified on site.
Operating Procedures
1. % of Operating Procedures periodically updated as per plan -------------------2. % of Operating Procedures requiring significant modification
Staff Competence
Inspection & Maintenance
Alarms & Instruments
1. % of staff in technical role with verified . process safety awareness -------------------2. % of staff in Process safety management role with . . verified competency criteria
1. % of inhibits (sampled) executed as per specified procedure --------------------2. No of inhibits in place as % of total final control elements _____________ 3.No of standing alarms per panel
LOC
Escalation Barriers
Prevention Barriers
Lagging KPI’s Plant Design
Plant Change 1.Management % of changes risk assessed, & approved before installation ___________ 2. % of audited MOC meeting MOC procedure _____________ 3.% MOC s closed out in 10% of the execution time
HAZARD
Plant Design
Permit to Work
Plant Change Management
No of leaks Operating Procedures
Staff Competence
Alarms & Instruments
Emergency Arrangements
% of persons who (sampled) participated in an emergency exercise in the last 6 months. ----------------------2. % of Emergency Shutdown valves /BDVs & process trips tested, as per schedule 1.
CONSEQUENCES
Leading KPI’s
Major Accident Event
No of MAEs Emergency Arrangements
Number of Process safety near misses, Loss of containment incidents, fires, explosions with root cause linked to deficiency in this dimension
INHERENT SAFETY But are design should be Inherently Safe in the first place 1 . Minimise – use smaller
2 . Substitute
quantities of hazardous substances
substance
– replace a material with a less hazardous
Gas
Hot Oil Gas
THE BASICS •Fewer hazards •Fewer causes •Reduced severity •Fewer consequences
3 . Moderate
Hot Water
– use a less hazardous
condition, a less hazardous form of a material, or facilities that minimise the impact of a hazardous material or energy
4 . Simplify – design facilities that eliminate unnecessary
complexity and make operating errors less likely and that are more forgiving of errors which are made
barg
barg 102
INHERENT SAFETY RISK REDUCTION MEASURES Process Design –Alternative chemical process (chemicals used, …) –Reduction of operating pressure –Reduction of operating temperature –Reduction of area congestion –Selection of construction materials –Some critical cooling systems Automatic action SIS – Interlocks independent from DCS • PCV to flare • Heat cutout interlock • Feed cutout interlock – UPS systems – Emergency power generator – HIPPS Limitation of Released Quantity –Reduction of product inventory –Remote operated isolation valves (ESD system) –Blowdown system –Flow orifices –Excess flow valves
Mitigating & Protective measures – Diking – Water curtains – AFP (Sprinkler/deluge systems) – Foam application systems – Restricting flow orifices – Excess flow valves – PFP(Blast/fire resisting structures blast/fire walls, reinforced control rooms) – Control of ignition sources – Emergency shutdown systems – Containment systems (containment inside building) – Flange protection – Devices influencing the direction of leaks. – Explosion suppression systems – Inhibitor or killing agent injection systems – Detection systems (gas, liquid, smoke, fire,...) with operator intervention
Physical protection – Safety valves to flare – Rupture disks to flare – Vacuum breakers – Blowdown systems Reduction of Leak Frequencies – Enhanced inspection plan (mechanical integrity) – Full containment design – Corrosion allowance – Corrosion risk management – Safety Critical Procedures (with high reliability level in execution)
103
MANAGEMENT OF CHANGE (MOC) • Establish and implement written procedures to manage changes to process chemicals, technology, equipment, and procedures; and to facilities that affect a covered process – Inventory – Equipment unavailability, changes or new installation – Instrumentation changes or program changes (DCS) – Changes to operating parameters – Procedure changes – SOP, ITPM, Emergency – Temporary changes
• Does not apply to replacement in kind
Address prior to any change: • • • • •
Technical basis for the change Impact of change on safety and health Modifications to operating procedures Necessary time period for the change Authorization requirements for the change • Update process safety information accordingly. • Update operating procedures and practices accordingly. • Train employees affected by the change prior to making the change
104
WHY HAVE A SAFETY CASE •
Major Industrial Disasters – Flixborough, UK, 1974 – Explosion 28 workers killed (happened on a weekend so plant was minimal manned) – Piper Alpha – 167 killed in 1988 – Clapham Junction Rail disaster (35 fatalities) – Phillips 66 Texas
All disasters above had Common Findings & Recommendations
Conclusion : Prescriptive approach not appropriate- move to a goal based approach, described in a “Safety Case”. Prescriptive regime does not require identification and understanding of hazards. Involve workforce awareness of hazard management.
Petrobras P-36 Brazil, 2001
Temsah Platform Egypt, 2004
High Platform Mumbai, 2005
Texas City Texas 2005
105
TYPICAL CONTENTS OF A SAFETY CASE
Operations Safety CASE
Part 1 Introduction and Management Summary
Part 2 EHS Management System Description-
Part 3 Facility Description
Part 4 Formal Safety Assessments & Hazards and Effects Analysis
Part 5 Management of SCE’s
Part 6 Remedial Action Plan
Part 7 Conclusions
106
MAJOR ACCIDENT EVENTS Helicopter Crash
Cargo Tank Explosion
Surface Blowout
HC Releases Fires /Explosions
Structural Damage
Ship Collisions
Turret Failure
Projectile / Missile impact
Dropped Objects
Subsea Release
Natural Hazards
Toxiic Release
107
BP TECHNICAL SAFETY PROCESS
108
WOODSIDE TECHNICAL SAFETY PROCESS
109
TOTAL TECHNICAL SAFETY PROCESS
110
Inherent Hazard category Pressure - Pressurized Fluids and Gases, - Compressed Air, High Pressure Steam
Possible hazard scenario
Example Safety consequences
- Unplanned release of hydrocarbons - Equipment failure release pressurized drilling foam
- Possible multiple fatalities if the release ignites immediately - Injury or death to persons standing close to location of equipment failure.
- Unplanned release of reservoir fracturing acid.
- Severe injury or death of individuals close to the location of the release.
- Unplanned release of nitrogen
- Minor consequences unless person is in a confined space when/where the release occurs leading to potential fatality
Stored Energy - Suspended Load, Hydraulic Systems
- Hurst high pressure hydraulic hose
- Injury to personnel in the vicinity to the failure.
Biological Agents - Laboratories, Sewers, Contaminated Water, Cooling Equipment, Bio-treaters
- Poisonous work atmosphere
- Person is poisoned
Hand Tools - Hammers, Bolsters, Drills, Chisels, Flogging Spanners
- Misuse of hand tools
- Injury to person using the hand tool
Chemicals - Corrosive, Toxic (acute or chronic), Harmful, Irritant, Oxidizing, Flammable (incl mists and dusts), Sensitizing, Dangerous for the Environment Asphyxiants - Nitrogen, Carbon Dioxide, Halon, Light hydrocarbon gases
111
Inherent Hazard category
Possible hazard scenario
Example Safety consequences
Operation of Vehicles - Fork Lift trucks, Cranes, JCB’s, Piling Rigs, Rail Cars, Rail Engines, Tractors/Trailers, Low loaders, Lorries, Ground Loading, Underground services, Overhead cables
- Accident in harbour while transporting equipment by lorry
- Injury to driver and others in the vicinity of accident
Drowning - Waves, Tides, Currents, Entanglement, Slippery Surfaces
- Man overboard
- Fatality if person not recovered quickly
Confined Spaces - Storage Tanks, Ducting, Main Separators, Voids, Sumps, Excavations, Exposure to High/Low working Temperatures
- Entry to vessel for visual inspection which has not been purged of gas
- Injury or death form Asphyxiation
Ignition Sources (including static) / Fire - Grinding, Cutting, Drilling, Welding, Static, Earthing, - Adjacent Process Vents/Drains, Residual Hydrocarbon
- Waste material catches fire from sparks from a grinding operation
- Equipment damage and personnel injury if fire not extinguished immediately
- Collapse of an excavation during construction of a mud pit for an onshore drilling program
- Fatalities
- Explosion in mud room while filling hoppers
- Fatalities or serious injury
Excavations - Contaminated soil, buried services, un-shored sides
Explosion (Implosion) - Chemical, Pressure, (Vacuum), Dusts, Mists, Low Ignition Energy Materials (e.g. Hydrogen
112
Inherent Hazard category
Possible hazard scenario
Example Safety consequences
Fall of Person from Height - Rigging, Suspended Cradles, Ladders, Scaffolds
- Derrick man falls while handling pipe
- Fatality
Electricity - Cabinets, Switchrooms, Transformers
- Person doing tests on live electrical equipment
- Fatality by electrocution
- Items from an equipment basket fall while being moved by crane
- Injury or fatality from being struck by the falling object
- Complex task being undertaken at night without adequate lighting
- Injury to person undertaking task because of misinterpretation of readings on gauges causing wrong action
- Slip while going to work station
- Injury
- Person leans against a piece of hot pipe which has no insulation
- Burn injury
- Poor lifting technique used when moving heavy boxes of spares
- Back injury
Fall of Objects/Material from Height - Tools, Debris, Equipment Lighting - Intense, Poor, Lasers
Trip or Fall on same level - Uneven/Slippery Surface, Poor Housekeeping, Ice Contact with Hot / Cold Surface - Adjacent Equipment, Insulation, Cryogenic, Auto-refrigerant Manual Handling - Lifting, Carrying, Pushing, Pulling
113
Inherent Hazard category
Possible hazard scenario
Example Safety consequences
Noise - Piling Rigs, Compressors, Pumps, Fans
- Work location adjacent to numerous pumps and compressors on full load
- Long term hearing injury
Incorrect Posture - Confined Spaces, Poor Balance, Use of Computer
- Cramped temp office location with data entry computer terminal
- Injury due to excessive time at computer entering data
- Use of percussive chisel to remove sea fastenings
- White finger caused by excessive use of percussive tools
Use of Machinery - Moving Parts, Dangerous Parts, Entanglement, Tripping
- Using hand drill to make fixing holes in some temporary equipment
- Loose clothing gets caught in drill and causes serious arm injury
Radiation - Nucleonics, Gamma Rays, LSA Scale, Weld Flash, Thermal Radiation (flares)
- Assisting welder finish sea fastenings
- Welding flash causes temp. blindness
- Load gets snagged in adjacent equipment when being lifted
- Strop breaks and the load falls on a person in the vicinity causing severe injuries
Vibration - Percussive Tools, Heavy Plant
Mechanical Lifting - Cranes, Hoist
114
115
116
SAFETY CRITICAL MEASURES 8. Community emergency response
7. Site emergency response
Safety Critical Measures
6. Effect mitigating measures (watercurtain, site layout, reinforced structures,…)
5. Physical protection (relief systems,…)
4. Automatic action SIS
3. Critical alarms or tasks/procedures with operator supervision and manual intervention
}
}
2. Basic controls & process alarms with operator intervention
1. Inherent safe process design
117
TYPICAL SAFETY SYSTEMS S a fe ty S y s te m s G e n e r a l D e s ig n L ayo ut H A ZO P S & D E s ig n R e v ie w s
C o m m a n d & C o n tro l C om m and C E C E
o m m u n ic a m e rg e n c y o n tro l R o o r g o n im ic s ,
C o n t r o l & M it ig a t io n tio n s Power & U PS m e tc .
P ro c e s s C o n tro l & A la r m s S e g r e g a tio n & I s o la t io n F & G D e t e c t io n ES D B lo w d o w n A c t iv e F ire P r o t e c t io n P a s s iv e F ire P r o t e c t io n F ir e B a r r ie r s & P e n e t r a t io n s M a t e r ia ls H a n d lin g P r o t e c t io n H a z a rd o u s A re a C la s s if ic a t io n G a lle y F ir e P r o t e c t io n S y s t e m s
H a b it a b ility H V AC E m e r g e n c y L ig h t in g
E s c a p e & E v a c u a t io n E s c a p e R o u te s L if e b o a ts L if e r a f ts L a d d e r s & C h u te s , e tc L if e ja c k e ts L if e b u o y s P e r s o n a l P r o t e c tiv e E q u ip m e n t P y r o t e c h n ic s E P IR B S H e lid e c k C r a s h R e s c u e K it
R e c o v e ry H e lid e c k w a v e - o ff E m e rg e n c y P o w e r A c t iv e F ir e P ro t e c t io n
118
SAFETY CRITICAL MEASURES
• Safety Critical Measures are items such as procedures, equipment, instrumentation or any other assets that are vital or critical in the loss prevention strategy of an industrial site. • Safety Critical Measures will interrupt the propagation or will lower the probability of the propagation of an initiating event (accident cause) to unwanted consequences (major accident)[1] • Multiple Safety Critical Measures can be taken to reduce the risk of a specific accident scenario • The identification of Safety Critical Measures is done using systematic and structured risk based brainstorming techniques (see Section 2 on Hazard Identification) • Safety Critical Measures can be active[2] or passive[3] systems
119
Hazard Mitigation – Design Safety 9b SCE example Scenario 6 inch feed line from LPG sphere Consequence potential Safety Critical Measure Major leak probability control valve
: Vapour cloud explosion due to major leak at control valve in : Catastrophic (estimation using TOTAL risk matrix) : Automated ESD system rated SIL2 (PFD=10E-2) : 1.25E-4/yr (source : CHARAD 5) for 1 inch leak
Upon failure of ESD system : formation of major flammable vapour cloud with potential catastrophic impact in case of ignition* Upon success of ESD system : formation of limited flammable vapour cloud with limited in case of ignition*
LPG sphere Logic solver
Gas detection
ESD system
Control valve
120
CASE STUDY – BP TEXAS REFINERY EXPLOSION As you watch the video -Identify the safety critical element( EQUIPMENT/ PROCEDURES / PEOPLE) that failed for this accident to happen
121
Texas City Explosion – Hazard Management Diagram Relief and Blowdown System
Learning from the Past Control, Alarm & Shutdown system
Inherent Design Plant Layout
Effective Supervision / Leadership
Operations Procedures
Maintenance & Inspection
Work Control
Audit & Self Regulation Training & Competency
Communication
Active & Passive Fire Protection
Investigation & Lessons Learned Support to Next of Kin & Injured
Escape / Access
Management of Change
HAZARD Normal Hydrocarbon Inventory in Raffinate Splitter
Rescue & Recovery
HAZARD REALIZATION Loss of containment Ignition Explosion Multiple fatalities and injuries
•Inventory increased •Proximity of nonessential personnel to hazard •Flare not used
•No up to date relief study design basis unclear •Capacity of blowdown drum exceeded
•Operate outside envelop •No failsafe shutdown •No mass balance or attention to other data •Lost process control
•Faulty high level alarm not reported
•Previous incidents & upsets not reported •Admin. rather than ISD solutions •Hierarchy of control not applied
•Procedure s not followed •Steps not signed off •Use of ‘local practices’
•Failure to recognize hazard to trailers from start-up •People not notified of startup •Multiple sources of ignition in adjacent areas
Inadequate HAZID skills Lack of underpinnin g knowledge Failure to follow procedures •Confusion over who was in charge •No verification on procedures in use •Absent from unit at critical times
•Pre-start-up review not performed •Procedural compliance not checked •Supervisor offsite •No interventions •Inadequate KPI’s for process safety
•No effective handover between shifts •Unit alarm not sounded •No / incomplete MOC’s for trailer siting •Blowdown drum modified without rigorous MOC
•Active & passive fire protection
•Emergency response by site and external authorities •Hospitalization •Access & escape route diversity •Access to scene
