Role of fired heater safety systems

A fully automated burner management system operating as a SIS for burner control can meet minimum safety targets, improve system availability and lower costs

NIKKI BISHOP and DAVID SHEPPARD
Emerson Process Management

Role of fired heater safety systems

LOPA and its usefulness

 I posted this question in a PSM group in LinkedIn:

"I am interested to know whether a comprehensive study has been done anywhere, after the introduction of LOPA in the late 90's, with the study objective - "Has LOPA actually led to a reduction in incidents?"
Thanks, in advance.."

William Bridges, one of the co inventors of the LOPA technique posted his comments as follows:

"I doubt seriously if such a study is possible as you have to hold ALL OTHER influences constant and then start doing LOPA after that. I think this would be useless graduate project as well (for the same reason).

As one of the co-inventors of LOPA, the greatest improvements I have seen from the introduction of a LOPA, are from using the definition of an IPL within PHA/HAZOPs and from maintaining all IPLs per their respective industry best practices.

At a macro scale, it does not appear that introduction of LOPA or even introduction of process safety best practices have reduced the number of catastrophic accidents. This is no fault of the methods or disciplines; this is because Most companies still choose to do the bare minimum. Some companies have made great strides due to implementing best practices in risk assessment and process safety management; the majority have NOT improved because (1) their PHAs/HAZOPs still fail to find scenarios during all modes of operation so they are missing IPLs they need for those modes of operation, or (2) they fail to maintain IPLs appropriately, or (3) they fail to implement effective steps against the effectives of corrosion, erosion, or external impacts (for which there are no IPLs)."

 
Contribute to the surviving victims of Bhopal by buying my book "Practical Process Safety Management"

Safety Integrity Levels - Hip or Hype?

Yesterday I attended a seminar on "Safety Integrity - Life cycle approach", organised by ISA at IIT, Madras.The IEC 61508 and 61511 standards were discussed. Having interacted with many users, I think the problem with the safety integrity approach lies somewhere between hip and hype. When I mean hip, many users think that just be implementing a SIL 3 capable system, everything will be hunky dory. Not so! It requires a lot of operations and maintenance inputs throughout the life cycle of the system to ensure that it maintains its reliability. While instrument manufacturers often tend to go overboard to sell their ides to the client and engineering, procurement and construction companies also tend to recommend such systems to their clients, ultimately it is the the client who has to decide what level of risk is he prepared to take and whether existing instruments will be sufficient, without going in for a detailed SIL study. Unfortunately many clients do not have the technical support requires to make such decisions and rely on the designer. I go back to the analogy I had given in my earlier posts - We had operated a pneumatic controlled ammonia plant (no DCS, no smart transmitters, no fieldbus, no HART) quite successfully in the eighties for over a decade without an instrument failure that caused a spurious trip or fail dangerous undetected state. The answer to the question whether safety integrity is Hip or Hype lies in the understanding of risks by the client and is solely based on his decision. So the answer lies inbetween!!

Fail safe or Fail unsafe?

The blowout preventer that failed in the BP oil rig disaster was meant to be fail safe. But why did it fail? There is an excellent video from the NY Times explaining what could have gone wrong. Layers of protection analysis is supposed to find these weak links, but in my experience, LOPA depends heavily on the time available for the team to do it, the experience of the team and finally what is done with the recommendations. Watch the NY times video in this link.

Process Safety and Overflow protection

I read a nice article on high integrity overflow protection. In the article there is a statement that one of the key requirements of a high integrity overfill protection self certification program is "Acknowledged competency to review the design aspects of both mechanical- and/or electrical-components including component failure modes, fail-safe vs. fail-danger, any claimed automatic diagnostics, and internal redundancy in order to produce a quantitative failure rate (This number will eventually plug into calculations that determine if a particular design meets its defined SIL requirements".
I have observed many SIL (Safety Integrity Level) studies where the above competency becomes suspect. Many organisations think that just because they have completed a SIL study, they are safe. A SIL study starts from a good PHA (Process Hazard Analysis) study and here itself, if the competency of the people participating in the study is inadequate, then "garbage in, garbage out".
In many cases, there has been an overkill of recommendations from a SIL study, leading to the organization spending money unnecessarily.

Read more of the article in this link

Layers of protection - too much instrumentation?

I just returned from a state of the art refinery. My thoughts went back 30 years ago when I was shift in charge of an ammonia plant. There was no DCS system but pneumatic controllers mounted on a control room panel. The complete plant had a total of about 50 hard wired alarms mounted on the panel.We ran the plant safely and successfully! Today, we have the DCS system with numerous alarms and now there are alarm suppression software!Are we complicating things too much?