Avoid utility disruptions in refinery operations
Using time-delayed trips and dynamic process safety time analysis to avoid utility disruptions, especially where long shutdown and start-up sequences are required
Charlie Gould Fluor Ltd
S afety instrumented functions (SIF) are a key safety feature of modern process plants, enabling automated responses to deviations in operating conditions to prevent scenarios where catastrophic failures can occur. Process safety time (PST) analysis refers to the calculation procedure through which it is proved that an SIF can respond to a deviation and act sufficiently quickly to set the system to a safe state before failure conditions are reached. In some systems, it may be possible for the basic process control system to respond to failures and recover the sys- tem to its normal operating envelope within the time period between a trip set point being reached and the system fail- ure conditions being reached. In such a scenario, a system or plant trip would not be necessary, but the safety system may take action to initiate a shutdown before the control system has had time to adequately respond. Unnecessary process trips can cause significant operational disruption, especially where long shutdown and start-up sequences are required. The following discussion provides an overview of SIF and PST analysis, and presents a case study for a high-tem- perature safety system implemented on a large heat and power project at a refinery in the UK. Dynamic process simulation was used to perform PST analysis for a high- temperature safety trip protecting an existing steam system in the event of loss of desuperheating spray water. The dynamic simulation model showed that by using a time-delayed trip with two set points, the control system could be given time to respond to less severe failures, avoid- ing unnecessary plant shutdowns and disruption to down- stream users, thus improving the operability of the plant without compromising the integrity of the safety system. Safety instrumented functions In normal operation, fluctuations in process parameters such as pressure, temperature, and liquid level are controlled through a process control system via control elements. A sensing element measures a process variable and feeds the information to a controller. If the process variable deviates from its set point, the controller acts on a control element to return the variable to its set point by feedback control. If a more substantial deviation from normal operating con- ditions cannot be corrected by the process control system, the system can approach an unsafe state. Such deviations
will usually be caused by some form of failure event. This could be operator error (such as inadvertent opening or closure of a valve), a control system malfunction (such as a control valve being incorrectly driven fully open or closed), or some form of system or mechanical failure (such as a loss of power). If corrective action is not taken, plant conditions can continue to deviate until a catastrophic failure occurs, in which a failure of piping or mechanical equipment leads to a loss of containment or irreversible damage to an equip - ment item. To prevent this, process plants implement a hierarchy of protective systems that should be called upon in the follow- ing sequence. Each layer of protection should only act if the previous layer has failed to keep the system within its spec- ified envelope: Basic process control system (BPCS). v Alarms signalling the requirement for operator intervention. w Trips initiating an SIF. x Pressure/temperature relief valves (PSV/TSV). An SIF is an automated action that acts to set the system to a safe state. For example, a high-pressure trip may close a shutdown valve to isolate and protect a system before design pressure is exceeded. The sensor, computer, and final element together constitute the SIF. The collection of SIFs on a process plant is referred to as the safety instrumented system (SIS). The SIS must be entirely independent from the BPCS, sharing no common sensing, logic, or final elements. Process safety time An SIF will be initiated when the process parameter (for example, pressure, temperature, or liquid level) reaches a certain set point. The SIF must act to set the system to a safe state before a catastrophic failure event occurs, or some other defined conditions (such as system design conditions) are reached. Process safety time (PST) is defined as follows by the International Electrotechnical Commission (IEC): 1 “The time period between a failure occurring in the process or the basic process control system (with the potential to give rise to a hazardous event) and the occurrence of the hazardous event if the SIF is not performed.” By itself, PST is not particularly useful for process and con- trol system design. In practice, the more useful parameter
27
Revamps 2025
www.digitalrefining.com
Powered by FlippingBook