Safety time definitions
SIF must act before system reaches its design limit
Design limit
Definition Time to trip
Start
Finish
High high trip
Trip activated
Initiating event/failure
Trip set point
(TTT)
reached
High alarm
Alarm activated
Available SIF response time
Upset causes deviation
Plant operates within its safe operating window
Trip set point reached
Failure event/ design condition
(IPF-ST)
Process safety
Initiating event/failure
Failure event/
TTT IPF-ST
Low alarm
time (PST)
design conditions
Low low trip
Table 1
Time
is the available SIF response time, also referred to as the independent protective function safety time (IPF-ST). This is the time between the trip set point being reached and the failure event conditions (or maximum permitted conditions) being reached, if the SIF were not performed. Table 1 sum-
Figure 1 Process safety time in a generic system
reached and the trip being initiated, due to the inherent delay associated with the sensing element. Table 2 shows some typical sensor, solver, and final element response times.2 Case study Fluor recently performed detailed engineering for a brown- field heat and power facility at a large refinery in the UK. The system consists of three extra-high-pressure (EHP) steam boilers feeding an EHP steam ring main (see Figure 2 ). From the EHP ring main, steam is let down to intermediate-high pressure (IHP) level by five identical pressure-reducing and desuperheating stations (PRDS). The IHP steam is then let down to medium pressure (MP) level by five more PRDS. The PRDS use a combination of HP and MP spray water to desuperheat the letdown steam. Maximising the availability of steam export to users was a key driver on the project, as loss of steam could cause a cascade of safety shutdowns and major disruption to refinery facilities. To support the hazard and operability (HAZOP) study and layer of protection analysis (LOPA), PST calculations were required for the IHP-MP PRDS high-temperature
marises how these definitions are related. Thus, the following relationship applies:
Process safety time = Time to trip + Available SIF response time Figure 1 shows how this applies to a generic process var- iable. A system will operate within its safe operating win- dow until some form of failure or operational upset causes it to deviate. If the control system does not remediate the situation, the system will reach a set point that triggers an alarm. If the system continues without intervention, it will reach a trip set point and then finally reach some unsafe condition, typically defined by the system design condi - tions, or in the case of liquid level, a vessel being completely full or empty. On many modern projects, the TTT, IPF-ST, and PST are assessed through dynamic process simulation. The IPF-ST must include the response time of the sens- ing element, the logic solver, and the final element. In some systems, particularly those with temperature measurement, there can be a significant delay between the trip point being
trips, which protect existing MP steam pipework from exceed- ing its design temperature in the event of spray water failure. Each PRDS was provided with a dedicated high-temperature trip (TAHH) that would act to close a shutdown valve (SDV) at the inlet to the affected PRDS, iso- lating the system. The MP steam piping on the new plant was to be constructed from chrome-molybdenum alloy with a design temperature of 480°C. However, at the battery limit (B/L), the material would change to carbon steel with a design temperature of 280°C, to match the existing refinery steam piping. Exceeding the design temperature would reduce the yield stress of the existing piping
Typical sensor, solver, and final element response times2
SIS component
Element type Thermowell
Typical response time
5-40 seconds 8-9 seconds 11-12 seconds
Temperature measurement
RTD
Thermocouple Direct mount
0.5-1.0 seconds up to 1.5 seconds up to 10-25 seconds up to 8 seconds up to 2 seconds up to 4-6 seconds 0.1-0.5 seconds
Pressure measurement
Diaphragm seal type
Diaphragm seal with capillary
Guided wave radar Non-contacting radar
Level measurement
Nucleonic Switches
Digital signals
Speed measurement
Proximity and magnetic pick-up
up to 1 second 0.1-0.5 seconds up to 1 second 0.5-1.5 seconds 0.1-0.5 seconds
Solid state technology
Logic solver
PLC-based
Safety manager
Motor control centre (MCC) trips
SDV (Hydraulic) SDV (Pneumatic)
1-2 seconds per valve inch 0.5-1 second per valve inch Several seconds to minutes Several seconds to minutes
Final elements
Motor drive rundown time
Equipment inertia
Table 2
28
Revamps 2025
www.digitalrefining.com
Powered by FlippingBook