Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

SIL (LOPA) Analisys Procedure

Download as pdf or txt
Download as pdf or txt
You are on page 1of 20
At a glance
Powered by AI
The document outlines a SIL procedure that is used to assign safety integrity levels to safety instrumented functions identified during a hazard and operability study. The procedure involves establishing target frequencies based on severity, calculating event frequencies with and without safeguards, and determining the required risk reduction and safety integrity level.

The purpose and scope of the SIL procedure is to assign required safety integrity levels to each safety instrumented function identified during a hazard and operability study. The LOPA (layer of protection analysis) method is used for SIL assignment to ensure risk reduction will mitigate hazard scenarios to a tolerable risk target.

The SIL procedure establishes target frequencies based on the severity ranking from the hazard and operability study, where more severe consequences are assigned lower target frequencies. Severity is evaluated for safety and health, environment, financial, and reputation impacts.

DIQUIMA, GLOBAL LEADER

IN INNOVATION
SIL ANALISYS USING LOPA

2017

1 DIQUIMA Official
S I L A NA L I S Y S U S I NG L O P A

2
CONTENTS

01—Purpose and Scope


02—SIL Procedure

3
Purpose and Scope SIL(LOPA) Procedure

1. PURPOSE AND SCOPE

Assign required Safety Integrity Level (SIL) for each Safety Instrumented
Function (SIF).

Every SIF identified during HAZOP need to be analysed during SIL


Assignment.

LOPA Method is used for SIL Assignment.

4
Purpose and Scope SIL(LOPA) Procedure

1. PURPOSE AND SCOPE

SIFs can be identified in HAZOP, in those cases where an interlock exists


as safeguard or its implementation has been agreed as recommendation.

SIF needs to ensure that risk reduction will mitigate all hazard scenarios to
tolerable risk target.

5
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Using severity ranking from HAZOP, a target frequency is established:

Safety &
Severity
Health
Environment Financial Reputation Target Freq.
Severe environmental impact or
constant very high exceedance of Coverage on international media, high profile community outrage, high
5 Greater
Major
Fatality statutory limits or immediate
than $ 1bn
level of concern amongst governments and action by international NGOs. 10-06 yr-1
intervention by third parties or Major impact on reputation with customers &/or shareholders
government bodies
Serious environmental impacts,
Multiple LTI extending over 1 km2 area or constant Extensive attention in national media, some international coverage,
4 with exceedance of statutory limit or $100 mm- national government and NGO involvement, serious community concerns 10-05 yr-1
Serious permanent significant alarm raised by third parties $1bn and complaints.
disability or government body with instruction to Serious impact on reputation with customers &/or shareholders
mitigate
Multiple
MTC/RWC/LT Moderate environmental impact,
extending over 10,000m2 or multiple Some national media coverage considerable community concern and 10-04 yr-1
3 I or single LTI $10 mm-
intermittent exceedance of statutory potentially a single community complaint.
Moderate with limit or concern raised from third
$100 mm Moderate impact on reputation with stakeholders
permanent parties or government body
disability
Medical
treatment, Minor environmental impacts, confined
within fence line of site or multiple 10-03 yr-1
2 restricted $1 mm- Noticed within QG, information shared with neighbours, some community
constant exceedance of statutory limit.
Minor work or short- $10 mm concerns raised. Minor impact on reputation with stakeholders
No complaint from third parties or
term LTI with government body
no disability
Slight environmental impacts, within
First aid or immediate locale or some exceedance
1 $50k- Noticed within QG, no media coverage, no public disruption. Slight impact 10-02 yr-1
minor of statutory limit but assessed to be
Slight $1mm on reputation with stakeholders
treatment ALARP. No third party or government
body involved.

6
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

LOPA methodology calculates Frequency of the events where a SIF is


protected and needed risk reduction is obtained.

Needed Risk reduction selects required SIL:

SIL PFD RRF


1 0.1–0.01 10–100
2 0.01–0.001 100–1000
3 0.001–0.0001 1000–10,000
4* 0.0001–0.00001 10,000–100,000

(*) SIL 4 is not allowed in some projects

7
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Once all scenarios where a SIF is protecting are addressed it is needed to


record next information:

SIF identification:

A code assigned to each SIF. It will be XX-SIF-nn, where XX is unit number and
nn are correlative.

SIF description:

A description of the elements involved and the action. For example: Interlock UZ-
XXXXX triggered by TSHH-XXXXX (MooN) causing the closure of ESDV-XXXXX
and ESDV-XXXXX (MooN).

Design intent:

A description of the aim of SIF. For example, Pumps XXXXXX protection against
low level or high pressure in XXXXXX protection.

8
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Interlock

Tag of interlock associated to the SIF.

Initiators (and voting)

Tags of initiators (sensors) and associated voting.

Primary Final Elements (and voting)

Tags (and action) of final elements needed to restore safe state to the process.
Also voting is request.

Auxiliary Final Elements

Remaining final elements activated by interlock (tag and action).

9
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Once all this information is addressed, LOPA analysis begins:

1. For each initiating cause, a initiating frequency (FIE) is selected. To


develop this activity, next table is used:

Scenario Initiating Event Frequency (per year)


BPCS or Control loop failure (valve to same position to
0.1
instrument air failure position)
BPCS or Control loop failure (valve to opposite position to
0.02
instrument air failure position)
Analyzer failure >1.E-00
Pump Failure Loss of Flow – clean service (OREDA) 0.79
Compressor Trip 0.2
Loss of electrical power 0.1
General Utility Failure 0.1
Heat Exch. tube leak 0.01
Unloading / Loading Hose Failure 0.1
Once per 100 times operated (can be modified
Operator Failure (if considered in the analysis)
as HAZOP Team experience)
Filter or demister blocking HAZOP Team Experience
Complex Loop Failure 0.02
ESD Valve failure 0.02

10
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

2. Once initiating event is selected and consequences are shown (from


HAZOP), Process safety time is established:

It is the time between initiator set point and the damage if no protection is
triggered (it can depend of the cause). This value requires an order, not a
detailed calculation (this calculation need to be performed during SIF
design phase).

For example: < 1 minute, < 2 hours, etc.

3. Following parameters need to be selected:

• Enabling Factor (EN)

• Exposure Time Factor (ET)

• Occupancy Factor (OC)

• Vulnerability Factor (VU)


11
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Enabling Factor (EN)

This parameter is used to fix initiating frequency, due to not always that the
initiating event occurs, final consequence happens.

Amount of LOC Toxic Flammable AIT

Large 1 0.1 1

Small 0.1 0.01 0.1

Exposure Time Factor (ET)

For some scenarios, hazardous event can be only possible under some
conditions, for example during maintenance or during start-up. This parameter
adjusts this situation, selecting the percentage of the time when this condition is
present.

For example, if start up occurs one day (24 hours) every six months, this value will
12 be 1/180.
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Occupancy Factor (OC)

As operator can be present in potential hazard area or not, this value try to fix this
issue.

Occupancy Factor

Operator is likely to be near the hazard* 1

Default value 0.1

Scenario affecting a restricted area (dikes) 0.01

(*) Applicable for start-up, maintenance and any activity that needs operators
involved (e.g. loading and unloading).

13
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

Vulnerability Factor (VU)

This parameter corrects the possibility of injured people evacuation and treatment.

Vulnerability Factor
Evacuation is not easy (from platforms, structures, etc) 1

Evacuation is possible (ground level and injuries can be 0.1


medically treated)

14
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

4. Once parameters of one scenario have been selected, Frequency of


Unmitigated event (FU) can be calculated:

FU = FIE x EN x OC x ET x VU

OC and VU are not used for economical, reputation or environmental impact

5. Next step is checking safeguards to identify IPLs. If they are, assign IPL
credits for them.

Not all the safeguards are IPL but all IPL are safeguards. An IPL needs to achieve
following criteria.

15
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

IPL criteria:
Specificity: Should be specifically designed to prevent a consequence or
a dangerous situation by itself. An IPL is designed solely to prevent or to
mitigate the consequences of one potentially hazardous event (for
example, a runaway reaction, release of toxic material, a loss of
containment, or a fire).
Independence: An IPL is independent of other protection layers
associated with the identified danger and also of scenario initiator.
Reliability: Should be sufficiently reliable to prevent consequences from
occurring; the probability of failure on demand must be 10% as minimum.
Auditability: It should be possible to test and maintenance should be
easy, so that its capacity for risk reduction can be maintained throughout
its lifetime.

16
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE
PFD
Independent Protection Layer RRF IPL Credit
(1/RRF)
Pressure Relief Device (mechanical safety trip) for clean service 100 0.01 2

Pressure Relief Device (mechanical safety trip) for dirty service 10 0.1 1

BPCS, when independent of initiating event (including control system)


10 0.1 1
and is not subject to dormant failures
10 to 100
Internal mechanical safety trips that are independent of the ESD or (Based on actual
BPCS (vibration monitoring, bearing temperature, electric current operating 0.01~0.1 1/2
monitoring, etc.) experience with
similar device)
Operator response under high stress, average training 1 1 0

Operator response to Alarms with procedures, low stress, recognized


10 0.1 1
event and least 5 minutes to respond (action form control room)

Double Check Valves designed for the hazardous scenario (gases) 10 0.1 1

Single Check valve designed for the hazardous scenario (liquid) 10 0.1 1
Personnel Protection Equipment in restrict area 10 0.1 1
Dike (only take credit for environmental issue) 100 0.01 2
Blast wall/ Bunker 1000 0.001 3
Flame/ Detonation arrestor 100 0.01 2
Double mechanical seal (or similar) 10 0.1 1
Inherent Safe Design (design condition, mechanical stop, flow orifice, Scenarios with this safeguard are not to be analyzed in the
etc. ) SIL due to they are covered.
17
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

6. Frequency of Mitigated (FM) scenario can be calculated:

7. As SIF risk reduction has not been used in calculus, required risk
reduction is calculated for each scenario:

8. Overall RRF is calculated (sum of individual RRF) to get final RRF of the
SIF and therefore, SIL.

18
Purpose and Scope SIL(LOPA) Procedure

2. SIL PROCEDURE

9. If it is needed any recommendation, it can be recorded as during HAZOP


study.

This recommendation can be to perform another study or to implement a new IPL


for SIL reduction. It is not needed to recommend that SIL can be verified (it is a
conclusion of the SIL study).

19
20

You might also like