safety in control design

7/30/2019 Safety in Control Design

1/23

INSTRUMENTATION ANDCONTROLS FOR SAFETY

M. B. Jennings

CHE 185


2/23

INHERENTLY SAFE DESIGN

PROCESS RISK MANAGEMENT METHODS USEDDURING THE DESIGN PHASE CAN BE PUTINTO 4 CATEGORIES: Inherent

PassiveActive

Procedural

TARGET IS A FAIL-SAFE INSTALLATION

FROM: Dennis C. Hendershot and Kathy Pearson-Dafft, Safety ThroughDesign in the Chemical Process Industry: Inherently SaferProcess Design , AIChE Process Plant Safety Symposium,27OCT98


3/23

INHERENT SAFETY DESIGN

Inherent Eliminating the hazard by usingmaterials and process conditions which are non-hazardous.

Minimize Reduce quantities of hazardous substances

Substitute Use less hazardous substances

Moderate Use less hazardous process conditions, lesshazardous forms of materials, or configure facilities tominimize impact from hazardous material releases or

uncontrolled energy release Simplify Configure facilities to simplify operation


4/23

PASSIVE SAFE DESIGN

Passive Minimizing the hazard by processand equipment design features which reduceeither the frequency or consequence of the

hazard without the active functioning of anydevice.

Location of facilities separation of ignitionsources and fuels from other facilities

Design equipment for design pressure in excess ofthe adiabatic pressure from a reaction.


5/23

ACTIVE SAFE DESIGN

Active Using facilities to detect and correctprocess conditions:

controls

safety interlocks

monitoring systems for hazards that develop overa long term

and emergency shutdown systems to detect andcorrect process deviations.


6/23

PROCEDURAL SAFE DESIGN

Procedural Prevention or minimization ofincident impacts using:

Safe operating procedures and operator

trainingAdministrative safety checks

Management of Change

Planned emergency response


7/23

DESIGN IN OVERALL SAFETY MANAGEMENTArt M. Dowell, III, Layer of Protection Analysis, 1998 PROCESS PLANT SAFETY

SYMPOSIUM, October 27, 1998 Houston, TX


8/23

DESIGN OF SAFETY INSTRUMENTED SYSTEMS

ACTIVE INHERENTLY SAFE DESIGNPROCEDURE (Separate instrumentationand control component in CHE 165

Design) First Level Alarm systems for out of

range situations and operator action

Second Level Interlock systems toautomatically activate safety devices

Third Level Devices to minimize impact

of out of control conditions


9/23

USE OF HAZAN AND HAZOP

PHAs (Process Hazards Analysis) Areused to define areas of concern

HAZAN and HAZOP provide a summary

of the type of risk associated withvarious process locations and operations

Frequency should be determined

Intensity should be determined


10/23

OVERPRESSURIZATION EXAMPLE

OVERPRESSURIZATION IS THE SUBJECT OFNUMEROUS CODES & REGULATIONS

AIChE Design Institute for Emergency ReliefSystems (DIERS)

OSHA 29 CFR 1910.119 Process SafetyManagement of Highly Hazardous Chemicals

NFPA 30 Flammable & Combustible Liquids

API RP 520 and API RP 521 Pressure Relieving

Devices and Depressurization SystemsASME Boiler & Pressure Vessel Code

ASME Performance Test Code 25, Safety & ReliefValves


11/23

SOURCES OF OVERPRESSURIZATION

API 521 LISTS THE FOLLOWINGCATEGORIES OF SOURCES

API RP

521 Item

No.

Overpressure Cause API RP

521 Item

No.

Overpressure Cause

1 Closed outlets on vessels 10 Abnormal heat or vapor input

2 Cooling water failure to condenser 11 Split exchanger tube

3 Top-tower reflux failure 12 Internal explosions

4 Side stream reflux failure 13 Chemical Reaction

5 Lean oil failure to absorber 14 Hydraulic expansion

6 Accumulation of noncondensables 15 Exterior fire

7 Entrance of highly volatile material 16 Power failure (steam, electric, or other)

8 Overfilling Storage or Surge Vessel Other

9 Failure of automatic control


12/23

FIRST LEVEL DESIGN

HOW ARE SOURCES ADDRESSED FOR ASTORAGE TANK?

Item 1 in previous list - Closed ou t lets on vessels

Would be a concern for a nozzle used for pressure control

in the tank, during filling operations. Perhaps a temporary blind flange would have been left in place after a

maintenance operation.

A pressure relief valve may malfunction.

A PAH pressure switch (

P) could be installed if there wasmeasurable difference between the Normal Operating

Pressure and the Maximum Allowable Working Pressure.


13/23

SECOND LEVEL DESIGN

HOW ARE SOURCES ADDRESSED FOR ASTORAGE TANK? Item 1 in previous list - Closed ou t lets on vessels

Add a pressure relief valve to allow gas to leave thetank and be directed to an appropriate flare orscrubber.

Set point needs to be at or slightly above theMaximum Allowable Working Pressure

Need an interlock to: Alarm to indicate valve has been activated and receiving

unit (flare or scrubber) is activated.

Shut down a valve in the tank fill line and/or shut off apump used for filling.


14/23

THIRD LEVEL DESIGN

HOW ARE SOURCES ADDRESSED FOR ASTORAGE TANK?

Item 1 in previous list - Closed ou t lets on vessels

Add a rupture disc to relieve to either a flare or

scrubber.

This level is to protect the equipment from failure

on a major scale

Need to have an indication that the rupture dischas opened typically a wire across the disc

Need to determine actions necessary when the

disc opens

stop filling, start flare, etc.


15/23

OTHER DESIGN CONSIDERATIONS

A large storage tank is filled manually byan operator opening and closing a valve.Once a year, the tank overfills as the

operator is distracted by other activities.A high pressure alarm is added to thetank. After the alarm is added, the tankis typically overfilled twice a year.

Why?


16/23

EXAMPLE 1

After the alarm was installed, theoperator relied on it to indicate a highlevel and did not supervise the filling

closely. The alarm loop turned out tohave a failure rate of twice per year, sothe system was not as reliable as themanual operation.


17/23

OTHER CONSIDERATIONSEXAMPLE 2

Fail-safe valves are either Air-to-Open or Air-to-Close, which equate to Fail Closed and FailOpen, respectively. Recommend the correctvalve for the following processes:

1. Flammable solvent heated by steam in a heatexchanger. Valve is on the steam supply line.

2. Exothermic reaction. Valve is on the reactantfeed line.

3. Endothermic reaction. Valve is on thereactant feed line.

4. Gas-fired utility furnace. Valve is on the gassupply line.


18/23

EXAMPLE 2 - CONTINUED

SPECIFY EITHER FAIL-CLOSED OR FAIL-OPEN FOR THE VALVES IN THESE SYSTEMS

5. Remote-operated valve on the drain for astorage tank.

6. Remote-operated valve on the fill line to astorage tank.

7. Gas-fired Combustion furnace. Valve is on

the air supply line.8. Steam supply line. Valve controls the

downstream steam pressure from the boiler.


19/23

EXAMPLE 2SOLUTIONS 1

1. Valve to FAIL-CLOSED to preventoverheating the solvent

2. Valve to FAIL-CLOSED to avoid a

runaway reaction3. Valve to FAIL-CLOSED to avoid reactor

thermal stresses.

4. Valve to FAIL-CLOSED to stop gas flowto uncontrolled combustion.


20/23

EXAMPLE 2SOLUTIONS 2

5. Valve to FAIL-CLOSED to preventdraining material from tank

6. Valve to FAIL-CLOSED to prevent

overfilling tank7. Valve to FAIL-OPEN to maximize air

flow to furnace

8. Valve to FAIL-OPEN to avoid localizedoverpressure of line


21/23

EXAMPLE 3

4 kg of water is trapped in between inletand discharge block valves in a pump.The pump continues to operate at 1 hp.

What is the rate of temperature increase inC/hr if the cP for the water is constant at 1kcal/(kg C)?

What will happen if the pump continues to

operate?


22/23

EXAMPLE 3 SOLUTION - 1

Assume adiabatic conditions for thecalculations: Set up a heat balance:Q m Cp T Tref

Take the derivative with respect to time and

rearrange to getdQ

dtm C

p

dT

dt . And

resolving to getdT

dt

1

m Cp

dQ

dt

Using conversions:1 hp 0.178kcal

sec

m 4 kg dQ/dt 0.178kcal

sec Cp 1

kcal

kg C

dT/dt1

m CpdQ/dt dT/dt 160.2

C

hr

3 SO O 2


23/23

EXAMPLE 3 SOLUTION - 2

Allowing the pump to continue to runwill eventually result in high pressuresteam formation. This could result in the

pump exploding. Adding a thermal switch or a high

pressure switch to shut down the pumpcan prevent this from occurring.

safety in control design

Documents