Safety and risk

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Vessel design code by PED

+10% for all pressurised equipment with DP> 0.5 barg under all circumstances

Potential loss of containment, examples of equipment failures

- Corrosion - Improper material of construction - Brittle fracture - Gasket leak - Small bore piping failure - Seal leak from pump/ compressor - Furnance/ tube failure - Overheating/ exotherms - Over/ under pressure - Freeze up/ thermal expansion - Pipe line surge -Check valve/ safety failure - Hose/ loading arm failures - Bellows failure - Rupture from collision

Incident examples caused by hazards

- Fire/ explosion - Reactor rupture - Asset loss - Business (profit) loss - Personal injuries -Long term health issues - Pollution - Impact on public (smoke, chemical exposure)

Potential ignition sources

- Fired equipment/ Hot surfaces (controlled by equipment spacing) - Maintenance hot work (controlled by work permit system) - Electrical equipment (controlled by work permit system and electrical area classification) - Vehicles (controlled by work permit system and plant layout/ spacing) - Electrostatic ignition (controlled by earthing, design and procedures) - Lighting (controlled by earthing structures)

Hazard Control

Risk is a measure of hazard release potential -Prerequisite (know/understand hazard) -Minimise hazard and risk through inherently safer design -Minimise release potential through designed and procedural control measures Design Checklist -Tests the design for robustness/ compliance (relies on historical experience for typical/mature processes) -Relatively quick and flexible (can be used for new design or as part of existing facility audit program)

SIS

Safety Instrumented Systems

SIF

Safety instrumented functions monitors a unique process variable or variables and takes a specific action when a prescribed limit is exceeded Each has its own availability target defined by the process designer

SIL

Safety integrity level Defined availability ranges for standardising protective equipment design and certification

Pressurised tanks

Stores materials that are vapour/Gas at normal atmospheric conditions (to volatile to store in CR or FR tank) Designed as a pressure vessel (above ground sphere, above group bullet, mounted drum (bullet)) more expensive Most VCE occur due to release of flashing liquids (flammable gases stored as liquid under pressure) Cannot have pump inside as it would be an ignition source

Auto ignition temperature

Temp at which vapours spontaneously ignite No need for ignition source In practice temp at which autoignition occurs > theoretical AIT

What is a hazard

a property or condition which can cause a unwanted event

What is a sunken roof often caused by

high rain fall and faulty drain tilts lid

Potential fuel air muctufes inside equipment

- Fired heaters - Decoking and catalyst regeneration - Air used for reaction- oxidation, sweetening etc - Air blowing lines - Vacuum systems - Fixed roof tanks - Tank trucks/ railcars/ barges/ ships - Sewers - Confined/ recessed areas - Flare system - Start up and shut down

Hazardous characteristics of materials

- Highly volatile (stored as liquid under pressure) - Highly toxic materials - Corrosive materials - Materials with potential for long term health impact - Highly unstable/ reactive materials - Very hot materials that need to be stored and handled >>100 degrees

Hazards of run away exothermic reactions

- Potential for rapid thermal decomposition causing deflagration/ detonation - High bulk temp can cause material to boil/vaporize. potential for contents to overpressurise and erupt from vessel -Reaction generates high volumes of gas which over pressures the reactor - secondary fire/explosion due to loss of primary containment

Potential loss of containment examples of operating procedures

- Taking equipment out of service >Equipment draining/ depressurising/ blinding - Bringing equipment back into service > Debinding - Tank/ tanker filling - Tanker gassing/ frothovers > Routing light product to tank > Routing water to hot tank/ Hot product to cold tank - Purging / venting - Draining water - Sampling

Floating roof tank

- Tank roof floats on top of the liquid surface and rises/falls as the liquid level in the tank changes - There is no vapour space between the liquid and roof -Used for storing materials st temperature > Flash point - not suitable for liquids with TVP true vapour pressure > 0.9 bar a (will overcome atmospheric pressure and roof will come off) - Fight fire with foam powder

Cone roof tank

- Tank roof is fixed - There is always a vapour space above the liquid level -Used for storing materials at temperature < Flash point (so no fuel evaporates to make a air-fuel mix, stops explosion) - Fight fire with water as roof is sealed - Should have frangible roof (weak shell to roof stem) - Tank Dike should surround to provide secondary containment

Buncefield explosion (2005)

- Tank was receiving a pipeline transfer of gasoline, then the tank level gauge indicated a static level but the flow of gasoline was unchanged and level in tank started to rise - Tank overflowed and a vapour cloud had spread - series of explosions occurred damaging commercial and residential property, 43 people injured - ignition source was electric fire pumps - Tank was fitted with level instrument, independent LHA and LHCO (level instrument had stuck, LHCO and alarm did not work, workers allowed tank to exceed high alarm) - alarm was very easily accidentally disabled - explosion severity was far greater than normally expected for VCE (tests and analysis have shown that congestion due to trees along adjacent lane may be responsible for higher overpressures

Flixborough VCE 1974 primary causes

- Tempary bypass around reactor 5 not been properly engineered or reviewed > No engineering drawing prepared only basic calculations > Lack of necessary engineering expertise > Maintenance team didn't recognise that offset piping created bending moment and high shear forces at bellows - No structured process for reviewing and authorising changes - Occupied buildings not blast resistant and too close to process area

Flixborough VCE 1974 process description result

- VCE - 28 employees killed 36 injured - Damage to plant - 53 members of public injured and 1800 houses damaged

Mond index

- based on dow index, modified to address wider scope of hazards - includes plant layout and separation between hazardous units

Control measures for a runaway reaction

- emergency cooling facilities - chemical inhibitor injection to suppress reaction or poison catalyst - drown out or quenching (use an inert medium to quench and dilute reactants, may need to dump contents in secondary vessel if space is insufficient in reactor) - provide adequately sized emergency venting facilities (bursting disc) and consider hazards of venting to atmosphere and need for scrubber tower/ containment facility - protective instrument systems can be used to automate some or all of these control measures (reduce human intervention) - consider inherently safer design (semi batch with gradual addition of reactants, use CSTR, use smaller reactor volume, design reactor to withstand worst case temp/ pressure conditions)

Buncefield recomendations

- provision of independent LHA and automatic overfill protection - all elements of overfill protective system should be tested (eliminate use of internal floats) - use of gas detection, CCTV to provide early detection of loss containment - modified design of new tanks to reduce risk of aerosol/vapour formation in the case of tank overflow - industry to share incident / near miss data - develop process safety indicators

Pilot operated PRV

-Avoids spring and is less susceptible to valve chatter -

Hazard control hierarchy

-BPCS -Independent alarms (software) -SIS -Hardware protective systems e.g. pressure relief devices

Basic Process Control System

-Designed to maintain the process within a defined safe operating window -Can be credited as an IPL providing that it satisfies the four requirements and that failure of the BPCS is not the initiating event For example; level in a drum is controlled by a level instrument that controls the bottom outlet valve. The level instrument also activates a high level alarm > If failure of the level instrument was the initiating event, then this would also defeat the normal function of the level controller and alarm > However, if the cause of high level was a blockage in the drum outlet, then the BPCS would try to open the outlet valve to control the drum level and if unsuccessful the alarm would sound

Examples of closed systems that pressure relief devices can discharge to

-Dump tank/scrubber/quench vessel -Flare ring main connected to an elevated flare stack (is a closed system as chemicals do not come into contact with atmosphere as it is burnt off) -For older facilities PRVs are often routed to atmosphere proving material is not liquid phase

What must something be to qualify as an IPL

-Effective in preventing the unwanted event from occurring when it functions as designed -Independent of the initiating event and the components of any other IPL for which credit has already taken in mitigating the same scenario -Auditable; the effectiveness of the device must be capable of being validated in some way (e.g. routine instrument test, visual inspection, documented procedures and training) -Documented; failure to adequately document the IPL increases the possibility of future changes that may adversely impact its effectiveness

Hierarchy of controls

-Elimination (most effective)- physical removal of the hazard -Substitution- replace the hazard -Engineering controls- isolate people from the hazard -Administrative controls-change the way that people work -PPE (personal protective equipment) (least effective)- protect the worker

Reasons that safety instrumentation systems can fail

-Failure of electronic components/wiring/relays -Failure of logic processor (PLC) -False inputs e.g. blockage of instrument tappings due to debris, fouling/waxy process material, freezing conditions -Final element (motorised valve) sticks in open position

Near miss examples caused by hazards

-Flammable releases/spills - Reactor temperature excursion -Fuel, air mixtures inside equipment

PRV disadvantages

-Increased risk of blockages due to corrosion products -Valve seat leakage -PRV inlet and outlet pipework pressure drop needs to be low to avoid instability (PRV chatter) -Slower response time (potentially dangerous) (tenths of a second up to >1 second)

SIS key design features

-Independent e.g. no point sharing the same power supply as the basic control system that just failed -Fail-safe, if the power or actuating signal fails system goes into its safe condition -Maintained/Testable, it should be possible and safe to test the function periodically to maintain assurance that it will work on demand -Well documented, future engineers/managers understand what it is protecting and how reliable it needs to be. Essential for future management of change

Examples of hazards in refineries and chemical sites

-Inherent hazards- pipe containing chlorine, LPG sphere, furnace etc -Avoidable hazards- corroded pipe carrying LPG, incorrect flange gasket material, faulty level instrument etc

What could cause overpressure

-Instrument air failure -Steam failure wide open -Electric power failure (valves) -Blocked outlet-operator error -Cooling water failure -Loss of reflux -Tube rupture -External fire

FR tank hazards

-Liquid overfill (as for CR) - Tank overheating (as for CR) -Vapour release/ fire, high vapour pressure material or gas blow through (control with THA rundown to tankage, LLCO on upstream) - Tank roof sinking (control with roof drain, routine operator checks, multiple pontoon roof design and maintenance) - Tank fire- vulnerability to lightning, rim seal fire, full surface fire (control as for CR and foam dam and FSF attack strategy)

Conventional PRV

-Springs open at a set differential pressure between inlet and outlet -For relieving pressure that is independent of outlet pressure, use bellows

How reliable does SIF have to be

-Start with an acceptable frequency of the unwanted hazardous event -Evaluate the initiating event frequency - Evaluate the reliability of the hazard controls that exist -Test: is the acceptable frequency achieved -If yes stop -if no then what is the gap

Hazards in a CR tank

-Liquid overfill (control using level indicators to control room, independent LHA and secondary containment) - Tank overpressure or vacuum (control with a P&V vent sized for max fill/pump out rate and fire case) -Ignition of flammable vapour space inside tank (Control with designing all electrical eq to meet zone 0 hazardous area, located safe dist from other eq/ ignition sources, electrostatic ignition (earthing/bonding, still well for gauging/ sampling, procedures like settling time to remove static)) - Tank overheating causing flammable vapour space fire (control with high temp alarm on inlet to tank and temp control and high alarm or cut out on tank/heater coil)

Pressurised storage hazards and control measures

-Liquid overfill (control with 3 independent level measurements and safety valve) - Tank overheating (BLEVE from sustained pool fire) (control with fixed water spray/deluge often automatic, fire proofing, sloped ground under tank) - Vapour release/fire (control with gas detection alarm, water flood to fill tank rapidly and float LPG up away from leak site) - Sampling and water draw off (freeze proof design)

Basic principles of inherent safety

-Minimise (reduce inventories, reduce vessel hold up, use loop reactor) - Substitute (use less hazardous materials, non flammable etc) - Moderate (carry out a hazardous reaction under less hazardous conditions, lower T/P) -Simplify (plants that run continuously and require minimal operator action have fewer incidents)

Active IPLs

-Move from one state to another in response to a specific change in a process variable -Examples; BPCS, SIS, pressure relief valve

Hazard rate

-Must control frequency that a hazardous event occurs e.g. spill, explosion, toxic exposure -Hazardous events usually start with an equipment malfunction or human error potentially leading to loss of containment -Loss of containment is either immediately consequential (e.g. a spill to water) or could become so if ignition takes place -Hazard rate (H)= demand rate (D) x failure of hazard controls -Start imagining consequences and then > Evaluate how consequence can happen > what the initiating event frequency is (IEF or D) > What dependant hazard controls exist to prevent it > What additional hazard controls are required

Bursting discs Disadvantages

-Non re-closing hence may allow large discharge even when pressure falls below relieving pressure -Potential for premature failure due to pressure pulsation, especially if the rupture pressure is close to the operating pressure -Rupture pressure affected by back pressure -Risk of incorrect assembly (upside down)

Passive IPLs

-Not required to take any specific action in order to achieve its objective -Function of IPL is achieved by correct process or mechanical design -Examples; secondary containment, fireproofing, blast resistant building, open vent, flame arrestors

LPG sphere BLEVE Elf refinery 1966

-Operator was draining water from sphere to local sewer -Valve partially blocked due to hydrate formation (sub-zero temp) -Blockage suddenly cleared when valve opened fully - Leak ignited by car on road nearby -90 min after fire BLEVE occurred - 15 killed 80 injured

PRV benefits

-PRV set pressure for actual device can be tested prior to installation and at routine intervals -Device should reseat after lifting once pressure has been reduced

Types of IPLs

-Passive IPLs -Active IPLs

Example pressure relief devices

-Pressure relief valves (spring loaded valve which opens at a given set pressure) - Pressure vacuum valves (typically for low pressure systems, use deadweights) - U seal or dip leg (for low pressure systems- hydraulic head provides back up fixed pressure) -Bursting disc (thin plate- ruptures at specified temperature)

SIL 1,2,3,4

-SIL 2 and above typically requires more design with built-in redundancy -SIL 2 is mostly used -Only a small % of SIL are SIL 3 and above (except in higher risk industries e.g. nuclear) as they are more expensive -Range of availability for SIL 1 is large so is often sub-divided into low and high SIL 1 or specify an availability target -SIL 1 availiability= 90-99 -SIL 2 =99-99.9 -SIL 3=99.9-99.99 -SIL 4= 99.99-99.999

SIS definitions

-Safety instrumented functions (SIF) -Availability target (AT) -Safety integrity level (SIL) -The probability of failure on demand (PFD)

Dow Fire and Explosion Index description

-Semi quantitative approach (numerical result) -Output provides an overview of risk exposure and not a specific list of potential deficiencies/hazards - Can provide estimate of max probable property damage -Useful in ranking different alternatives -Based on empirical analysis of actual events -Ideal = 1-60 -Should be disguarded if 128+

Closed disposal system-flare

-Sized to handle largest pressure relief demand, contains any liquid and to scrub or flare hazardous vapours -Emergency manual depressurisation of reactor systems -Multiple PRD activated due to failure of plant utility -Vent/Flare stack needs to be sufficiently elevated to ensure good dispersion and should be located away from public areas/process units to minimise exposure to radiant heat -Liquid seal drum and dip leg arrangement to prevent flash back from flare stack in to flare ring main -Alternative to flare is gas scrubbed and atmospheric vent which needs to be availiable at all times -Refinery flare -Remote

Balanced bellows PRV

-Spring opens at set inlet pressure regardless of outlet pressure -Bonnet needs to be vented safely in case bellows leak in service -Prone to chatter -Not easily corroded

Examples of safety instrumentation functions

-Temperature high cut-in (THCI)- quench/cooling activation for an exothermic reactor, some runaway reactions can be quenched -Level high cut-out (LHCO)- to prevent vessel overfill -Furnace flow cut out (FLCO)- to prevent tube rupture

Bursting discs benefits

-Very fast response time (milliseconds) -Less risk of a blockage than relief valves -Lower cost to install and maintain -Available in a wide range of materials -No leakage

Bursting discs

-When very rapid response required e.g. runaway reaction -When no leakage can be tolerated (e.g. corrosive/toxic -Cannot be tested so regularly replaced (only one use)

What reactive chemistry should be checked for a reaction before a change is made

-literature search, industry experience and lab data - conduct calorimetric tests - oxygen balance to identify if CHO compounds could decompose violently - from heat of reaction can estimate adiabatic temp rise - check if max temp is below temp which other reactions occur, reactants boil and gas evolution occurs

Cause of a run away reaction

-reactive chem not fully understood - reactants added in wrong quantities or order - contaminants - inadequate temp control - poor mixing (mixer not started or stopped during reaction) - inadequate emergency venting facilities - failure to take emergency action in event of high temperature

Individual risk (Fatal) per year

>1x10-4 (intolerable) 1x10-4<x<1x10-6 (tolerable if alarp (as low as reasonably practical)) < 1x10-6 (broadly acceptable

Initiating event frequency

Always preferable to use in house data/experience where available Next use failure/event data published by external sources The frequency of the initiating event needs to be expressed in terms of events per year > data may only be available in terms of PFD, or failures per number of operations carried out, or failures per hours use > convert to events per year by estimating number of operations or numbers of hours use per year

Independent protection layer

An IPL is a barrier (safeguard) that is capable of preventing a scenario from proceeding to its undesired consequence Each IPL has a PFD LOPA can be used to determine the number/type of IPLs required to reduce the risk of a scenario to an acceptable level

SIS availability

Availability describes how reliable the protective system needs to be Required reliability or availability target is defined by the process/safety engineer

AT

Availability target the required reliability of the SIF to manage the risk adequately

BPCS

Basic process control system

Types of tank for atmospheric storage

Cone roof tankage Floating roof tankage

Flixborough VCE 1974 process description

Cyclohexane oxidized to cyclohexone by injecting air with a catalyst Slow process 6 CSTRs used in series 155 degrees and 9 barg, liquid phase When released to atmosphere some liquid flashed odd creating vapour cloud

PRV capacity determination

Detailed overpressure contingency analysis needs to be carried out to determine required PRV capacity -Evaluate credible scenarios and calculate required relief load under these scenarios -EU PED requires that all foreseeable causes of overpressure be considered -Two unrelated events (double contingency) are not normally considered

How to measure a hazard

Dow Fire and explosion index Mond index

Dow Fire and Explosion Index calculation

F&EI= MF x F1 x F2 MF- material factor= measure of intrinsic rate of energy release due to fire or explosion -based on most dominant/ highest risk material present - Nf (flammability) x Nr (reactivity) F1- general process hazards range F1= add up penalty factors + base factor (1) F2- special hazards F2= add up penalty factors + base factor (1)

Basic flammable properties

Fire triangle Flammable limits Flash point Auto ignition temperature

Fire triangle

Fuel Oxygen Energy Need all 3 for fire Oxygen may be bound to fuel

Flammable limits

Fuel conc in air must fall within certain limits before it will combust Lower flammable limit and higher flammable limit

BLEVE prevention systems

Gas and fire detection Emergency block valves Drencher system Containment area slopes away from sphere Use of mounded drum (inherently safe)

Vapour cloud explosions

Gas or vapour escaping to atmosphere can form flammable mixture, if ignited causes explosion followed by fire Ignition of a flammable cloud in an open area will produce a flash back fire with low levels of overpressure Can produce damaging overpressure wave causing non blast resistant buildings to collapse, also result in secondary equipment failure

HAZOP

Hazard and Operability -Systematic thorough review of P&IDs using guide words -Time consuming and resource intensive (requires experienced multi discipline team) -Usually carried as part of project design or when making a significant change to existing facility -Effectiveness depends on experience of assessor and team and openness of site personnel

IPL

Independent protection layer

IEF

Initiating event frequency

Flash point

Lowest temp at which a liquid gives off enough vapour to form a flammable mixture with air Some hydrocarbon liquids released to atmosphere are not hot enough to give off enough vapour to be ignighted by ignition source Typically use closed cup flash point to characterise flammability for safe product handling/ storage

Loss control credit factors (LCCF)

LCCF= C1 x C2 x C3 C1- process control factors (emergency power, cooling, computer control, inert gas, hazard analysis, operating instructions) C2- material isolation factors (remote control valves, dump tanks, drainage, interlocks) C3- Fire protection factors (leak detection, steel protection, fire water supply, deluge, foam, monitors, cable protection)

Layers of protection analysis definition

LOPA A semi-quantitative technique to evaluate the effectiveness of independent protection layers (IPL) in reducing the likelihood or severity of a single, undesirable event scenario

Layers of protection analysis objective

LOPA DEmonstrate that sufficient IPL's exist to reduce an incident frequency down to an acceptable amount or determine what further protection is required

LOPA

Layers of protection analysis

PFD

Probability of failure on demand the chance that the safety instrumentation function will fail when required

Vessel design code by ASME

Relieving pressure shall not exceed MAWP (normally DP) by more than -3% for fired and unfired steam boilers -10% for vessels equipped with a single pressure relief valve -16% for vessels equipped with multiple pressure relief devices -21% for fire contingency

Chatter

rapid opening and closing of the valve and risk of fatigue/vibration failure

Batch and semi batch reactors

Used extensively in speciality chemical and pharmaceutical industry as have a low volume and can be used to make different grades/ products Can cause runaway exothermic reactions

Refrigerated storage

Used to store material that are vapour/Gas at normal atmospheric conditions (too volatile to store in CR/FR tank) Operates at low pressure (Tank is insulated, Liq boils off at controlled rate due to heat inputs, vapour is compressed back to liquid and refrigerated) Release of liq from refrigerated storage does not have same potential for VCE BLEVE scenario is also not credible Materials of construction need to be suitable for low operating temperatures (Brittle Facture)

Safeguards that are not normally IPLs

Visual area check (unless failure mechanism is slow and evident, and check is structured and recorded) Operating procedures (unless very simple and classified as safety critical) -Warning signs as cannot rely on people to follow

BLEVE

boiling liquid expanding vapour explosion Hazard is due to heat from fireball When vessel is exposed to fire the metal weakens, as liquid inside the vessel boils the vessel walls try out and metal surface T increases (metal softens, yields and ruptures releasing expanding liq vapour)

maximum probable property damage

function of F&EI and LCCF

Gas blow through protection

have two independent level controls

HAZID

hazard identification (What if- structured checklist or brainstorm and hazop)

Detonation

likely to occur inside confined space Flame front travel is at supersonic velocity producing shock wave which compresses and preheated reactants ahead of flame front Overpressure typically > 10 barg

Effect of scale up of rector on heat balance

rate of production proportional to volume Natural cooling capacity is proportional to surface area

Inherent safety

strives to avoid or reduce hazards rather than control them by add on systems - should be considered in early stages of design when choice of project technology and changes to design are more feasible

Where do vapour cloud explosions require the vapour cloud to be

the cloud to be in a congested area (due to presence of obstacles) Multiple obstacles increase turbulence of flame front increasing flame speed and magnitude of the pressure wave is more likely to occur with large vapour clouds (>0.5 t) Highly volatile liquids flash off to produce larger flammable vapour cloud for given leak/ hole size

Deflagration

typical of explosions resulting from flammable releases to atmosphere (Flash back fires, unconfirmed vapour clouds) Flame front travels at subsonic velocity Over pressure normally < 1 barg Fire is a slow form of deflagration

When are pressure relief valves required

vessel design codes require a pressure relief device to be provided unless the vessel is designed to withstand the highest pressure that it could be exposed to


Set pelajaran terkait

Chapter 3: Databases and Data Warehouses

View Set

Understanding Emotion - chapter 9

View Set

ch. 14 optional homework accounting 2

View Set

NUR 240 EAQ - Management of Care

View Set

MGMT100 Human Relations Mid Term Week 5 Study Guide

View Set

Nursing Fundamentals - Exam 1 Remediation Assignment

View Set

Musculoskeletal Care Modalities questions

View Set

Executive Assistant Interview Questions

View Set

Honors Chemistry Semester 2 Final Exam

View Set