Professional Documents
Culture Documents
LC
LC
1 1
FC
1 FC
1
TC
2 TC
1
F
4
fuel
T
10 T
11
T
12
T
13
Staying home 3
Traveling by automobile 57
Traveling by airplane 240
Cigarette smoking ???
What is the fatality rate/year for the chemical industry?
Question: What is the fatality rate (/year) in the
chemical industry?
“Unacceptable risk”
(events/year)
1.00E-08
“Acceptable risk”
1.00E-09
1 10 100
“Choosing Appropriate Quantitative Safety Risk Criteria Applications from the New CCPS Guidelines” by Walt Frank (Frank Risk
Solutions, Inc.) and Dave Jones (Chevron Energy Technology Company)
Some Published F-N Plots
Lees, F. (1996) Loss Prevention in the Process Industries 2nd Ed., Vol. 1, page 9/83.
Safety Layer of Protection Analysis
2. Determine the risk for system
considered
P
L
2
independent
Initiating I Safe/
event, f I P tolerable
L
1
The probability that the unsafe consequence will occur is the product of the
individual probabilities.
n
f i f i ( PFD)ij
C I
j 1
Data Source
The maximum frequency or The F-N plot or similar analysis.
probability of an accident, (A sample F-N plot is given in
fi max = F Figure 5.16.)
The risk that each barrier to the Historical data from a company or from
accident propagation will fail on publications
demand, PFDij
Safety Layer of Protection Analysis
2. Determine the risk for system
Table 5.13 Typical Frequencies of Initiating Events (f Ii)
(From CCPS, 2001, Table 5.1)
Initiating Event Frequency
(events/year)
-5 -7
Pressure vessel failure 10 to 10
Piping failure (full breach) 10-5 to 10-6
Piping failure (leak) 10-3 to 10-4
Atmospheric tank failure 10-3 to 10-5
Turbine/diesel engine overspeed (with 10-3 to 10-4
casing breach)
Third party intervention (impact by 10-2 to 10-4
backhoe, etc.)
Safety valve opens spuriously 10-2 to 10-4
Cooling water failure 1 to 10-2
Pump seal failure 10-1 to 10-2
BPCS loop failure 1 to 10-2
Pressure regulator failure 1 to 10-1
Small external fire 10-1 to 10-2
Large external fire 10-2 to 10-3
Operator failure (to execute routine 10-1 to 10-3 (units are events/procedure)
procedure, assuming well trained,
unstressed, not fatigued)
Safety Layer of Protection Analysis
3. Reduce the risk to achieve the target
Event Likelihood
n
Mitigated likelihood = fi C
fi ( PFD)ij f i max
I
j 1
Safety Layer of Protection Analysis
Process examples
Class Exercise 1: Flash drum for “rough” component separation for this
proposed design.
cascade
PAH Vapor
Split range TC-6 PC-1 product
T1 T5
Feed T2
Methane LAL
Ethane (LK) LAH
Propane FC-1
T3 LC-1
Butane
Pentane
F2 F3
Liquid
AC-1 product
Process Steam L. Key
fluid
Safety Layer of Protection Analysis
Process examples
Class Exercise 1: Flash drum for “rough” component separation.
Complete the table with your best estimates of values.
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 High Connection Pressure sensor
pressure (tap) for does not
pressure measure the
sensor P1 drum pressure
becomes
plugged
cascade
PAH Vapor
Split range TC-6 PC-1 product
T1 T5
Feed T2
Methane LAL
Ethane (LK) LAH
Propane FC-1
T3 LC-1
Butane
Pentane
F2 F3
Liquid
AC-1 product
Process Steam L. Key
fluid
Safety Layer of Protection Analysis
Process examples
Class Exercise 1: Solution using initial design and typical published values.
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 High Connection 0.10 0.10 1. 1.0 1.0 1.0 .01 Pressure sensor
pressure (tap) for does not
pressure measure the
sensor P1 drum pressure
becomes
plugged
cascade
PAH Vapor
Split range TC-6 PC-1 product
PAHH
P-2
T1 T5
Feed T2
Methane LAL
Ethane (LK) LAH
Propane FC-1
T3 LC-1
Butane
Pentane
F2 F3
Liquid
AC-1 product
Process Steam L. Key
fluid
Safety Layer of Protection Analysis
Process examples
Class Exercise 1: Solution using improved design and typical published values.
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 High Connection 0.10 0.10 1.0 0.10 1.0 PRV 0.01 .00001 Pressure sensor
pressure (tap) for does not
pressure measure the
sensor P1 drum pressure
becomes
plugged The PRV must
exhaust to a
separation
(knock-out)
Enhanced design includes The enhanced design achieves drum and fuel or
flare system.
separate P sensor for alarm the target mitigated
and a pressure relief valve. likelihood.
Verify table entries.
Safety Layer of Protection Analysis
Process examples
Class Exercise 1: Each IPL must be independent.
PIC
1
AT PI
1 4
FT
1 TI
PI
1
5
TI
5
TI
2
feed
TI
6
PT
1
TI
3
TI
7 TI TI
TI 9 10
4
FT TI
FI
2 8 TI
3
11
PI PI PI
2 3 6
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 Combustibles Limited air
in stack, fire supply
or explosion because air
fan/motor
fails
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 No/low air Failure of 0.10 0.10 1.0 1.0 1.0 ------ 0.01
flow to the air
heater fan/blower
burners
Alarm PIC
1
AT PI
1 4
FT
1 TI
PI
1
5
TI
5
TI
2
feed
TI
6
PT
1
TI
3
TI
7 TI TI
Flow
TI 9 10
4
control
FT TI
FI
2 8 TI
3
11
PI PI PI
2 3 6
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 No/low air Limited air 1.0 0.10 1.0 0.10 0.01 0.0001
flow to supply
heater because air
burners fan/motor
fails
PIC
1
AT PI
1 4
FT
1 TI
PI
1
5
TI
5
TI
2
feed
TI
6
PT
1
TI
3
TI
7 TI TI
TI 9 10
4
FT TI
FI
2 8 TI
3
11
PI PI PI
2 3 6
PIC
1
To SIS
AT PI
1 4
FS
FT
1 TI
PI
1
5
TI
5
FAH F
TI
2
feed
TI
6
PT
1
TI
3
TI
7 TI TI
TI 9 10
4
FT TI
FI
2 8 TI
3
11
PI PI PI
2 3 6
Kletz (2001) emphasizes the necessity to avoid “jiggling” the values, i.e.,
selecting the values (usually by using lower failure rates) to justify a simpler, less costly
design. Such a practice would be unethical and could lead to serious consequences.
Engineers are urged to, “call them like you see them” (CCPS, 1992), which
means to make your best safety recommendations without being unduly
influenced by cost, project deadlines, management’s preconceived ideas and so
forth.
Set Goals
• Define process scope
• Define data resources
• Define F-N tradeoffs
Hazards and Operability Safety study leader Boss
References
Dowell, A. and D. Hendershoot, Simplified Risk Analysis - Layer of Protection Analysis, AIChE National Meeting, Indianapolis, Paper
281a, Nov. 3-8, 2002
Dowell, A. and T. Williams, Layer of Protection Analysis: Generating Scenarios Automatically from HAZOP Data, Process Safety
Progress, 24, 1, 38-44 (March 2005).
Gulland, W., Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons,
http://www.chemicalprocessing.com/whitepapers/2005/006.html
Haight, J. and V. Kecojevic, Automation vs. Human Intervantion: What is the Best Fit for the Best Performance?, Process Safety
Progress, 24, 1, 45-51 (March 2005)
Melhem, G. and P. Stickles, How Much Safety is Enough, Hydrocarbon Processing, 1999
Wiegernick, J., Introduction to the Risk-Based Design of Safety Instrumented Systems for the Process Industries, Seventh International
Conference on Control, Automation, Robotics and Vision, Singapore, Dec. 2002.