Instrumentation and Control

Add to Cart

Safety Instrumentation

Safety Instrumentation. Modern process and energy facilities are highly instrumented. The instruments are used to monitor on-going process conditions, provide information to the operating technicians, adjust operating variables, and take corrective action should process conditions move outside the safe range through the use of alarms, interlocks, and trips will all bring the system back to a safe state. This ebook provides an overview of instrumentation and its role in ensuring safety.

Safety Instrumented Systems

Safety instrumentation is often organized so as to be a part of a Safety Instrumented System (SIS) which is composed of a separate and independent combination of sensors, logic solvers, final elements, and support systems that are designed and managed to achieve a specified safety level. The SIS sets one or more Safety Instrumented Functions (SIF), each of which is related to a specific hazardous event. The SIF will initiate an action such as shutting down a process, opening a pressure relief valve or releasing fire suppressants.

The only purpose of an SIS is to respond to unsafe conditions. It has no normal control function and it is completely separate from the normal control system. The first action of an SIS will be to shut down the process automatically, regardless of what the operating instruments are doing. If that is not sufficient the fire and gas system is initiated (for example, an automatic deluge may be started).

A fully automated SIS should be installed when the consequences of an out-of-control situation could lead to a serious safety or environmental event or if the facility is unattended. An SIS can also be used if a shutdown involves a complex set of actions that may not be followed properly by the operators or if they cannot respond quickly enough to what is taking place or if they are presented with too much information to respond correctly.

All of the elements in an SIS (measurement devices, logic systems and actuators) must be highly reliable. The SIS management system should define how an owner/operator intends to assess, design, engineer, verify, install, commission, validate, operate, maintain, and continuously improve their SIS.

A critical part of the maintenance function is proof testing of the instrumented system in order to ensure that everything is working and performing as expected. Testing must include the verification of the entire system, logic solver, sensors, and final elements. The interval is the period of time that the testing occurs. The testing frequency varies for each SIS and is dependent on the technology, system architecture, and target SIL level.

The instrumentation settings in the SIS cannot be changed by the operations personnel. An extremely thorough safety review and Management of Change (MOC) analysis must be carried out before these critical alarm values can be modified.

At the heart of an SIS system is a quantitative risk analysis. Rather than providing a prescriptive formula to do with instrument and controller settings the analysis is used to determine the quantitative level of risk with the plant in its current configuration. Field data are collected through operational and mechanical integrity program activities to assess actual SIS performance. The calculated value is compared to, and compares that value with the desired value of risk. If there is a gap, i.e., if the calculated risk is higher than the desired value, then an SIS is needed.

With regard to the design of critical instrumentation and safety systems the following guidance should be considered:

• Provide critical systems with their own sensors, signal transmitters, and actua­tors or operating parts, separate from the process control functions.
• Design critical alarms and safety interlock systems to fail to a safe condition on loss of power or instrument air.
• Monitor and alarm critical process variables directly, not indirectly. For instance, if low flow to a furnace is a concern, monitor the flow should be measured directly rather than interpreting other variables such as temperature or pressure that may indicate low flow.
• Manual activating controls (switches, pushbuttons) must be accessible during the fire or release. As a general rule, the controls should be located at least 20 meters from the protected equipment. More spacing may be required depending on the layout of the plant and the type of hydrocarbon being handled.
• Safety interlock systems should have pre-shutdown alarms to warn that a trip is impending. This enables the operator to take corrective action if time permits before the shutdown actually occurs.
• Safety interlock systems should have a manual reset so that the process remains shut down until it is manually cleared by the operator. A manual reset eliminates the potential hazards of the protective system clearing (and the shutdown valve opening) before the condition that caused the shutdown has been investi­gated and rectified.
• Power supplies and distribution should allow non-safety-related equipment to be shut down for maintenance without impairing the safety interlock system operation.
• Whenever possible, the safety interlock system should be used to shut down equipment as part of a planned shutdown in order to test the protective system.
• Safety interlock systems should be well labeled and visible.

Generally ESD (Emergency Shutdown) valves should be provided at all battery limits, on all hydrocarbon product streams to storage. They should have the following attributes:

• Fail Closed (FC) on failure of air or electrical power.
• Supplied with power from the Uninterruptable Power Supply (UPS).
• Fire safe (valve and actuator).
• Provided with position transmitters and indicators.
• They should never be used for process control.

Table of Contents

Introduction 
Operating / Safe Limits
Process Control
Distributed Control Systems
SCADA
Safety Instrumented Systems
   Safety Integrity Level
   Testing and Inspection
HIPPS
Fire and Gas Detection
   Fire Detection
      Flammable Gas Detection
      Fire / Flame Detection
      Heat Detection
      Fusible Links
      Smoke Detection
      Ultrasonic Detectors
      Closed-Circuit Television
      Detection by Persons
   Toxic Gas Detection
   Layout of Detectors
   Portable Gas Detectors
Alarm Systems
   Alarm Signaling
   Response to Alarms
   Response Matrix
   Limitations
   Alarm Flooding