eBook - ePub

Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis

English
ePUB (mobile friendly)
Available on iOS & Android

eBook - ePub

Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis

Book details

Book preview

Table of contents

Citations

About This Book

The book is a guide for Layers of Protection Analysis (LOPA) practitioners.It explains the onion skin model and in particular, how it relates to the use of LOPA and the need for non-safety instrumented independent protection layers. It provides specific guidance on Independent Protection Layers (IPLs) that are not Safety Instrumented Systems (SIS). Using the LOPA methodology, companies typically take credit for risk reductions accomplished through non-SIS alternatives; i.e. administrative procedures, equipment design, etc. It addresses issues such as how to ensure the effectiveness and maintain reliability for administrative controls or "inherently safer, passive" concepts.

This book will address how the fields of Human Reliability Analysis, Fault Tree Analysis, Inherent Safety, Audits and Assessments, Maintenance, and Emergency Response relate to LOPA and SIS.

The book will separate IPL's into categories such as the following:

Inherent Safety

eliminates a scenario or fundamentally reduces a hazard

Preventive/Proactive

prevents initiating event from occurring such as enhanced maintenance

Preventive/Active

stops chain of events after initiating event occurs but before an incident has occurred such as high level in a tank shutting off the pump.

Mitigation (active or passive)

minimizes impact once an incident has occurred such as closing block valves once LEL is detected in the dike (active) or the dike preventing contamination of groundwater (passive).

Frequently asked questions

How do I cancel my subscription?

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.

Can/how do I download books?

At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.

What is the difference between the pricing plans?

Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.

What is Perlego?

We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.

Do you support text-to-speech?

Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.

Is Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis an online PDF/ePUB?

Yes, you can access Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis by in PDF and/or ePUB format, as well as other popular books in Technologie et ingénierie & Santé et sécurité au travail. We have over one million books available in our catalogue for you to explore.

Information

Publisher

Wiley-AIChE

Year

2015

ISBN

9781118948729

Edition

Topic

Technologie et ingénierie

Subtopic

Santé et sécurité au travail

CHAPTER 1 INTRODUCTION

Layer of protection analysis (LOPA) is a simplified quantitative tool for analyzing and assessing risk. LOPA was developed by user organizations during the 1990s as a streamlined risk assessment tool, using conservative rules and order-of-magnitude estimates of frequency, probability, and consequence severity. When the method was shown to be an efficient means to assess risk, several companies published papers describing the driving forces behind their efforts to develop the method, their experience with LOPA, and examples of its use. In particular, the papers and discussion among the attendees at the Center for Chemical Process Safety (CCPS) International Conference and Workshop on Risk Analysis in Process Safety in 1997 brought agreement that a book describing the LOPA method should be developed. This led to the publication of the Concept Book Layer of Protection Analysis: Simplified Process Risk Assessment (CCPS LOPA) in 2001. Since its inception, the LOPA methodology has continued to evolve, and some companies have utilized or supplemented the methodology with more advanced techniques.

LOPA has grown greatly in popularity and usefulness since the publication of CCPS LOPA (2001) on the subject. Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis builds on LOPA by

Providing additional examples of initiating events (IEs) and independent protection layers (IPLs)
Providing more guidance for determining the value of each prospective initiating event frequency (IEF) and IPL probability of failure on demand (PFD)
Providing more information on the overall management systems, as well as other considerations specific to a particular IE or IPL, which are needed to support the use of the values provided in this document

This chapter will

Identify the audience for this book
Define the scope of this book
Describe differences between this book and CCPS LOPA (2001)
Recap the LOPA approach and provides a brief description of how the method has evolved since its inception
Discuss linkages between this book and other publications

1.1 AUDIENCE

This book is intended for the following readers:

Current practitioners of LOPA. It is assumed that readers of this book will have read, understood, and applied the principles of CCPS LOPA (2001). These practitioners may include process engineers, risk analysts, and process safety specialists. For this audience, Chapters 3 through 5 provide more information regarding the application of LOPA and additional examples of IEs and IPLs. Chapter 6 and the appendices contain guidance for analysts who want to supplement the LOPA approach with more detailed methods, such as fault tree analysis (FTA), event tree analysis (ETA), and human reliability analysis (HRA).
Executives who are considering expanding their corporate strategy for managing risk by adding LOPA to their existing risk analysis process. For the executive audience, Chapter 2 discusses key elements of LOPA and the management systems needed to support claims regarding IEF and IPL PFD values.
Project managers who want to ensure that a new process or process modification has sufficient layers of protection. LOPA is a tool for selecting and evaluating alternative design options and layers of protection that can be used during any phase of a capital project.
Engineers, chemists, operations and maintenance personnel, supervisors, department managers, and others who ensure that the technical and administrative requirements for each IE and IPL are met. The intent is to ensure that IEs occur at or below their assumed frequencies and that IPLs perform at least as well as their assumed PFDs. A major goal of this book is to reinforce the activities and documentation that are needed to achieve and maintain the estimates provided for each IEF and IPL PFD value. Chapters 3 through 6 are useful for this audience.

1.2 SCOPE

CCPS LOPA (2001) set the guidelines for using LOPA as an intermediate method between qualitative risk analysis typically used to support risk ranking following hazard evaluation/analysis and quantitative analysis as described in Guidelines for Chemical Process Quantitative Risk Analysis (CCPS 2000). This book builds on the foundation laid by CCPS LOPA (2001) by clarifying key concepts and reinforcing the limitations and the requirements of this method. The main scope of this book is to provide examples of IEs and IPLs and useful guidance on the activities and documentation needed to achieve and maintain the IEF and IPL PFD values suggested in this text. This guidance is intended to help companies or facilities develop appropriate values for their own LOPA protocols.

This document is not a second edition of CCPS LOPA (2001) and is not intended to change the basic criteria established for LOPA in that text. Rather, this document reinforces the basic criteria in CCPS LOPA (2001), providing examples where appropriate. However, since the publication of CCPS LOPA (2001), industry has developed further knowledge and understanding of the methodology through experience. Additional IEs and IPLs have been proposed, and some previously suggested IEF and IPL PFD values have been changed. As a result, practitioners have requested more details regarding the identification and application of IEs and IPLs in LOPA. CCPS has, therefore, seen the need to provide additional guidance for selecting an IE or IPL PFD value.

This document forgoes detailed explanations of the analysis and design requirements for safety controls, alarms, and interlocks (SCAI), since these requirements are addressed in other CCPS publications, such as Guidelines for Safe Automation of Chemical Processes (CCPS 1993) and Guidelines for Safe and Reliable Instrumented Protective Systems (CCPS 2007b), and in industry standards, such as IEC 61511 (2003) and ANSI/ISA 18.2 (2009). This document does provide guidance on the risk reduction that can be claimed in a Basic Process Control System (BPCS) or a Safety Instrumented System (SIS) and recommends specific design and management practices to support these claims. This document does not discuss the design of SCAI or other required activities to ensure the reliability of SCAI throughout their lifecycle. The reader should refer to the appropriate industry standards to ensure that the implemented instrumented system complies with good engineering practice.

This document excludes detailed explanations of conditional modifiers, which are probability factors used to estimate the likelihood of fires, explosions, and fatalities once a release has occurred. A limited amount of guidance was provided in CCPS LOPA (2001), and the topic is treated in more depth in the recent Guidelines for Enabling Conditions and Conditional Modifiers in Layer of Protection Analysis (CCPS 2013).

1.3 KEY CHANGES SINCE THE INITIAL LOPA CONCEPT BOOK

The initial CCPS LOPA (2001) book established the concept of layers of protection analysis and how it could be used to estimate risk. Since that time, LOPA concepts have been incorporated into a wide range of techniques, from simple scenario-based analysis of the potential for loss events to complex cumulative risk analysis of the potential for specific types of harm. LOPA has been applied throughout the process industry sector and has influenced the practice of risk analysis worldwide. After 12 years of use, the LOPA approach continues to evolve, and additional guidance has been provided. Below is a summary of the key changes from CCPS LOPA (2001).

The first significant change is in the more detailed discussion of the individual IEs and IPLs that are included in the text. Some values for IEFs and IPL PFDs were provided in CCPS LOPA (2001). Guidance was provided in general terms regarding the appropriate selection of IEFs and the underlying assumptions associated with the values selected. For IPLs, the basic requirements of independence, effectiveness, and auditability were discussed and some PFDs were provided; however, these topics were also covered in general terms. This book provides a data table for each IE and IPL that not only gives a suggested IEF or IPL PFD value but also provides the recommended design, operation, maintenance, and testing guidance associated with that value.

A second significant change is in the treatment of pressure relief systems and the differentiation in this document among different relief applications. General guidance on the use of relief valves and rupture disks as IPLs was provided in CCPS LOPA (2001). In this document, suggested values have been provided for relief systems of various types. The document also highlights the importance of having a strong management system in place to ensure that valves that can isolate relief devices from the process are maintained in an open position.

CCPS LOPA (2001) discussed the need for an IPL to be independent of other IPLs and of the initiating event. Common cause failure can occur when there is the potential for the failure of more than one component or system as a result of a single failure. The Guidelines subcommittee considered the potential for common cause failure when developing generic IPL PFD values for certain IPLs in Chapter 5. In the case of dual pressure relief valves in series, the suggested generic PFD valve for the combined system was adjusted to account for the potential for common cause failure due to the likelihood that both IPLs would be similar devices, maintained at the same time, and exposed to identical process conditions.

At the time of CCPS LOPA (2001), check valves were not generally considered to be valid IPLs due to a lack of data supporting their reliability. Since that time, understanding of check valve reliability has improved, assisted by more data that substantiates their reliability. (Refer to Appendix D for Example Reliability Data Conversion for Check Valves for more information.) Based on this data, cheek valves have been included as IPLs in this book

To determine whether an IPL will be effective, it is necessary to consider the timeline of a scenario. CCPS LOPA (2001) recognized that, to be effective, an IPL needs to have sufficient time to take action. However, the timeline of the progression of a scenario was not discussed in detail. It is important to understand how quickly a process deviation will be detected, how much time will be required to diagnose the situation, how rapidly the IPL will be able to act, and how much time will be required by the process to respond to the IPL action. This consideration of time dependency is discussed in detail in Chapter 3.

In LOPA, it is assumed that IPLs are challenged infrequently. However, as recognized in CCPS LOPA (2001), there are situations where IPLs are challenged frequently. This is referred to as high demand mode. In CCPS LOPA (2001), an IPL was considered to be in high demand mode if it was challenged at a frequency of more than twice the proof test interval. However, recent guidance (IEC 61508-4 Section 3.5.16) (2010) has redefined high demand mode as occurring when the IPL is challenged more often than once a year. This change has been reflected in Chapter 3.

CCPS LOPA (2001) Approach B allowed two orders of magnitude credit to be claimed on a BPCS logic solver if the BPCS was not the IE. However, it cautioned that IEC 61511 (2003) was moving toward publication and that future developments might affect this allowance. CCPS LOPA (2001) based its position on the assumption that the BPCS central processing unit (CPU) had at least two orders of magnitude better performance than the field devices. More recent field data demonstrate that the failure rate of a typical BPCS CPU is greater than 0.01/yr (PDS Data Handbook [SINTEF 2010]), so the BPCS CPU failure rate is comparable to many other electrical, mechanical, or programmable electronic devices. Section 5.2.2.1 discusses BPCS claims in more detail. This book addresses the requirements for claiming credit for two BPCS loops that share a single logic solver, whether as an IE and IPL or two IPLs. When claiming two orders of magnitude from a single controller, IEC 61511 (2003) requires that the system be designed and managed as a SIS.

In addition to addressing the number of credits that can be claimed in a BPCS controller, this document also adopted the new International Society of Automation (ISA) terminology issued in ANSI/ISA 84.91.01 (2012). In particular, the term “Safety Controls, Alarms, and Interlocks” (SCAI) has replaced “Instrumented Protective Systems” (IPS). The term “safety instrumented system (SIS) loop” is used to define the equipment necessary to execute identified safety instrumented functions (SIF). The analysis of the system is also emphasized in the estimation of the IE frequency and the IPL PFD provided by specific BPCS or SIS architectures. System analysis is critical to ensure that common cause and systematic failure potential is properly considered. Shared (or similar) equipment, procedures, and personnel increase this failure potential, so it is recommended that sources for common cause and systematic failure be carefully considered when assessing the performance of the instrumen...

Citation styles for Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis

APA 6 Citation

[author missing]. (2015). Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis (1st ed.). Wiley. Retrieved from https://www.perlego.com/book/992289/guidelines-for-initiating-events-and-independent-protection-layers-in-layer-of-protection-analysis-pdf (Original work published 2015)

Chicago Citation

[author missing]. (2015) 2015. Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis. 1st ed. Wiley. https://www.perlego.com/book/992289/guidelines-for-initiating-events-and-independent-protection-layers-in-layer-of-protection-analysis-pdf.

Harvard Citation

[author missing] (2015) Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis. 1st edn. Wiley. Available at: https://www.perlego.com/book/992289/guidelines-for-initiating-events-and-independent-protection-layers-in-layer-of-protection-analysis-pdf (Accessed: 14 October 2022).

MLA 7 Citation

[author missing]. Guidelines for Initiating Events and Independent Protection Layers in Layer of Protection Analysis. 1st ed. Wiley, 2015. Web. 14 Oct. 2022.