Tasks

1. The reliability diagram of the process control system is as follows:

Temperature sensor t1 Temperature sensor t2 Computer system

Valve V1 Flow sensor f1

Safety Valve V3

Valve V2 Flow sensor f2

Pump Motor Burner

Alarm Coolant jacket Power

Figure 1: Reliability block diagram

Since the given failure rates are constant, we can use the expression:

( )

Rsystem1: Temperature sensor1, temperature sensor2 and computer system are in

series. For successful operation of furnace, all three subunits must be connected in
series.

Rsystem2: In system2, two pipes and their respective flow sensors are connected to
the furnace fir its successful operation. Each pipe and its flow sensor are connected
in series as they both are required for controlled flow of LPG in furnace. Since only
one set of pipe and flow sensor is required at a time for controlled and successful
working of furnace, they two sets of pipes with their respective flow sensors are
connected in parallel.

Rsystem3: In system3, safety valve V3, burner, motor, pump, alarm, coolant jacket and
power are connected in series as all these subunits need to be in working mode for
successful working of furnace.

The reliability of the process control system can be given as below:

( ) ( ) ( ) ( )

( )
* +*( ) ( )
+* +

Substituting t = 1 in the above expression to get reliability after one year.

( )

2. A hazard is a possibility of any unwanted/harmful event that could potentially

cause damage/harm to environment/person. Most hazards are dormant or potential,
with only a theoretical risk of harm. However, once a hazard becomes active, it can
create an emergency situation.

The hazards in the given process control system are as follows:

1. Explosion: An explosion can be caused by following reasons:

 Fracture/leak in fuel pipes.
 Failure of Control computer.
 Excessive over fuelling.
 Overheating of furnace.
 Power failure.
 Safety valve failure.
2. Fire: This could be caused by burning of leaking LPG gas from tanks, burning
of moulding/mouldings in furnace, burning of furnace structure etc.
Extraneous parts may fall onto the conveyor belt and enter the conveyor belt
causing fire.
3. Release of Inflammable gases (LPG) to environment: This could be caused
by leakage of LPG from tanks, failed regulator valves and safety valves.
Failure of burner could lead to release of LPG to environment.
4. Release of toxic exhaust gases to environment: This could be caused by
burning of moulding within furnace and/or burning of furnace structure. If parts
fall off the conveyor belt while inside the furnace, they may catch fire and
release toxic fumes. Increase of temperature inside the furnace may ignite the
plastic moulding producing toxic gases.
5. Laceration from sharp edges: Different structures like motor, conveyor belt,
tanks, and pipes may have sharp edges which could potentially cause injury
to personnel during maintenance or other activities.
6. Walking-working surfaces (guarding, elevated work areas, trip hazards): A
process control system of this nature would have walking and working
surfaces with trip hazards, elevated surfaces etc. for personnel during
maintenance and other activities. If someone gets trapped in the conveyor
belt, it may cause injury or even death.
7. Burns to the personnel: This may be caused by failing of coolant system and
hot items leaving the furnace.
3. From the listed hazards, it could be easily deduced that the most serious hazard is
explosion as it can cause serious damage to plant and its personnel to a very high
severity. Fault tree diagram of ‘Explosion’ is given on the sheet attached.

4. HAZOP technique is employed to conduct risk analysis on ‘explosion’ hazard. The

following tables are used to perform the risk analysis:

Defining probability of occurrence

Category Meaning Range

Frequent Many times in system lifetime Once in a

year

Probable Several times in system lifetime Once in 3

years

Occasional Once in system lifetime Once in 10

years

Remote Unlikely in system lifetime Once in 20

year

Improbable Very unlikely to occur Once in 50

year

Incredible Cannot believe that it could occur Once in 100

years

Defining severity categories

Category Effect

Catastrophic Multiple loss of life

Critical Loss of a single life

Serious Major injuries to one or more persons

Negligible Minor injuries at worst

 Defining risk categories

Class Class definition

Class A Unacceptable in any circumstance.

Class B Undesirable: tolerable only if risk reduction

is impracticable or if the costs are grossly
disproportionate to the improvement
gained.

Class C Tolerable if the cost of risk reduction would

exceed the improvement gained.

Class D Negligible, and therefore acceptable as it

stands, though it may need to be
monitored.

Risk class matrix

Probability Catastrophic Critical Serious Negligible

Frequent A A A B

Probable A B C
A
Occasional A B C C

Remote B C C D

Improbable C C D D

Incredible D D D D

Explosion hazard can cause catastrophic consequences like multiple loss of life of
personnel and harm to environment. Looking at the reliability of the process and
subsystem which could cause explosion, it can be seen that the frequency of
explosion is probable i.e. once in 3 years. This puts explosion hazard into ‘A’
category in ‘Risk class matrix’. As the table for ‘Risk defining categories’ shows, the
event of explosion is classified as ‘unacceptable in any circumstances’. Therefore,
risk reduction measures have to be employed to mitigate the risk of explosion hazard
to a reasonable level (or acceptable level, if possible).
5. The following risk reduction methods can be employed to reduce the risk of
explosion hazard (in order if significance):

I. Use of local controller instead of just central controller: Local controllers

could be used instead of just one central controller computer. This
action would mean that even in case failure of one or more
subsystems, the event of explosion could still be avoided by the action
of other working local controllers. An additional power backup system
would improve the reliability of the whole process. In case of main
power supply failure, a backup system would still keep the system
running in controlled manner. Guards and barriers could be placed for
covering the conveyor belt. Extra sensors could be put in place in case
the primary sensors fail. An additional power backup system would
improve the reliability of the whole process. In case of main power
supply failure, a backup system would still keep the system running in
controlled manner.
II. Preventive, planned and conditional monitoring: As it appears, most of
the events leading to explosion are due to mechanical or electrical
failure of some subsystems. Only planned monitoring is not enough to
mitigate such failures. Preventive, planned and conditional monitoring
would improve the overall reliability of the process.
III. Toxic fumes/smoke removal system: In case of fire or explosion, toxic
gases/fumes could be produced. A fumes/smoke removal system with
a purifier can be used at a suitable place over the furnace.

6. The following summary throws light on the reasons of the above 3 risk reduction
measures and describes the order of their significance.

In current process, all the sensors and valves controls are operated by a single
controller ‘computer’. Failure of this computer would cause failure of temperature
sensor t1 which senses the temperature of furnace and signals any overheating to
the main computer. Failure of computer means, the system would still keep running
in an uncontrolled manner. Additional local controllers for different subsystems would
mean that even if the main computer fails, temperature sensor t 1 and t2 could signal
to the local controllers operating on valves v1 and v2, which in return could stop the
flow of LPG to the furnace. An isolated power backup system could be placed in
case the main power supply fails. This backup power supply would still keep the
main and local controller running. Guards and barriers around conveyor system
would work as a safeguard for personnel and could also prevent objects falling off
and on the conveyor belt. Extra temperature sensors could also be placed which
should be directly connected to alarm system and local controller controllers for
regulator valves. The temperature feed from these sensors could trigger these
valves to stop injecting fuel into furnace if it is above a threshold value. This
modification, as clearly indicates, responds to risk reduction in a very effective
manner.
Events like gas leakage, valves failure, sensors failure, alarm failure etc. are often
due to mechanical or electrical failure of these subsystems. This was concluded from
fault tree diagram. These subsystems require timely attention for their proper
working. For example, the fuel tanks need timely and preventive maintenance in
order to mitigate thermal and mechanical stresses, safety valve and regulator valves
need time-base lubrication, conveyor belt system would need timely oiling and
greasing in order for their proper running, etc. All the metallic parts of the systems
need to be guarded against rusting. In case of rusting in valves, it could clog them up
causing problems in fuel flow or leakage in some cases. A wise combination of
planned, preventive and conditional monitoring can look after all these parameters.
Maintenance comes at second place as it aims at reducing the overall risk of
subsystem failure. However, power and controller backup is of highest importance as
their failure would result in immediate disaster.

In case of fire or/and explosion, toxic fumes and gases are produced. These fumes
and gases are harmful to personnel and environment. This is a personal hazard
which could affect local areas and remote areas as well. A chimney with a purifier
could be placed above the furnace in a suitable manner to filter these fumes and
smoke to a reasonable level thus minimising the damage to people and environment.
However, this measure looks at minimising the effect of one of the many
consequences of fire and explosion. Consequently, it comes at 3rd place.