Presentation 3

DESALINATED WATER TREATMENT PLANT
SAFANIYAH
Layer of Protection Analysis (LOPA)
21st August 2016

Lets not have this result from our work!
BP Deepwater Horizon, April 20, 2010

Agenda
1. Safety Moment
2. Introductions
3. Scope of SIL Study
4. SIL ASSIGNMENT Methodology
5. Final Documentation
3
Scope of Study
1. Study will determination of SIL level for each safety

instrumented functions,
2. Items identified in HAZOP report RE-PP0010061 as well as

C&E will be used as basis for study.
4
Methodology
ACHIEVING ACCEPTABLE RISK
Layer of Protection Analysis (LOPA)
LAYER OF PROTECTION ANALYSIS

1. Identify the hazardous scenarios & initiating causes
2. Express risk target frequency quantitatively
3. Demand Frequency is estimated based on experience of the participants
or from Guidelines /EXIDA/TUV, OREDA
4. Identify all the Independent Layers that can reduce the risk (All
prevention/mitigation layers shall be considered)
5. Reduce risk to meet target
5
Identify the hazardous scenarios & initiating causes
1. All the hazardous scenarios are developed from HAZOP Study. Additional
scenarios can be Developed through Brain Storming session ,Operating
Experience and Engineering Best practices.
2. All the initiating cause are taken from PHA/HAZOP study or through brain
storming.
3. Appendix F of SAEP-250 can used as a guideline to list scenario of
initiating causes.
6
Initiating Cause
Process Deviation
Initiating causes
Equipment failures
instrumentation
pumps
compressors
human errors
loss of mechanical integrity
Initiating cause frequency
Methodology
ACHIEVING ACCEPTABLE RISK Layer of Protection Analysis (LOPA)

2. Based on risk ranking determine target frequency
3. Demand Frequency is estimated based on experience of the participants
or from Guidelines /EXIDA/TUV, OREDA
8
Express risk target frequency quantitatively
1. Based on the initiating event frequency of occurrence and severity, We will

determine the Risk target frequency (per Year).
2. This is the frequency a corporate can tolerate based on its guidelines,
regulatory requirements
3. Guidelines in Appendix H of SAEP-250 shall be used for Tolerable Risk
frequency
9
Unmitigated Risk
Incident Frequency = Initiating Cause Frequency

Consequence = Scenario Consequence
Initiating Cause Consequence
Unmitigated Risk
IS IT TOLERABLE?
Express risk target frequency quantitatively
11
Methodology

3. Demand Frequency (initiating event frequency) is estimated based on
experience of the participants or from Guidelines /EXIDA/TUV, OREDA
12
Demand Frequency Estimation
1. Estimate the demand frequency of the initiating event from SAEP-250
Appendix I Or Experience from field can determine empirically
2. Alternatively This frequency can be calculated/obtained from FMEDA
reports from EXIDA, OREDA etc.
13
Demand Frequency Estimation
14
Methodology

15
Identify all the Independent Layers
In Level of Protection Analysis (LOPA), we assume that the probability

of each element in the system functioning (or failing) is independent of
all other elements.
We consider the frequency of occurrence of the initiating
event/Hazardous Event (root cause).
We consider the probability that every independent protection layer (IPL)
fail to do its intended function
16
Identify all the Independent Layers
Identify all the Protection layers which can reduce the risk (reduce
frequency of occurrence or Severity)
Prevention Layers (PZV, ALARMS etc) Mitigation Layers
(Dikes etc)
A Protection layer can be considered a protection layers if it fall under

following criteria
1. Independent 2. Specific
3. Dependable (Risk Reduction Minimum 10-1) 4. Auditable
17
Identify Independent Protection Layers (IPLs)
X is the frequency of the

initiang event Unsafe,
Yn
Yi is the probability of unsafe
failure on demand (PFD) I
for each IPL P
Unsafe, L
I n
Y2 P
Unsafe, L
I
Y1 P 3
Initiating L
I Safe/
event, X P 2 tolerable
L
1
Mitigated Risk Reduce Frequency Only
IPL1 IPL2 IPL3
Mitigated Risk =
Unmitigated Risk = frequency *
reduced frequency * same
consequence
PFD1 PFD2 PFD3 consequence
IPL1 IPL2 IPL3 Mitigated Risk = reduced frequency *
Unmitigated
Risk same consequence
Scenario
Consequence
Preventive Preventive Preventive
Feature Feature Feature
Success REDUCE FREQUENCY TO
Safe Outcome ACHIEVE TOLERABLE RISK
Initiating Event Success
Safe Outcome
Success
Failure Safe Outcome
Failure
Consequences exceeding
Failure criteria
Key:
Thickness of arrow represents frequency of the Impact frequency
consequence if later IPLs are not successful Event
What are IPLs?
COMMUNITY EMERGENCY RESPONSE
Independent Protection Layers are PLANT EMERGENCY RESPONSE

often depicted as an onion skin.
Each layer is independent in terms MITIGATION
Mechanical Mitigation Systems
of operation. Fire and Gas Systems
The failure of one layer does not PREVENTION
affect the next. Safety Critical Process Alarms

Safety Instrumented Systems
Basic Process Control Systems

Non-safety Process alarms
Operator Supervision
Process Design
Some typical protection layer Probability of Failure on Demand

(PFD)
BPCS control loop = 0.10 (10-1)
Operator response to alarm = 0.10 (10-1)
Relief safety valve = 0.01(10-2)
Appendix I of SAEP-250 can be used for Safety layer risk Reduction
factor.
Source: A. Frederickson, Layer of Protection Analysis, www.safetyusersgroup.com, May 2006

IPL
IPLs can provide

Prevention (active lower probability)
Alarm with operator response
Safety Instrumented System
Mitigation (active lower probability/consequence)
Pressure relief valve
Protection (passive lower consequence)
Dikes
Mechanical design
Barricades
Methodology

25
Reduce risk to meet target
The general approach is to
Set the target frequency for an event leading to an unsafe situation
Apply IPLs to reduce the frequency of occurrence of hazardous
events.
Calculate the mitigated frequency of Hazardous event and compare it
with target frequency.
If the mitigated event frequency is high than target , reduce it.
The first approach is to add other IPLs to further reduce the hazardous
event frequency.
Finally consider SIS to meet the target frequency and determine
the SIL level of the SIF.
Independent Protection Layer (IPL) Analysis Objective
Intolerable Risk
Drivethe consequence and/or frequency of
potential incidents to an tolerable risk
level
Risk = frequency * consequence
Tolerable Risk
Safety Layer of Protection Analysis
1. Express risk target quantitatively
The decision can be presented in a F-N plot similar to the one below.
(The coordinate values here are not standard; they must be selected by the professional.)
1.00E-07
Probability or Frequency, F
Unacceptable risk
(events/year)
1.00E-08
Acceptable risk
1.00E-09
1 10 100
Deaths per event, N
The design must be enhanced to reduce the likelihood of death (or serious
damage) and/or to mitigate the effects.
Process examples
The Layer of Protection Analysis (LOPA) is performed using a standard
table for data entry. (SAEP-250 Appendix F)
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial InitiatingCause Process BPCS Alarm SIS Additional
Mitigated Notes Event cause likelihood design
mitigation event
Description (safety valves, likelihood
dykes, restricted access,
etc.)
demand= D Probability of failure on

demand = Yi
Mitigated likelihood (W) = (D)(Y1)(Y 2) (Yn)

Process examples
Appendix H (SAEP-250)
Process examples
Appendix I (SAEP-250)/EXIDA/TUV/OREDA
Process examples
Independent Protection Layers (Appendix I) Event likelihood after IPL

LOPA Example
Liquid In
LAH LT
Liquid Out
Process Vessel
HAZARD = OVERFILLING
INITIATING CAUSE= PUMP

FAILURE
IPL1 IPL2 IPL3
MF=0.01 MF=0.001 MF=0.0001

Initiating Cause Freq= 0.1
(one in 10 yrs) Target Frequency=0.0001
PFD=0.1 PFD2 PFD3
(one in 1000 yrs)
Approaches to reducing risk
Performance for the four SILs levels for a safety
Instrumented system (SIS)
Safety Integrity Probability of
Level (SIL) Failure on Demand
SIL-1 0.10 to 0.01
SIL-2 0.01 to 0.001
SIL-3 0.001 to 0.0001
SIL-4 Less than 0.0001

SIL Assessment Session
One SIL Assignment Technique
SIL
Failure of Transfer Pump leading to
overfill of Process Vessel.
Potential release of material to the
environment requiring reporting or
remediation.
Potential personnel injury due to
exposure to material.
Target Frequency= 1/1000 (occ /yr)

Initiating Cause Freq = 1/10 (occ /yr)

Presentation 3

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Presentation 3

Enviado por

Direitos autorais:

Formatos disponíveis

DESALINATED WATER TREATMENT PLANT

21st August 2016

BP Deepwater Horizon, April 20, 2010

1. Study will determination of SIL level for each safety

2. Items identified in HAZOP report RE-PP0010061 as well as

LAYER OF PROTECTION ANALYSIS

LAYER OF PROTECTION ANALYSIS

1. Based on the initiating event frequency of occurrence and severity, We will

Incident Frequency = Initiating Cause Frequency

Initiating Cause Consequence

LAYER OF PROTECTION ANALYSIS

LAYER OF PROTECTION ANALYSIS

In Level of Protection Analysis (LOPA), we assume that the probability

A Protection layer can be considered a protection layers if it fall under

X is the frequency of the

IPL1 IPL2 IPL3

COMMUNITY EMERGENCY RESPONSE

Independent Protection Layers are PLANT EMERGENCY RESPONSE

The failure of one layer does not PREVENTION

affect the next. Safety Critical Process Alarms

Basic Process Control Systems

Some typical protection layer Probability of Failure on Demand

Source: A. Frederickson, Layer of Protection Analysis, www.safetyusersgroup.com, May 2006

IPLs can provide

LAYER OF PROTECTION ANALYSIS

Risk = frequency * consequence

demand= D Probability of failure on

Mitigated likelihood (W) = (D)(Y1)(Y 2) (Yn)

Independent Protection Layers (Appendix I) Event likelihood after IPL

INITIATING CAUSE= PUMP

IPL1 IPL2 IPL3

MF=0.01 MF=0.001 MF=0.0001

SIL-1 0.10 to 0.01

SIL-2 0.01 to 0.001

SIL-3 0.001 to 0.0001

SIL-4 Less than 0.0001

Target Frequency= 1/1000 (occ /yr)

Você também pode gostar