INSTRUMENTATION AND CONTROLS FOR SAFETY

M. B. Jennings CHE 185

INHERENTLY SAFE DESIGN

PROCESS RISK MANAGEMENT METHODS USED DURING THE DESIGN PHASE CAN BE PUT INTO 4 CATEGORIES:

Inherent Passive Active Procedural

TARGET IS A FAIL-SAFE INSTALLATION

FROM: Dennis C. Hendershot and Kathy Pearson-Dafft, Safety Through Design in the Chemical Process Industry: Inherently Safer Process Design , AIChE Process Plant Safety Symposium, 27OCT98

INHERENT SAFETY DESIGN

Inherent Eliminating the hazard by using materials and process conditions which are nonhazardous.
Minimize Reduce quantities of hazardous substances Substitute Use less hazardous substances Moderate Use less hazardous process conditions, less hazardous forms of materials, or configure facilities to minimize impact from hazardous material releases or uncontrolled energy release Simplify Configure facilities to simplify operation

PASSIVE SAFE DESIGN

Passive Minimizing the hazard by process and equipment design features which reduce either the frequency or consequence of the hazard without the active functioning of any device.
Location of facilities separation of ignition sources and fuels from other facilities Design equipment for design pressure in excess of the adiabatic pressure from a reaction.

ACTIVE SAFE DESIGN

Active Using facilities to detect and correct process conditions:
controls safety interlocks monitoring systems for hazards that develop over a long term and emergency shutdown systems to detect and correct process deviations.

PROCEDURAL SAFE DESIGN

Procedural Prevention or minimization of incident impacts using: Safe operating procedures and operator training Administrative safety checks Management of Change Planned emergency response

DESIGN IN OVERALL SAFETY MANAGEMENT

Art M. Dowell, III, Layer of Protection Analysis, 1998 PROCESS PLANT SAFETY SYMPOSIUM, October 27, 1998 Houston, TX

DESIGN OF SAFETY INSTRUMENTED SYSTEMS

ACTIVE INHERENTLY SAFE DESIGN PROCEDURE (Separate instrumentation and control component in CHE 165 Design) First Level Alarm systems for out of range situations and operator action Second Level Interlock systems to automatically activate safety devices Third Level Devices to minimize impact of out of control conditions

USE OF HAZAN AND HAZOP

PHAs (Process Hazards Analysis) Are used to define areas of concern HAZAN and HAZOP provide a summary of the type of risk associated with various process locations and operations
Frequency should be determined Intensity should be determined

OVERPRESSURIZATION EXAMPLE
OVERPRESSURIZATION IS THE SUBJECT OF NUMEROUS CODES & REGULATIONS
AIChE Design Institute for Emergency Relief Systems (DIERS) OSHA 29 CFR 1910.119 Process Safety Management of Highly Hazardous Chemicals NFPA 30 Flammable & Combustible Liquids API RP 520 and API RP 521 Pressure Relieving Devices and Depressurization Systems ASME Boiler & Pressure Vessel Code ASME Performance Test Code 25, Safety & Relief Valves

SOURCES OF OVERPRESSURIZATION
API 521 LISTS THE FOLLOWING CATEGORIES OF SOURCES
API RP 521 Item No. Overpressure Cause API RP 521 Item No. Overpressure Cause

1 2 3 4

Closed outlets on vessels Cooling water failure to condenser Top-tower reflux failure Side stream reflux failure

10 11 12 13

Abnormal heat or vapor input Split exchanger tube Internal explosions Chemical Reaction

5
6 7 8 9

Lean oil failure to absorber

Accumulation of noncondensables Entrance of highly volatile material Overfilling Storage or Surge Vessel Failure of automatic control

14
15 16

Hydraulic expansion
Exterior fire Power failure (steam, electric, or other) Other

FIRST LEVEL DESIGN

HOW ARE SOURCES ADDRESSED FOR A STORAGE TANK? Item 1 in previous list - Closed outlets on vessels
Would be a concern for a nozzle used for pressure control in the tank, during filling operations.
Perhaps a temporary blind flange would have been left in place after a maintenance operation. A pressure relief valve may malfunction.

A PAH pressure switch (P) could be installed if there was measurable difference between the Normal Operating Pressure and the Maximum Allowable Working Pressure.

SECOND LEVEL DESIGN

HOW ARE SOURCES ADDRESSED FOR A STORAGE TANK? Item 1 in previous list - Closed outlets on vessels Add a pressure relief valve to allow gas to leave the tank and be directed to an appropriate flare or scrubber. Set point needs to be at or slightly above the Maximum Allowable Working Pressure Need an interlock to:
Alarm to indicate valve has been activated and receiving unit (flare or scrubber) is activated. Shut down a valve in the tank fill line and/or shut off a pump used for filling.

THIRD LEVEL DESIGN

HOW ARE SOURCES ADDRESSED FOR A STORAGE TANK? Item 1 in previous list - Closed outlets on vessels Add a rupture disc to relieve to either a flare or scrubber. This level is to protect the equipment from failure on a major scale Need to have an indication that the rupture disc has opened typically a wire across the disc Need to determine actions necessary when the disc opens stop filling, start flare, etc.

OTHER DESIGN CONSIDERATIONS

A large storage tank is filled manually by an operator opening and closing a valve. Once a year, the tank overfills as the operator is distracted by other activities. A high pressure alarm is added to the tank. After the alarm is added, the tank is typically overfilled twice a year. Why?

EXAMPLE 1
After the alarm was installed, the operator relied on it to indicate a high level and did not supervise the filling closely. The alarm loop turned out to have a failure rate of twice per year, so the system was not as reliable as the manual operation.

OTHER CONSIDERATIONS EXAMPLE 2

Fail-safe valves are either Air-to-Open or Airto-Close, which equate to Fail Closed and Fail Open, respectively. Recommend the correct valve for the following processes: Flammable solvent heated by steam in a heat exchanger. Valve is on the steam supply line. Exothermic reaction. Valve is on the reactant feed line. Endothermic reaction. Valve is on the reactant feed line. Gas-fired utility furnace. Valve is on the gas supply line.

1. 2. 3. 4.

EXAMPLE 2 - CONTINUED
5. 6. 7. SPECIFY EITHER FAIL-CLOSED OR FAILOPEN FOR THE VALVES IN THESE SYSTEMS Remote-operated valve on the drain for a storage tank. Remote-operated valve on the fill line to a storage tank. Gas-fired Combustion furnace. Valve is on the air supply line. Steam supply line. Valve controls the downstream steam pressure from the boiler.

8.

EXAMPLE 2 SOLUTIONS 1
1. Valve to FAIL-CLOSED to prevent overheating the solvent 2. Valve to FAIL-CLOSED to avoid a runaway reaction 3. Valve to FAIL-CLOSED to avoid reactor thermal stresses. 4. Valve to FAIL-CLOSED to stop gas flow to uncontrolled combustion.

EXAMPLE 2 SOLUTIONS 2
5. Valve to FAIL-CLOSED to prevent draining material from tank 6. Valve to FAIL-CLOSED to prevent overfilling tank 7. Valve to FAIL-OPEN to maximize air flow to furnace 8. Valve to FAIL-OPEN to avoid localized overpressure of line

EXAMPLE 3
4 kg of water is trapped in between inlet and discharge block valves in a pump. The pump continues to operate at 1 hp.
What is the rate of temperature increase in C/hr if the cP for the water is constant at 1 kcal/(kg C)? What will happen if the pump continues to operate?

EXAMPLE 3 SOLUTION - 1
Assume adiabatic conditions for the calculations: Set up a heat balance: m Cp T Tref Q
Take the derivative with respect to time and dQ dT rearrange to get m Cp . And dt dt dT 1 dQ resolving to get dt m Cp dt Using conversions: hp 1 m 4 kg dQ/dt 0.178 dT/dt 1 dQ/dt m Cp 0.178 kcal sec

kcal kcal Cp 1 sec kg C C hr

dT/dt 160.2

EXAMPLE 3 SOLUTION - 2
Allowing the pump to continue to run will eventually result in high pressure steam formation. This could result in the pump exploding. Adding a thermal switch or a high pressure switch to shut down the pump can prevent this from occurring.