4 SRS Detail

PAGE 1 OF 38
Statoil Rev. Code
Linde Version
Status
Date
Description
Prepared
Checked ORIGINATOR
Approved COMPANY
TITLE
SIS Safety Requirements Specification Specific Part

DOCUMENT NUMBER System/ Area 11/0000 DFO
E066-AB-S-SD-0009.011
Project No. Orig Code Area System Disc Code Doc. Type Seq. No.
B
Statoil Rev.Code
D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc
Page 2 of 38
SIS Safety Requirement Specification Specific Part
Rev.date :
11-PT-1100 A/B/C (high presure)....................................................................................4 11-PT-1100 (pressure low)..............................................................................................5 11PDT1168 (previous 1095) ...........................................................................................6 11PT1026 A/B/C .............................................................................................................7 11PT1053 A/B/C .............................................................................................................8 11PDT1116 .....................................................................................................................9 11PDT1080 ...................................................................................................................10 11PDT1153 (previous 1081) .........................................................................................11 11PDT1057 ...................................................................................................................12 11PDT1056 ...................................................................................................................13 11LT1068 A/B/C............................................................................................................14 11LT1069 A/B/C............................................................................................................15 11LT1081D (previous 11LT1085 ) ................................................................................16 11LT1082D (previous 11LT1086 ) ................................................................................17 11LT1083 (previous 11LDT1087) .................................................................................18 11LT1083 ......................................................................................................................19 11LT1084 (previous 11LDT1088) .................................................................................20 11LT1084 ......................................................................................................................21 11LT1083 (previous 11LDT1089) .................................................................................22 11LT1084 (previous 11LDT1090) .................................................................................23 11LT1083 (previous 1091) ............................................................................................24 11LT1084 (previous 1092) ............................................................................................25 11PDT1109 ...................................................................................................................26 11PDT1023 ...................................................................................................................27 11PDT1121 ...................................................................................................................28 11PDT1151 ...................................................................................................................29 11PDT1055 ...................................................................................................................30 11PDT1024 ...................................................................................................................31 11PDT1037 ...................................................................................................................32
Page 3 of 38
Rev.date :
11PDT1038 ...................................................................................................................33 11PT1138 A/B ...............................................................................................................34 11PT1139 A/B ...............................................................................................................35 11TT1181 ......................................................................................................................36 11PDT1014 ...................................................................................................................37 11ZSL1007....................................................................................................................38
Page 4 of 38
Rev.date :
Tag Process Unit:
11-PT-1100 A/B/C (high pressure) 11 inlet facilities pipeline no packing of pipeline environment (flaring) and operation prevent pipeline packing and subsequent flaring
voting P+ID no.:
2 out of 3 11-PE-1001-001
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL 120 barg
Description of SIS Output Action

(including force manual close signal to ensure safe state of process unit)
Response time of final element
closing the subsea wing valve
SIL allocation (Reason for Selection of Each Risk Parameter) based on "Risk Matrix for HSE and Assets" E066-AB-S-SG-0002 Consequence to
(without SIF)
Description / Reason 1 2 2 Flaring for more less than 1 week including depressuring the pipeline and start-up of the plant. packing the pipeline, when the inlet to the LNG onshore plant is closed. production downtime of main product is less than 1 week yes Operator interaction is possible because packing of pipeline is a slow process. There is sufficient indication that the inlet is closed. ESD has position alarm, 11-PSHH-1026 and 11-PSHH-1053 gives alarm. All gives 1 IPL 3 Closing the ESD beach valve, ESD inlet at slugcatcher and/or the HIPPS valves no impact
Personnel Exposure Time Risk Environment Assets:

Equipment / Production Downtime
Averting of hazard
Frequency/
Demand Rate
Remarks:
Safety Integrity Level (SIL)

Requirement for proof test interval Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.). revealed failure (spurious trip) :
Review date : 29/01/2003
Asset Integrity Level (AIL)
Special requirement for the SIS, if not covered by the General part of the Safety Requirements Specification: if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part
Page 5 of 38
Rev.date :
Tag Process Unit:
11-PT-1100 (pressure low) main feed gas pipeline pipeline
voting P+ID no.:
1 out of 1 11-PE-1001-001
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint HH L LL 50 barg (35 barg) 1)
shut-down all Xmas tree valves subsea and depressurize the pipeline (via process and later via flare) environment sea and atm. leak detection prevent major leaks of gas/liquid entering the sea in case of a rupture rupture of main feed gas pipeline

Response time of final element
a) automatic action: close sub sea wells b) operator action as follows: depressurize the pipeline (via process and later via flare e.g. close the main feed gas control valve unit 12 or the ESD outlet valves at the slugcatcher and finally open the BDV at the slugcatcher by remote manual interaction)
(without SIF)
Description / Reason 5 if major vapor cloud occurs, personnel on the sea may be exposed

0.1 low exposure time risk 5 5 major leak in the flow line and /or connectors into the sea loss of reputation loss of main production yes 1. deviation of several pressure indicators (this well and other wells) and flow indication subsea control system (PCDA) is dual (deviation alarms are available) leak detection possible via the offshore flow measurement including back-up, onshore flow measurement,. finally operator interaction (e.g. ESD closing all valves) is possible. (1 IPL) yes 2. there is sufficient experience in operating and maintenance of pipelines, proper material selection and the yes endangered part of pipeline is trenched. (1 IPL) subsea 18-UT 1125 B (pressure low) (1IPL)
Averting of hazard
Frequency/
Demand Rate
major leak is expected to happen less than once in 20 to 100 years, which is very conservative consideration
Remarks:
Team agreed on an alarm only and have operator interaction. Verification by Statoil will be done. Comparison with other plant needs to be done.

Requirement for proof test interval Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.). revealed failure (spurious trip) :
Special requirement for the SIS, if not covered by the General part of the Safety Requirements Specification: if not otherwise stated, refer to Safety Requirements Specification General Part operator interaction to activate the ESD system is required. if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part
1) During initial start-up of pipeline the set point needs to be lowered to 35 barg. (comment from HAZOP team recommendation 720.)
Page 6 of 38
Rev.date :
Tag Process Unit:
11PDT1168 (previous 1095) 11 Slugcatcher and Pigtrap ESD-Valve 11ESV1001
voting P+ID no.:
1 out of 1 11-PE-1001-001
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL 1 barg 1)
ensure low pressure difference before ESD-Valve is opened. Pig receiver and slug catcher and connected piping avoid pressure shock and connected piping all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open ESD-Valve
SIL allocation (Reason for Selection of Each Risk Parameter) based on "Risk Matrix for HSE and Assets" E066-AB-S-SG-0002 Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Consequence to
(without SIF)
Description / Reason Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. (4) Release at Flanges Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. (0.1) Operator is present at the ESD valve, but leakage further and thus not exposed Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. (4) Damage the line from pig receiver to slug catcher due to pressure shock, resulting into leakage Damage to both slug catchers at the same time Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. (Yes prior to opening of ESD valve after a pipeline shutdown the operator is warned to repressurise the equipment in the ) field ( limit switch and operating procedure is provided ) that reduces the frequency by one step. Closing the ESD valve is not seen as an option, because only limiting the consequences. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. (1) Pig receiver open and high pressure upstream the valve (2) Operator failure at restart of pipeline at high pressure The ranking is done to compare the fault tree analysis of the HIPPS. The same range of PFD is reached.

Averting of hazard
Frequency/
Demand Rate
Remarks:

Requirement for proof test interval Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.).
Revealed failure : at high differential pressure trip shall not open the valve, if it is closed at high differential pressure trip shall not close the valve, if it is open, Thus no high availability is necessary
Page 7 of 38
Rev.date :
Tag Process Unit:
11PT1026 A/B/C
11 Slugcatcher and Pigtrap
voting P+ID no.:
2 out of 3 11-PE-1002-001
Transfer Line from ESD Beach Valve to Slug catcher Pressure Control Slug catcher Prevent overpressure of the slug catcher all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

close ESD-Valve upstream Pig receiver
(without SIF)
Description / Reason Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Overpressurise slug catcher ; above the burst pressure and finally damage to slug catcher . This is covered by the safety criteria used in the HIPPS study. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. According to HIPPS study, SIL 1 was sufficient, a SIL 2 can be reached without additional cost and team agreed for AIL2 , because there is no impact

Averting of hazard Frequency/

Demand Rate
Remarks:

Special requirement for the SIS, if not covered by the General part of the Safety Requirements Specification: if not otherwise stated, refer to Safety Requirements Specification General Part stroke test is sufficient, no leak test if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part Repressurazation Bypass required at ESD-Valve, which is LC
revealed failure (spurious trip) : trip of plant and pipeline and stop of main production thus high availability is required
Page 8 of 38
Rev.date :
Tag Process Unit:
11PT1053 A/B/C
11 Slugcatcher and Pigtrap
voting P+ID no.:
2 out of 3 11-PE-1002-001
Transfer Line from ESD Beach Valve to Slug catcher Pressure Control Slug catcher Prevent overpressure of the slug catcher all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

close HIPPS valve downstream Pig receiver
(without SIF)
Description / Reason Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Overpressurise slug catcher ; above the burst pressure and finally damage to slug catcher . This is covered by the safety criteria used in the HIPPS study. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. Refer to E066-AB-S-RE-0018 SIL Allocation for HIPPS and PSV, as SIF is part of HIPPS. According to HIPPS study, SIL 2 was required and team agreed for AIL2 , because there is no impact on cost


Demand Rate
Remarks:

Requirement for proof test interval
Special requirement for the SIS, if not covered by the General part of the Safety Requirements Specification: 3 times per year / Leak test shall be done acoustically. Two end flanges at the HIPPS are provided to be able to remove one HIPPS (which is leaking) and operate on the other HIPPS. To set the end flange, depressuring of the pipe section is required, but quick restart is possible. if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part if not otherwise stated, refer to Safety Requirements Specification General Part 3" bypass for pressurisation with locking device full flow testing bypass is equipped with HIPPS Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.). revealed failure (spurious trip) : trip of plant and pipeline and stop of main production thus high availability is required
Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements
Page 9 of 38
Rev.date :
Tag Process Unit:
11PDT1116 11 Slugcatcher and Pigtrap 11-QSV-1053 A/B
voting P+ID no.:
1 out of 1 11-PE-1002-001
ensure low pressure difference before QSV valves are opened. slug catcher and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open QSV-Valves
(without SIF)
Description / Reason 4 1 2 3 3 possible leakage of gaseous HC at flange connections no full rupture is expected no credit is taken for exposure time risk Flaring for restart damage to piping and to two slug catchers due to pressure shock ; leakage at flanges downtime more than one week


Demand Rate
yes prior to opening of QSV valve after activation the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step 1 high differential pressure is given only after activation of HIPPS
Remarks:
1) pressure A must not be higher than 1 bar than pressure B

Revealed failure : at high differential pressure trip shall not open the valve, if it is closed at high differential pressure trip shall not close the valve, if it is open. Thus no high availability is necessary
Page 10 of 38
Rev.date :
Tag Process Unit:
11PDT1080 11 Slugcatcher and Pigtrap 11-ESV-1065
voting P+ID no.:
1 out of 1 11-PE-1002-001
ensure low pressure difference before ESV valves are opened. slug catcher and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open ESV-Valves
(without SIF)
Description / Reason 4 1 2 3 3 Possible leakage of gaseous HC at flange connections no full rupture is expected no credit is taken for exposure time risk Flaring for restart Damage to piping and to two slug catchers due to pressure shock ; leakage at flanges Downtime more than one week


Demand Rate
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step 2 High differential pressure is given only after shutdown
Remarks:

Page 11 of 38
Rev.date :
Tag Process Unit:
11PDT1153 (previous 1081) 11 Slugcatcher and Pigtrap 11-ESV-1063
voting P+ID no.:
1 out of 1 11-PE-1002-001

(without SIF)
Description / Reason 4 1 2 3 3 Possible leakage of gaseous HC at flange connections no full rupture is expected no credit is taken for exposure time risk Flaring for restart Damage to piping and to two slug catchers due to pressure shock ; leakage at flanges Downtime more than one week


Demand Rate
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step 1 High differential pressure is given only after shutdown
Remarks:

Review date : 26/09/2002 (number changed 15.20.03)
Page 12 of 38
Rev.date :
Tag Process Unit:
voting P+ID no.:
1 out of 1 11-PE-1002-002

(without SIF)
Description / Reason 4 1 2 3 3 Possible leakage of gaseous HC at flange connections no full rupture is expected no credit is taken for exposure time risk Flaring for restart Damage to piping and to one slug catcher due to pressure shock ; leakage at flanges Downtime more than one week


Demand Rate
yes Prior to opening of ESV valve after emergency depressurisation the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step 1 High differential pressure is given only after emergency depressurisation of one section of the slug catcher
Remarks:
1) pressure A must not be higher than 1 bar than pressure B and the opposite way (intermediate valve)

Page 13 of 38
Rev.date :
Tag Process Unit:
voting P+ID no.:
1 out of 1 11-PE-1002-003

(without SIF)
Description / Reason 4 1 2 3 3 Possible leakage of gaseous HC at flange connections no full rupture is expected no credit is taken for exposure time risk Flaring for restart Damage to piping and to one slug catcher due to pressure shock ; leakage at flanges Downtime more than one week


Demand Rate
yes Prior to opening of ESV valve after emergency depressurisation the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step 1 High differential pressure is given only after emergency depressurisation of one section of the slug catcher
Remarks:
1) pressure A must not be higher than 1 bar than pressure B and the opposite way (intermediate valve)

Page 14 of 38
Rev.date :
Tag Process Unit:
11LT1068 A/B/C
11 Slugcatcher and Pigtrap 11-VL-101A Level Control Downstream feed gas system
voting P+ID no.:
2 out of 3 11-PE-1002-007
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL 1) mm
Prevent overfilling of 11-VL-101A and liquid carry-over to LNG process all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Close ESD-valve at the inlet
(without SIF)
Description / Reason 4 1 2 Overfilling of slugcatcher during pigging and releasing the liquid to flare via the safety valves, which are designed for vapour. Risk of serious leaks and risk of damage to flare system Not taken into account Flaring at restart Liquid condensate , excluding MEG/H20, carry-over to filter separator 12-CB-101. Resulting in high pressure drop over filter separator with damage of internals. Finally liquid carry-over to C02 wash column, resulting in foaming. 3 Main production out of service, more than 1 week


Demand Rate
yes Both slugcatchers work in parallel; if one LSHH fails, the other LSHH will still give an alarm and the operator has sufficient time to interact (slow process) 1 2 Personnel : Volume of max. slug is less than volume in slugcatcher, according to pipeline simulations Asset : Liquid carry-over due to operation close to HHlevel
Remarks:
1) Refer Mechanical Data Sheet

The two block valves in the equalisation line must be LO locked open to ensure that the instrument will work.
revealed failure (spurious trip) : closure of the inlet of one slug-catcher, which is designed for 100%, but more risk of carry-over to downstream system. High availability is required.
Page 15 of 38
Rev.date :
Tag Process Unit:
11LT1069 A/B/C
11 Slugcatcher and Pigtrap 11-VL-101B Level Control Downstream feed gas system
voting P+ID no.:
2 out of 3 11-PE-1002-008
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL 1) mm
Prevent overfilling of 11-VL-101B and liquid carry-over to LNG process all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Close ESD-valve at the inlet
(without SIF)
Description / Reason 4 1 2 Overfilling of slugcatcher during pigging and releasing the liquid to flare via the safety valves, which are designed for vapour. Risk of serious leaks and risk of damage to flare system Not taken into account Flaring at restart Liquid condensate , excluding MEG/H20, carry-over to filter separator 12-CB-101. Resulting in high pressure drop over filter separator with damage of internals. Finally liquid carry-over to C02 wash column, resulting in foaming. 3 Main production out of service, more than 1 week


Demand Rate
yes Both slugcatchers work in parallel; if one LSHH fails, the other LSHH will still give an alarm and the operator has sufficient time to interact (slow process) 1 2 Personnel : Volume of max. slug is less than volume in slugcatcher, according to pipeline simulations Asset : Liquid carry-over due to operation close to HHlevel
Remarks:

The two block valves in the equalisation line must be LO locked open to ensure that the instrument will work.
revealed failure (spurious trip) : closure of the inlet of one slug-catcher, which is designed for 100%, but more risk of carry-over to downstream system. High availability is required.
Page 16 of 38
Rev.date :
Tag Process Unit: Equipment under control Safe state of the process Protected system
11LT1081D (previous 11LT1085 )

11 Slugcatcher and Pigtrap 11-VL-101A Level Control Downstream condensate system
voting P+ID no.:
1 out of 1 11-PE-1002-007
Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH LL LLL 1) mm 1) mm
Prevent gas breakthrough into condensate system all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Close HV valves in upper condensate draw off line (4 valves) Close ESD valves in the common line Description / Reason Gas breakthrough results in overpressurisation of 12-VA-101; exceeding burst pressure
SIL allocation (Reason for Selection of Each Risk Parameter) based on "Risk Matrix for HSE and Assets" E066-AB-S-SG-0002 Consequence to (without
SIF)

5 NA 2 5 3 2
Flaring more > 1 day (start-up) Gas breakthrough into condensate separator 12-VA-101 downtime of side product >1 week and downtime of main product >1week damage of internals of condensate separator and of filter 11-CA-101 (but spare is provided) Personnel: Safety valves are designed for the scenario ( 3 IPLs, reducing the consequence)

Demand Rate
yes Asset damage of interals: PSHH in the 12-VA-101, acting on 11-ESV-1072 (1 IPL) 2 control loop failure or operator failure (selector failure)
Remarks:

revealed failure (spurious trip) : Unwanted closure of the flow to the condensate system. Storage in slugcatcher is possible. No high availability is necessary.
Review date : 02.04.2003
Page 17 of 38
Rev.date :
11LT1082D (previous 11LT1086 )

11 Slugcatcher and Pigtrap 11-VL-101B Level Control Downstream condensate system
voting P+ID no.:
1 out of 1 11-PE-1002-008
Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH LL LLL 1) mm 1) mm
Prevent gas breakthrough into condensate system all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Close HV valves in upper condensate draw off line (4 valves) Close ESD valves in the common line Description / Reason Gas breakthrough results in overpressurisation of 12-VA-101; exceeding burst pressure
SIF)

5 NA 2 5 3 2
Flaring more > 1 day (start-up) Gas breakthrough into condensate separator 12-VA-101 downtime of side product >1 week and downtime of main product >1week damage of internals of condensate separator and of filter 11-CA-101 (but spare is provided) Personnel: Safety valves are designed for the scenario ( 3 IPLs, reducing the consequence)

Demand Rate
yes Asset damage of interals: PSHH in the 12-VA-101, acting on 11-ESV-1073 (1 IPL) 2 control loop failure or operator failure (selector failure)
Remarks:

Page 18 of 38
Rev.date :
11LT1083 (previous 11LDT1087)

11 Slugcatcher and Pigtrap 11-VL-101A Level Control Downstream condensate system Prevent MEG/H20 into condensate system
voting P+ID no.:
1 out of 1 11-PE-1002-007
Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint HHH HH H LL 1100 mm 1) mm 1) mm
all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Close inlet ESD valve to slugcatcher Alarm if condensate valve is not closed Close HV valves in condensate draw off line (4 valves) -
SIF)
Description / Reason No impact,

1 NA 2 2 2
Flaring more > 1 day (start-up) MEG/H20 into condensate separator 12-VA-101, which can then be sent to the MEG system; operational upset fouling of 20-HA-101, which needs cleaning : Downtime of side product >1 day, less than 1 week and downtime of main product > 1 day, as condensate can be stored in slugcatcher, but storage capacity is limited

Demand Rate
yes Asset : 12-LDT-1084 and 12-LDT-1058 give alarm 2 1) 2) control loop failure or operator failure (selector failure) Refer to PID 11-PE-1002-007 and Mechanical Data Sheet 11LT1083 B or A can be used as control. When one is selected as control the other must be used as trip signal. Control and trip signal must be independent.
Remarks:

Page 19 of 38
Rev.date :
11LT1083
11 Slugcatcher and Pigtrap 11-VL-101A Level Control slugcatcher
voting P+ID no.:
1 out of 1 11-PE-1002-007
Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint HHH H L LL 1100 mm 1) mm
Prevent overfilling of stand-pipe for level measurement with MEG while slugcatcher is filled with condensate. Prevent wrong level measurement. all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element time delay -

Close inlet ESD valve to slugcatcher Close HV valves in condensate draw off line (4 valves)
SIF)
Description / Reason Overfilling of slugcatcher, no risk for personnel, as liquid will enter the process first.

0.1 operator not present 2 Flaring at restart Liquid condensate , excluding MEG/H20, carry-over to filter separator 12-CB-101. Resulting in high pressure drop over filter separator with damage of internals. Finally liquid carry-over to C02 wash column, resulting in foaming. 3 Main production out of service, more than 1 week

Demand Rate
yes Both slugcatchers work in parallel; if one LSHH fails, the other LSHH will still give an alarm and the operator has sufficient time to interact (slow process) There are sufficient alarms. 2 failure of level high control causes wrong measurement for 11LSHH1068, (trip will be too late) 1. Refer to PID 11-PE-1002-007 and Mechanical Data Sheet
Remarks:

Page 20 of 38
Rev.date :

11 Slugcatcher and Pigtrap 11-VL-101B Level Control Downstream condensate system Prevent MEG/H20 into condensate system
voting P+ID no.:
1 out of 1 11-PE-1002-008
all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Close inlet ESD valve to slugcatcher Close HV valves in condensate draw off line (4 valves) -
SIF)
Description / Reason No impact,

1 NA 2 2 2
Flaring more > 1 day (start-up) MEG/H20 into condensate separator 12-VA-101, which can then be sent to the MEG system; operational upset fouling of 20-HA-101, which needs cleaning : Downtime of side product >1 day, less than 1 week and downtime of main product > 1 day, as condensate can be stored in slugcatcher, but storage capacity is limited

Demand Rate
yes Asset : 12-LDT-1084 and 12-LDT-1058 give alarm 2 1) 2) control loop failure or operator failure (selector failure) Refer to PID 11-PE-1002-007 and Mechanical Data Sheet 11LT1084 B or A can be used as control. When one is selected as control the other must be used as trip signal. Control and trip signal must be independent.
Remarks:

Page 21 of 38
Rev.date :
11LT1084
11 Slugcatcher and Pigtrap 11-VL-101B Level Control slugcatcher
voting P+ID no.:
1 out of 1 11-PE-1002-008
Prevent overfilling of stand-pipe for level measurement with MEG while slugcatcher is filled with condensate. Prevent wrong level measurement. all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element time delay -

Close inlet ESD valve to slugcatcher Close HV valves in condensate draw off line (4 valves)
SIF)
Description / Reason Overfilling of slugcatcher, no risk for personnel, as liquid will enter the process first.

0.1 operator not present 2 Flaring at restart Liquid condensate , excluding MEG/H20, carry-over to filter separator 12-CB-101. Resulting in high pressure drop over filter separator with damage of internals. Finally liquid carry-over to C02 wash column, resulting in foaming. 3 Main production out of service, more than 1 week

Demand Rate
yes Both slugcatchers work in parallel; if one LSHH fails, the other LSHH will still give an alarm and the operator has sufficient time to interact (slow process) There are sufficient alarms. 2 failure of level high control causes wrong measurement for 11LSHH1069, (trip will be too late) 1) Refer to PID 11-PE-1002-007 and Mechanical Data Sheet
Remarks:

Page 22 of 38
Rev.date :

11 Slugcatcher and Pigtrap 11-VL-101A Level Control Downstream MEG/H20 system
voting P+ID no.:
1 out of 1 11-PE-1002-007
Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H L LL LLL 1) mm 1) mm 1) mm
Prevent condensate breakthrough into MEG/H20 system all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Switch condensate draw off valve Alarm MEG/H2O level low Close MEG/H20 draw off line Description / Reason No impact
SIF)

1 NA 1 3
No impact Condensate breakthrough into MEG/H20 system into MEG storage tank, from where finally condensate is used as MEG to pipeline downtime of main product >1 week

Demand Rate
yes Asset : 13-VA-101, where separation is done, with Level indication and alarms; collection in the bottom of 13-TA101, where it can be removed (1AIL) Lean MEG is buffered in the tank 13-TA-102, so pipeline does not need to be stopped (1 AIL) 2 control loop failure or operator failure (selector failure)
Remarks:

revealed failure (spurious trip) : Unwanted closure of the flow to the MEG/H20 system; operator has time to react. No high availability is necessary.
Page 23 of 38
Rev.date :

11 Slugcatcher and Pigtrap 11-VL-101B Level Control Downstream MEG/H20 system
voting P+ID no.:
1 out of 1 11-PE-1002-008
Prevent condensate breakthrough into MEG/H20 system all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Switch condensate draw off valve Alarm MEG/H2O level low Close MEG/H20 draw off line Description / Reason No impact
SIF)

1 NA 1 3
No impact Condensate breakthrough into MEG/H20 system into MEG storage tank, from where finally condensate is used as MEG to pipeline downtime of main product >1 week

Demand Rate
yes Asset : 13-VA-101, where separation is done, with Level indication and alarms; collection in the bottom of 13-TA101, where it can be removed (1AIL) Lean MEG is buffered in the tank 13-TA-102, so pipeline does not need to be stopped (1 AIL) 2 control loop failure or operator failure (selector failure)
Remarks:

Page 24 of 38
Rev.date :
11LT1083 (previous 1091)

11 Slugcatcher and Pigtrap 11-VL-101A Level Control Downstream MEG/H20 system
voting P+ID no.:
1 out of 1 11-PE-1002-007
Prevent gas breakthrough into 13-VA-101 MEG/H20 system all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Switch condensate draw off valve Alarm MEG/H2O level low Close MEG/H20 draw off line Description / Reason Gas breakthrough results in overpressurisation of 13-VA-101; exceeding burst pressure
SIF)

NA Not taken into account 2 5 Short Flaring from safety valve relief, > 1 day Gas breakthrough results in overpressurisation of 13-VA-101, exceeding burst pressure, damage to vessel

Demand Rate
yes Safety valves are designed for the scenario ( 3 IPLs, reducing the consequence) 2 control loop failure or operator failure (selector failure)
Remarks:

Page 25 of 38
Rev.date :
11LT1084 (previous 1092)

11 Slugcatcher and Pigtrap 11-VL-101B Level Control Downstream MEG/H20 system
voting P+ID no.:
1 out of 1 11-PE-1002-008
Prevent gas breakthrough into 13-VA-101 MEG/H20 system all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

Switch condensate draw off valve Alarm MEG/H2O level low Close MEG/H20 draw off line Description / Reason Gas breakthrough results in overpressurisation of 13-VA-101; exceeding burst pressure
SIF)

NA Not taken into account 2 5 Short Flaring from safety valve relief, > 1 day Gas breakthrough results in overpressurisation of 13-VA-101, exceeding burst pressure, damage to vessel

Demand Rate
yes Safety valves are designed for the scenario ( 3 IPLs, reducing the consequence) 2 control loop failure or operator failure (selector failure)
Remarks:

Page 26 of 38
Rev.date :
Tag Process Unit:
voting P+ID no.:
1 out of 1 11-PE-1002-003
ensure low pressure difference before ESV valve is opened. 11-CA-102 A/B and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open ESV-Valve
(without SIF)
Description / Reason 4 Full rupture of 4 piping; liquid MEH/H20 leakage

0.1 Rare to more often exposure in the endangered zone (~ 10% of the time), e.g. only during supervision rounds or maintenance. Operator may be present at the ESD-Valve but not in the endangered area thus frequency is reduced by one step (area is outside the barge and at large distance). Exposure time risk needs not to be taken into account 2 4 3 Flaring for restart and spill of liquid MEG/H20 in not curbed area : risk of soil contamination Liquid hammering : Damage to common piping and to 11-CA-102 A or B Downtime for main and by-product more than one week

Demand Rate
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step Personnel : In case of leak the ESV valve can be closed again (stopping already the flow of water in MEG) (1 SIL) 2 High differential pressure is given only after shutdown
Remarks:

Page 27 of 38
Rev.date :
Tag Process Unit:
voting P+ID no.:
1 out of 1 11-PE-1002-005
ensure low pressure difference before ESV valve is opened. 11-CA-102 A/B and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

(without SIF)
Description / Reason 4 Full rupture of 4 piping; liquid MEH/H20 leakage

0.1 Rare to more often exposure in the endangered zone (~ 10% of the time), e.g. only during supervision rounds or maintenance. Operator may be present at the ESD-Valve but not in the endangered area thus frequency is reduced by one step (area is outside the barge and at large distance). Exposure time risk needs not to be taken into account 2 4 3 Flaring for restart and spill of liquid MEG/H20 in not curbed area : risk of soil contamination Liquid hammering : Damage to common piping and to 11-CA-102 A or B Downtime for main and by-product more than one week

Demand Rate
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step Personnel : In case of leak the ESV valve can be closed again (stopping already the flow of water in MEG) (1 SIL) 2 High differential pressure is given only after shutdown
Remarks:

Page 28 of 38
Rev.date :
Tag Process Unit:
11PDT1121 11 Slugcatcher and Pigtrap 11-HV-1093/1094/1098/1099
voting P+ID no.:
1 out of 1 11-PE-1002-003
ensure low pressure difference before group of HV valve is opened. 11-CA-101A/B and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open group of HV-Valves
(without SIF)
Description / Reason 4 Full rupture of 8 piping; condensate leakage

0.1 Rare to more often exposure in the endangered zone (~ 10% of the time), e.g. only during supervision rounds or maintenance. Operator may be present at the ESD-Valve but not in the endangered area thus frequency is reduced by one step (area is outside the barge and at large distance). Exposure time risk needs not to be taken into account 2 4 3 Flaring for restart and spill of condensate in not curbed area : risk of soil contamination Liquid hammering : Damage to common piping and to 11-CA-101 A or B Downtime for main and by-product more than one week
Averting of hazard
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step Personnel : In case of leak, the ESV valve, could be closed again, which limits gas leakage at 115 barg and also 11ESV-1072 can be closed again, which limits the consequences (1 SIL)
Frequency/
Demand Rate
High differential pressure is given only after shutdown
Remarks:

Page 29 of 38
Rev.date :
Tag Process Unit:
11PDT1151 11 Slugcatcher and Pigtrap 11-HV-1070/1071/1095/1096
voting P+ID no.:
1 out of 1 11-PE-1002-005
ensure low pressure difference before group of HV valve is opened. 11-CA-101A/B and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open group of HV-Valves
(without SIF)

Averting of hazard
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step Personnel : In case of leak, the ESV valve, could be closed again, which limits gas leakage at 115 barg and also 11ESV-1073 can be closed again, which limits the consequences (1 SIL)
Frequency/
Demand Rate
Remarks:

Page 30 of 38
Rev.date :
Tag Process Unit:
voting P+ID no.:
1 out of 1 11-PE-1002-003
ensure low pressure difference before ESV valve is opened. 11-CA-101A/B and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

(without SIF)

Averting of hazard
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step Personnel : In case of leak, the ESV valve, could be closed again, which limits gas leakage at 115 barg and also the group 11-HV-1093/1094/1098/1099 valves can be closed again, which limits the consequences (1 SIL)
Frequency/
Demand Rate
Remarks:

Page 31 of 38
Rev.date :
Tag Process Unit:
voting P+ID no.:
1 out of 1 11-PE-1002-005
ensure low pressure difference before ESV valve is opened. 11-CA-101A/B and connected piping avoid pressure shock all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

(without SIF)

Averting of hazard
yes Prior to opening of ESV valve after shutdown the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step Personnel : In case of leak, the ESV valve, could be closed again, which limits gas leakage at 115 barg and also the group 11-HV-1070/1071/1095/1096 valves can be closed again, which limits the consequences (1 SIL)
Frequency/
Demand Rate
Remarks:

Page 32 of 38
Rev.date :
Tag Process Unit:
11PDT1037
11 Slugcatcher and Pigtrap ESD-Valve 11ESV1066
voting P+ID no.:
1 out of 1 11-PE-1002-004
ensure low pressure difference before ESD-Valve is opened. 12-HA-102 and connected piping avoid pressure shock to 12-HA-102 and connected piping all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

(without SIF)
Description / Reason 4 1 2 4 3 possible leakage of gaseous HC at flange connections no full rupture is expected no credit taken minor effects because non environmental hazardous products are released damage to piping and equipment due to pressure shock and explosion or fire, > 1% plant value downtime not more than one week


Demand Rate
yes prior to opening of ESD valve after a depressurisation the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step ( 1 IPL) Personnel : ESD valve can be closed again, limiting the consequences; no credit is taken 1 high differential pressure is given after shutdown and an operator failure at the same time
Remarks:
1) pressure A must not be higher than 1 bar than pressure B, and the opposite way

Requirement for proof test interval Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.). revealed failure (spurious trip) : necessary
at high differential pressure trip shall not open the valve, if it is closed at high differential pressure trip shall not close the valve, if it is open. Thus no high availability is
Page 33 of 38
Rev.date :
Tag Process Unit:
11PDT1038
11 Slugcatcher and Pigtrap ESD-Valve 11ESV1067
voting P+ID no.:
1 out of 1 11-PE-1002-004
ensure low pressure difference before ESD-Valve is opened. 12-HA-102 and connected piping avoid pressure shock to 12-HA-102 and connected piping all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

(without SIF)
Description / Reason 4 1 2 4 3 possible leakage of gaseous HC at flange connections no full rupture is expected no credit taken minor effects because non environmental hazardous products are released damage to piping and equipment due to pressure shock and explosion or fire, > 1% plant value downtime not more than one week


Demand Rate
yes prior to opening of ESD valve after a depressurisation the operator is warned to repressurise the equipment in the field ( limit switch and operating procedure is provided ) that reduces the frequency with one step ( 1 IPL) Personnel : ESD valve can be closed again, limiting the consequences; no credit is taken 1 high differential pressure is given after shutdown and an operator failure at the same time
Remarks:
1) pressure A must not be higher than 1 bar than pressure B, and the opposite way

Requirement for proof test interval Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.). revealed failure (spurious trip) : necessary
at high differential pressure trip shall not open the valve, if it is closed at high differential pressure trip shall not close the valve, if it is open. Thus no high availability is
Page 34 of 38
Rev.date :
Tag Process Unit:
11PT1138 A/B 11 Slugcatcher and Pigtrap 11-VL-101B pressure control flare system and slugcatcher
voting P+ID no.:
1 out of 2 11-PE-1002-006
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL 48 barg 70 barg
prevent overloading of flare by keeping the second valve closed until the pressure is below 55 barg and the third valve until the pressure is below 15 barg only in case of emergency depressurisation all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibits to open 11-BDV-1135 inhibits to open 11-BDV-1134
(without SIF)
Description / Reason 4 overload of flare system and possible damage to flare header system and risk of hydrocarbon release to atm.

0.1 rare to more often exposure in the endangered zone (~ 10% of the time), e.g. only during supervision rounds or maintenance and the removal of the dangerous situation does not require the presence of staff on the scene of action 1 3 overload of the flare (less than 8 hrs) back pressure in the flare system for half hour, no potential reaching the test pressure in the flare system, risk off damage to the flare system at the tie in point of subheaders, release of HC possible. Production downtime main product, > 1 week. Risk for the BD drum damage. Risk of short fire

Demand Rate
no 2 in case of emergency depressurisation, which may occur once every 5 years
Remarks:
1st valve may open to blow-down without any risk

only in case of emergency depressurisation
revealed failure (spurious trip) : trip of valve does not effect main production and thus no high availability is required
Page 35 of 38
Rev.date :
Tag Process Unit:
11PT1139 A/B 11 Slugcatcher and Pigtrap 11-VL-101A pressure control flare system and slugcatcher
voting P+ID no.:
1 out of 2 11-PE-1002-006
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL 48 barg 70 barg
prevent overloading of flare by keeping the second valve closed until the pressure is below 55 barg and the third valve until the pressure is below 15 barg only in case of emergency depressurisation all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibits to open 11-BDV-1137 inhibits to open 11-BDV-1136
(without SIF)
Description / Reason 4 overload of flare system and possible damage to flare header system and risk of hydrocarbon release to atm.

0.1 rare to more often exposure in the endangered zone (~ 10% of the time), e.g. only during supervision rounds or maintenance and the removal of the dangerous situation does not require the presence of staff on the scene of action 1 3 overload of the flare (less than 8 hrs) back pressure in the flare system for half hour, no potential reaching the test pressure in the flare system, risk off damage to the flare system at the tie in point of subheaders, release of HC possible. Production downtime main product, > 1 week. Risk for the BD drum damage. Risk of short fire

Demand Rate
no 2 in case of emergency depressurisation, which may occur once every 5 years
Remarks:
1st valve may open to blow-down without any risk

only in case of emergency depressurisation
revealed failure (spurious trip) : trip of valve does not effect main production and thus no high availability is required
Page 36 of 38
Rev.date :
Tag Process Unit:
11TT1181 11 Slugcatcher and Pigtrap 11-HA-101 temperature control slugcatcher line from 11-HA-101 to slugcatcher
voting P+ID no.:
1 out of 1 11-PE-1002-001
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL - 3 C - 5 C
prevent low temperatures during pipeline depressurisation when no heating in 11-HA-101 only in case of emergency depressurisation all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

alarm (to prevent hydrate formation) alarm (close the ESD valve to stop the flow) operator action Description / Reason 4 low temp. will occur at high delta P, risk of brittle fracture may be given, depending on the ratio of temperature and pressure . there is no risk of brittle fracture if depressurisation is done from 230 bar to 70 bar. (delta T is -25C) , design temp. is -45C
(without SIF)
Personnel
Exposure Time Risk Environment Assets:

0.1 rare to more often exposure in the endangered zone (~ 10% of the time), e.g. only during supervision rounds or maintenance and the removal of the dangerous situation does not require the presence of staff on the scene of action NA 4 damage of piping and main equipment due to low temp.

Demand Rate
yes special operating procedure will be available and needs to be followed strictly. (1 IPL) hydrates may occur in the valve 11HV1002 and will restrict the flow. 0 pipeline depressurisation with very high delta p (230 bar down to 1 bar), which may occur once every 10 years and failure of a control loop.
Remarks:
Team agreed during HAZOP that an alarm is sufficient, as a trip function may cause problems during cold slugs and may cause unwanted trips when liquids are vaporised.

Requirement for proof test interval Manual shutdown possibility Energise or deenergise to trip Special requirement for reset of SIS specific requirements for starting or restarting the SIS Bypass requirements Mean Time to Repair MTTR Additional safety instrumented functions to support special operational cases (e.g. start-up, stand-by, shutdown etc.). revealed failure (spurious trip)
Review date : 01.04.03 final HAZOP
only in case of pipeline depressurisation
Page 37 of 38
Rev.date :
Tag Process Unit:
11PDT1014 11 Slugcatcher and Pigtrap Pig receiver
voting P+ID no.:
1 out of 1 11-PE-1001-001
prevent opening of shut-off valves at the pig receiver when personnel are working at open door personnel working on Pig receiver inhibit to open / prevent opening of shut-off valves at the pig receiver when personnel are working at open door and prevent gas flow to atm. all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open Shut-off -Valve
(without SIF)
Description / Reason 4 1 3 1 Large gas release to atm. when opening of shut-off valves at the pig receiver. Personnel are working at open door. Risk of fire and explosion. One to three fatalities possible. operator is present when opening the valves large gas release no impact, as gas jet will not be directed to the plant equipment

Averting of hazard
yes 11ZSLL1007 prevents also that the second shut-off valves are open when the pig receiver door is open. ( 1 IPL) no impact, as gas jet will not be directed to the plant equipment highly established operating procedure is available / supervised action (1 IPL) 2 operator mistake during a highly supervised action, removing a pig is only once per year. 1) as long as there is a differential pressure the valves must not be opened
Frequency/
Demand Rate
Remarks:

Revealed failure : on impact on production thus low availability

Page 38 of 38
Rev.date :
Tag Process Unit:
11ZSL1007 11 Slugcatcher and Pigtrap Pig receiver
voting P+ID no.:
1 out of 1 11-PE-1001-001
Equipment under control Safe state of the process Protected system Description of the SIS function Description of mode of operation of the plant for which the SIS is required Setpoint H HH L LL open door
prevent opening of shut-off valves at the pig receiver when personnel are working at open door personnel working on Pig receiver inhibit to open / prevent opening of shut-off valves at the pig receiver when personnel are working at open door and prevent gas flow to atm. all cases defined in E066-AB-P-LE-0001 "Operational Design Scenarios of Snhvit Feed for Hammerfest LNG Plant", as well as start-up, shutdown, off-spec. case. Response time of final element

inhibit to open Shut-off -Valves Description / Reason 4 1 3 1 Large gas release to atm. when opening of shut-off valves at the pig receiver. Personnel are working at open door. Risk of fire and explosion. One to three fatalities possible. operator is present when opening the valves large gas release no impact, as gas jet will not be directed to the plant equipment
(without SIF)

Averting of hazard
yes 11PDSHH1014 prevents also that the shut-off valves are open when the pig receiver door is open. ( 1 IPL) no impact, as gas jet will not be directed to the plant equipment highly established operating procedure is available / supervised action (1 IPL) 2 operator mistake during a highly supervised action, removing a pig is only once per year.
Frequency/
Demand Rate
Remarks:

Revealed failure : on impact on production thus low availability


4 SRS Detail

Uploaded by

Copyright:

Available Formats

You might also like

4 SRS Detail

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 SRS Detail

Uploaded by

Copyright:

Available Formats

PAGE 1 OF 38

Statoil Rev. Code

SIS Safety Requirements Specification Specific Part

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part

SIS Safety Requirement Specification Specific Part

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part

Tag Process Unit:

voting P+ID no.:

Description of SIS Output Action

Response time of final element

closing the subsea wing valve

Personnel Exposure Time Risk Environment Assets:

Safety Integrity Level (SIL)

Asset Integrity Level (AIL)

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part

Tag Process Unit:

11-PT-1100 (pressure low) main feed gas pipeline pipeline

voting P+ID no.:

Description of SIS Output Action

Response time of final element

Personnel Exposure Time Risk Environment Assets:

Safety Integrity Level (SIL)

Asset Integrity Level (AIL)

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part

Tag Process Unit:

11PDT1168 (previous 1095) 11 Slugcatcher and Pigtrap ESD-Valve 11ESV1001

voting P+ID no.:

Description of SIS Output Action

inhibit to open ESD-Valve

Personnel Exposure Time Risk Environment Assets:

Safety Integrity Level (SIL)

Asset Integrity Level (AIL)

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part

Tag Process Unit:

voting P+ID no.:

Description of SIS Output Action

close ESD-Valve upstream Pig receiver

Personnel Exposure Time Risk Environment Assets:

Averting of hazard Frequency/

Safety Integrity Level (SIL)

Asset Integrity Level (AIL)

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part

Tag Process Unit:

voting P+ID no.:

Description of SIS Output Action

close HIPPS valve downstream Pig receiver

Personnel Exposure Time Risk Environment Assets:

Averting of hazard Frequency/

Safety Integrity Level (SIL)

Asset Integrity Level (AIL)

D:\Daten\Safety Training\Schulung Prozess\SRS_Detail.doc

SIS Safety Requirement Specification Specific Part