Professional Documents
Culture Documents
LOPA (Compatibility Mode)
LOPA (Compatibility Mode)
Sebuah Risiko..
Analisis Risiko
Accident Probability
Accident Consequences
Risk Determination
NO
Modify Design
Non-Based Scenario
Based-Scenario
HazardScenario
T C
Thermocouple
HAZOPSuntukHAZARDScenario
Guide Word
NO
Deviation
No cooling
Causes
Cooling water valve malfunction Failure of water source resulting in backward flow Control valve f il failure, operator t fails to take action on alarm More pressure in reactor
Consequences
Temperature increase in reactor Less cooling, possible runaway reaction Too much cooling, reactor t cool l
Action
Install high temperature alarm (TAH) Install check valve
REVERSE
MORE
AS WELL AS
Off-spec product
Check maintenance i procedures and schedules If less cooling, TAH will detect. If detected, isolate water source. Back up water source?
8
OTHER THAN
Definisi
A Simplified Si lifi d f form of f risk i k assessment which hi h uses order of magnitude categories for initiating event frequency, q y, consequence q severity, y, and the likelihood of failure of independent protection layers (IPLs) to approximate the risk of a scenario. an analysis tool that typically builds on the information developed during g a qualitative hazard evaluation, such as a process hazard analysis (PHA)
Risk of Scenario
1. Initiating Event : Penyebab tunggal pada suatu skenario yang berujung pada terjadinya konsekuensi yang tidak dii diinguinkan i k 2. Enabling Event & Condition : Penyebab lanjutan yang dipicu oleh I iti ti Event Initiating E t 3. Conditional Modifier : Kemungkinan dampak tambahan yang memperparah konsek ensi konsekuensi (Probability of ignition, Probability of fatal injury, etc)
Protesha Sinergy Copyright 2010
Preventive F Feature
Safe Outcome
Impact Event
frequency
AnalisisKonsekuensi
Guide Word
NO
Deviation
No cooling
Causes
Cooling water valve malfunction Failure of water source resulting in backward flow Control valve f il failure, operator t fails to take action on alarm More pressure in reactor
Consequences
Temperature increase in reactor Less cooling, possible runaway reaction Too much cooling, reactor t cool l
Action
Install high temperature alarm (TAH) Install check valve
REVERSE
MORE
AS WELL AS
Off-spec product
Check maintenance i procedures and schedules If less cooling, TAH will detect. If detected, isolate water source. Back up water source?
15
OTHER THAN
AnalisisKonsekuensi
Metode analisis konsekuensi yang sering di pakai dalam LOPA
1 Category 1. C A Approach h without ih di direct reference f to h human h harm 2. Qualitative estimates with human harm 3. Qualitative estimates with human harm with adjustments for postrelease probabilities 4 Quantitative estimates with human harm 4. 5. Overall cost resulting from potential incident (e.g., capital losses, production losses etc.)
AnalisisKonsekuensi
1. Category Approach without direct reference to human harm
Fokus pada upaya pencegahan daripada mitigasi Tidak menggunakan ukuran human injury/fatality Menggunakan matrix untuk masing-masing kategori
AnalisisKonsekuensi
2 Qualitative estimates with human harm 2.
Fokus pada dampak yang diderita noleh manusia Hasil perhitungan risiko dapat dibandingkan secara langsung dengan Risk Tolerance Criteria
AnalisisKonsekuensi
3. Qualitative estimates with human harm with adjustments for postrelease probabilities
Serupa dengan metode no. no 2, namun penekanannya lebih pada setelah penyebab terjadi (misal : release-nya bahan kimia) Memperthitungkan : Probabilitas kejadian yang menjadi penyebab, probabilitas manusia yang ada disekitarnya, probabilitas terjadinya i j /f t lit injury/fatality
AnalisisInitiatingEvent
Untuk menentukan suatu penyebab (Initiating Event) dalam skenario selalu didahului pertanyaan : What is the likelihood of the undesired event in the scenario ? What Wh t i is th the risk i k associatedwith i t d ith thi this scenario i ? Are there sufficient risk mitigation measures ?
AnalisisInitiatingEvent
Jenis jenis penyebab (Type of Initiating Event) Jenis-jenis
Jenis kejadian Kegagalan bersifat mekanis (Mechanical failures) Kegagalan karena sistem pengendali (Control System Failures) Kegagalan karena sistem penunjang (Utility Failures) Kegagalan karena bencana alam (Natural external events) Kegagalan egaga a karena a e a kondisi o d s eksternal e ste a Kegagalan karena ketidakmampuan kondisi manusia (Human Failures) Contoh Korosi, Vibrasi, Erosi, Fracture, PSV stuck open, fabrication defect, brittle, gas/seal/flange bocor Sensor/Logic/Control Element Failures, Wiring failures, Software crashes, Interface blocked Power failures, Cooling System failure, Instrument air system failure Gempa bumi, Tornado, Banjir, Petir Pabrik ab tetangga teta gga failure, a u e, d ditabrak tab a kendaraan Operational Error, Maintenance Error, Response Error
AnalisisInitiatingEvent
Sumber data untuk menentukan Initiating Event Frequency diperoleh dari : 1. Data Industri (biasanya dari lembaga eksternal - contoh : OREDA) ) 2. Pengalaman Perusahaan 3 Data 3. D t vendor d (d (data t d dari i pembuat b t alat) l t)
AnalisisIndependentProtectionLayer(IPL)
IPL : Sistem/Alat/Aktifitas Si /Al /Ak ifi yang b bertujuan j mencegah h (preventing) atau memindahkan (mitigate) penyebab (initiating ( g event) ) agar g tidak menjadi j dampak p yang y g tak diharapkan (the undesired consequences) Tipe-tipe p p y yang g tergolong g g IPL : Process Design (Inherently Safer Design) Basic Process Control System Critical C i i l Al Alarm and dH Human I Intervention i Safety Instrumented System Physical y Protection Post-release Protection Plant Emergency Response Community Emergency Response
Protesha Sinergy Copyright 2010
AnalisisIndependentProtectionLayer(IPL)
COMMUNITY EMERGENCY RESPONSE
Basic Process Control Systems Non-safety Process alarms Operator Supervision Process Design
AnalisisIndependentProtectionLayer(IPL)
Agar suatu sistem/alat/tindakan (safeguard) dapat dipertimbangkan sebagai IPL maka harus memenuhi : Efektif dalam mencegah agar tidak terjadi dampak ketika berfungsi Dapat men-detect penyebab Dapat D men-decide d id tindakan i d k yang akan k dilakukan dil k k Dapat men-deflect dampak supaya tidak muncul Independent p dari p penyebab y (Initiating ( g Event) ) dan komponen p IPL lainnya untuk skenario yang sama Auditable dalam hal tingkat efektifannya dalam mencegah dampak, p , terutama dalam hal PFD
Apabila p seluruh IPL dipengaruhi p g oleh Common-Cause Scenario, maka seluruh IPL tersebut dianggap IPL tunggal
Protesha Sinergy Copyright 2010
AnalisisIndependentProtectionLayer(IPL)
P Process Design D i Umumnya ada 2 hal yang terkait dalam Inherently Safer Design dalam IPL IPL-Process Process Design Eliminasi dengan menggunakan metode Inherently Safer g Design Memberikan angka non-zero PFD pada langkah Inherently safer Design yang lain
Nilai PFD Inherently (CCPS,2001)
AnalisisIndependentProtectionLayer(IPL)
BPCS adalah sistem yang memonitor, mengendalikan dan mempertahankan proses dalam rentang operasional yang y g aman
AnalisisIndependentProtectionLayer(IPL)
BPCS
Failure Rate Data (CCPS, 2001)
PFD dalam BPCS dipengaruhi p g oleh : Adequacy of security and access procedures - terkait dengan manusia Level of redundancy - terkait dengan back-up system Historic failure rate - terkait dengan latar belakang terjadinya terjadin a kerusakan/kegagalan Effective test rate - terkait dengan test Other factors - Other factors to be considered include design design, manufacture manufacture, installation and maintenance.
Protesha Sinergy Copyright 2010
AnalisisIndependentProtectionLayer(IPL)
C i i l Alarm Critical Al and d Human H Intervention I i (CAHI)
PFD dalam da a CAHI C d dipengaruhi pe ga u o oleh e : Detection - Saat alarm berbunyi Decision - Saat response Action A ti - Saat S t tindakan ti d k dilakukan dil k k
AnalisisIndependentProtectionLayer(IPL)
SIS adalah Safeguard/IPL yang terdiri atas sensor, logic solver, dan final element Fungsinya adalah hanya hanya membawa kondisi operasi ke Safe Safe State State Dikenal dengan berbagai nama : Safety Interlock System, Emergency Shut-down System, dll PFD dalam SIS dikenal pula sebagai RRF (Risk Reduction Factor) dan secara International Standard (IEC 61511) dikategorikan dalam Safety Integrity Level (SIL)
AnalisisIndependentProtectionLayer(IPL)
PFD dalam SIL
AnalisisIndependentProtectionLayer(IPL) Physical Protection Faktor yang mempengaruhi nilai PFD Sizing alat Design Instalasi I l i Kualitas Inspeksi Kualitas Perawatan Kebersihan cairan proses
Studi Kasus - 1
Protection Layers
Likelihood = X
Kasus 1: Flash drum for rough component separation for this proposed design.
cascade Vapor product
Split p range g
PAH
TC-6
PC-1
T1
T2
T5
FC-1
LAL LAH
T3
LC-1
F2
Kasus 1: Flash drum for rough component separation. Complete the table with your best estimates of values.
1 # Initial E t Event Description 2 Initiating cause 3 Cause lik lih d likelihood 4 Process d i design 5 BPCS 6 Alarm SIS 7 8 Additional mitigation iti ti (safety valves, dykes, restricted access, etc.) 9 Mitigated t event likelihood Notes 10
Protection Layers
High g pressure
The drum pressure controller uses only one sensor; when it fails, the pressure is not controlled. The same sensor is used for control and alarming. Therefore, the alarm provides no additional protection f this for thi initiating i iti ti cause. No safety valve is provided (which is a serious design flaw). flaw) No SIS is provided for the system. (No SIS would be provided for a typical design.)
Protection Layers
High pressure
0.10
0.10
1.
1.0
1.0
.01
Protection Layers
High pressure
0.10
0.10
1.0
0.10
1.0
.00001
Pressure sensor does not measure the drum pressure The PRV must exhaust to a separation (k k t) (knock-out) drum and fuel or flare system.
Enhanced design includes separate P sensor for alarm and a pressure relief valve. Sketch on process drawing.
The enhanced design achieves the target mitigated likelihood. Verify table entries.
Studi Kasus - 2
Scenario
The two-phase separator V 180 is under level control (Level control LC 213). In case of high high liquid level, the level switch LSHH 214 would close emergency shutdown valve ESDV 172 and shutdown compressor C 130 downstream of V 180. This is to prevent carrying liquid over to the compressor leading to compressor damage.
Protesha Sinergy Copyright 2010
Analisis LOPA
Analisis LOPA
Evaluasi Risiko
Terima Kasih