Scribd Logo
Upload

Welcome to Scribd!

  • 30 views

    Energise Trip PDF

    Uploaded by

    pradeep1987cool
    The document discusses the choices between using a de-energise to trip (DT) system versus an energise to trip (ET) system for overpressure protection of a turbine. It notes that guidance on the topic is limited. DT systems fail danger if power is lost but are simpler, while ET systems can fail safe if power is lost but are more complex. The document provides examples of overpressure protection systems using each approach and discusses factors like reliability, diagnostics and architecture that influence failure rates.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Energise Trip PDF

    Uploaded by

    pradeep1987cool
    30 views26 pages
    The document discusses the choices between using a de-energise to trip (DT) system versus an energise to trip (ET) system for overpressure protection of a turbine. It notes that guidance on the topic is limited. DT systems fail danger if power is lost but are simpler, while ET systems can fail safe if power is lost but are more complex. The document provides examples of overpressure protection systems using each approach and discusses factors like reliability, diagnostics and architecture that influence failure rates.

    Original Description:

    Original Title

    energise-trip.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses the choices between using a de-energise to trip (DT) system versus an energise to trip (ET) system for overpressure protection of a turbine. It notes that guidance on the topic is limited. DT systems fail danger if power is lost but are simpler, while ET systems can fail safe if power is lost but are more complex. The document provides examples of overpressure protection systems using each approach and discusses factors like reliability, diagnostics and architecture that influence failure rates.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    30 views26 pages

    Energise Trip PDF

    Uploaded by

    pradeep1987cool
    The document discusses the choices between using a de-energise to trip (DT) system versus an energise to trip (ET) system for overpressure protection of a turbine. It notes that guidance on the topic is limited. DT systems fail danger if power is lost but are simpler, while ET systems can fail safe if power is lost but are more complex. The document provides examples of overpressure protection systems using each approach and discusses factors like reliability, diagnostics and architecture that influence failure rates.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 26

    Energise to trip?

    De-energise to trip?

    Simple Choice?

    Tony Foord & Colin Howard


    www.4-sightConsulting.co.uk
    +44 (0)1 582 462 324
    Slide DT/ET - 1
    Examples

    Slide DT/ET - 2
    Overview

    • Available guidance
    • Why do trip systems fail?
    • Trip system issues
    • System failure modes
    • 3 examples
    • Architecture and Spurious trip frequency
    • Diagnostics and Reverse acting transmitters
    • References
    • Conclusions

    Slide DT/ET - 3
    Traditional Choices

    Safety Availability

    De-energise Energise to
    to Trip (DT) Trip (ET)

    Operation

    Slide DT/ET - 4
    Available Guidance

    • Very little specific guidance published


    X One or two paragraphs only

    X Concentrate on “fail safe”


    WHY?
    ¾Custom and practice?
    ¾Taken for granted?
    ¾Principles assumed?

    Slide DT/ET - 5
    Overpressure protection for a
    turbine driven compressor

    Slide DT/ET - 6
    Why do trip systems fail?
    Inadequate
    specification

    Inadequate design
    and
    implementation
    Inadequate
    installation and
    commissioning
    Inadequate
    operation and
    maintenance
    Inadequate
    modification
    Source: Out of Control 2003 Slide DT/ET - 7
    Trip system issues

    • SIF Requirements
    • Passive / active systems
    • Utility Requirements
    • Effect on Fail to Danger and Spurious Trips
    – Design policy / Architecture / Overrides (defeats)
    – People issues
    – Operate / Test / Repair policies
    – Component reliability
    – Diagnostics

    Slide DT/ET - 8
    System failure modes

    Source: Sintef PDS Method Handbook 2006


    Slide DT/ET - 9
    Energise or De-energise to Trip?

    LSZ
    Process SIF
    unit
    consumers
    OAF
    Surge
    Drum

    Emergency Feed

    Slide DT/ET - 10
    Addition of Reactor Inhibitor Options
    HP N2
    Inhibitor
    De-energise to Trip

    Inhibitor

    Dump tank

    BD1

    Vent
    TT PT
    Feed A 1 1
    N2 In

    Feed B
    Energise to Trip
    HW In

    CW Out

    CW In

    HW Out

    Product Out
    Slide DT/ET - 11
    Architecture and Spurious Trip
    Frequency
    1
    1oo1 1oo2 1oo3 2oo3
    0.1

    0.01
    Frequency

    0.001

    0.0001

    0.00001

    0.000001

    0.0000001

    Slide DT/ET - 12
    Valve failure modes ~ 80% open

    Failure mode %
    Blocking 5

    External leak 15
    Passing 60

    Sticking 20

    Data source: Smith: Reliability, Maintainability and Risk


    Slide DT/ET - 13
    Relay failure modes ~ 90% open

    Failure mode %
    Contacts 10
    short circuit
    Contacts 80
    open circuit
    Coil 10

    Data source: Smith: Reliability, Maintainability and Risk


    Slide DT/ET - 14
    Overpressure protection for a
    turbine driven compressor

    Slide DT/ET - 15
    DT fails to danger

    Slide DT/ET - 16
    ET fails to danger

    Key to
    2oo3 sensors Both final
    2oo3 fail
    sensors Both FEs fail
    fail element
    Logicsolver
    Logic solver
    2 hardware fails
    hardware fails

    Logic
    Sensors fail

    Final
    Both FEs fail

    Sensors
    Fault
    Logic solver fails

    Sensor 1 fails
    Sensor 1 fails
    Sensor 2 fails
    Sensor 2 fails
    Sensor 3 fails
    Sensor 3 fails solver Final element
    Final element
    1 fails
    1 fails
    Final element
    Final
    2
    element
    2 fails
    fails
    elements
    Trees
    Sensor 1 fails Sensor 2 fails Sensor 3 fails
    FE 1 fails FE 2 fails

    Slide DT/ET - 17
    DT (left) and ET fails to danger

    Key to
    2oo3 sensors Both final
    2oo3 fail
    sensors Both FEs fail
    fail element
    Logicsolver
    Logic solver
    2 hardware fails
    hardware fails

    Logic
    Sensors fail

    Final
    Both FEs fail

    Sensors
    Fault
    Logic solver fails

    Sensor 1 fails
    Sensor 1 fails
    Sensor 2 fails
    Sensor 2 fails
    Sensor 3 fails
    Sensor 3 fails solver Final element
    Final element
    1 fails
    1 fails
    Final element
    Final element
    2 fails
    2 fails
    elements
    Trees
    Sensor 1 fails Sensor 2 fails Sensor 3 fails
    FE 1 fails FE 2 fails

    Slide DT/ET - 18
    DT spurious trips

    Slide DT/ET - 19
    ET spurious trips

    Slide DT/ET - 20
    DT (left) and ET spurious trips

    Key to
    2oo3 sensors Both final
    2oo3 fail
    sensors Both FEs fail
    fail element
    Logicsolver
    Logic solver
    2 hardware fails
    hardware fails

    Logic
    Sensors fail

    Final
    Both FEs fail

    Sensors
    Fault
    Logic solver fails

    Sensor 1 fails
    Sensor 1 fails
    Sensor 2 fails
    Sensor 2 fails
    Sensor 3 fails
    Sensor 3 fails solver Final element
    Final element
    1 fails
    1 fails
    Final element
    Final element
    2 fails
    2 fails
    elements
    Trees
    Sensor 1 fails Sensor 2 fails Sensor 3 fails
    FE 1 fails FE 2 fails

    Slide DT/ET - 21
    Diagnostics and Reverse Acting
    Transmitters
    • Safety Function operates on “high” signals
    • Transmitter failure leads to low signal
    z Diagnostics require separate input
    y Reverse acting transmitter provides
    automatic protection
    – Avoids technical complexity BUT introduces
    human factors and management complexity

    Slide DT/ET - 22
    References - 1
    • http://www.hse.gov.uk/comah/sragtech/index.htm

    which includes links to Case Studies illustrating the


    importance of Control and Protection Systems, for example
    – Texaco Refinery - Milford Haven - Explosion and Fires (24/7/1994)
    – International Biosynthetics Ltd (7/12/1991)
    – BP Oil (Grangemouth) Refinery Ltd (22/3/1987)
    – Seveso - Icmesa Chemical Company (9/7/1976)

    • Out of Control (2003), Second edition, HSE Books, ISBN 0-


    7176-2192-8
    • IEC 61508 (1998 & 2000), Functional safety of
    electrical/electronic/programmable electronic safety-related
    systems Parts 1-7
    Slide DT/ET - 23
    References - 2
    • Reliability Prediction Method For Safety Instrumented
    Systems. PDS Method Handbook (2006) SINTEF
    • ISA-TR84.00.02 (2002) - Safety Instrumented Function
    (SIF) - Safety Integrity Level (SIL) Evaluation Techniques
    Part 1: Introduction – page 57
    • Reliability Maintainability and Risk (2001) David J Smith
    ISBN 0-7506-5168-7
    • Safety Shutdown Systems Design, Analysis and
    Justification (1998) Paul Gruhn and Harry Cheddie ISBN1-
    55617-665-1
    • Safety-Critical Computer Systems (1996), Neil Storey,
    ISBN 0-201-42787-7
    • Safeware: system safety and computers (1995), Nancy
    Leveson, ISBN 0-201-11972-2

    Slide DT/ET - 24
    Available Guidance on ET
    Is there anything else out there?

    Slide DT/ET - 25
    Conclusions

    • Choice less clear-cut than at first sight


    – Need to look holistically
    – Wider than simply the core SIF
    • ET can be made to work – possibilities
    of getting it wrong are greater
    • ET inherently more complex
    – Does everyone understand the
    complexity?
    • Some DT systems have ET elements
    Slide DT/ET - 26

    You might also like