Professional Documents
Culture Documents
PSM Slideshow - Module 6, Day 6
PSM Slideshow - Module 6, Day 6
Course
Module 6 – Day 6
TRAINING PROGRAM
• Day 1:
o Module 1: PSM Introduction and Overview
• Day 2:
o Module 2: 4 Pillars of PSM and Pillar 1 & 2 Elements
• Day 3:
o Module 3: Pillar 3 and Module 4: Pillar 4 Elements
• Day 4 and 5:
o Module 5: Auditing RBPSM
• Day 6:
o Module 6: SIL and LOPA
• Day 7: Consolidation and Tests
• Day 8: Site visit
2
COURSE OBJECTIVES
• LOPA
– What is LOPA
– Layers of Protection
– When to use LOPA
– Application of LOPA
– Benefits of LOPA
– The 6 steps of the LOPA process
– Calculating Probability
– LOPA Exercise
• SIL
– SIL defined
– Group Exercise
– SIL Assignment
– SIL Challenges
– SIL Exercise
3
LOPA - What
What is LOPA
• Simplified method of risk assessment. It is an engineering tool
used to ensure that process risk is successfully mitigated to an
acceptable level.
• Provides middle ground between a qualitative process hazard
analysis and a traditional, expensive quantitative risk analysis.
• Uses simplifying rules to evaluate initiating event frequency,
independent layers of protection and consequences, to provide an
order-of-magnitude estimate of risk.
• Excellent approach to identifying safety integrity level necessary
for an safety instrumented system (refer standards, such as ISA
S84 and IEC 61511).
4
LOPA
LOPA
Community Emergency Response
Plant Emergency Response
Plant Design
Integrity
6
LOPA - When
7
LOPA - Application
Application of LOPA
• Design
• Management of Change
• Facility Risk
• Incident Investigation
• Emergency Response Planning
• Bypassing a Safety System
• Determining design basis for over-pressure protection
• Determining the need for emergency isolation valves
• Screening tool for QRA (quantitative risk analysis)
8
LOPA - Benefits
Benefits of LOPA
• A scenario-related focus on the process risk, therefore LOPA often
reveals process safety issues not identified in previous qualitative
hazard analysis.
• Process hazards directly connected to the safety actions, clearly
providing the safety instrumented systems and associated SIL.
• Effective in resolving disagreements related to qualitative hazard
analysis findings.
• Often identifies alternatives to the SIS (adding other layers of
protection, modifying the process, or changing procedures). Other
options to evaluate using cost/benefit analysis, allowing the most
cost effective means of risk reduction to be selected.
9
LOPA - Process
The 6 steps of the LOPA process
Determine
Process deviation consequence of Implementable
and hazard scenario hazard scenario recommendations
• Important to • Once the
focus the consequence
team on a • Consider
• such as: loss of and frequency recommen-
• Hazards specific • For each
flow control, of the hazard dations from
analysis hazard event is IPL,
loss of pressure LOPA as
documents scenario, known, the determine
control, excess options for
• pressure such as high risk is the PFD.
reaction implementa-
relief valve pressure evaluated • For SIS, the
resulting in • frequencies tion.
design and • Unacceptable PFD is
pipeline • should be based equivalent
inspection risk should be
reports, rupture on industry- to the SIL.
accepted and reduced
• protection further with • IPL list with
standards-
layer design IPLs associated
compliant
documents PFDs to be
failure rate data
• equipment provided in
for each device
failure rate the LOPA
data procedure.
Record
reference Initiating
documentation causes and List IPLs to mitigate
frequencies risk
10
LOPA - Process
ESTABLISH CONSEQUENCE
LOPA process SCREENING CRITERIA AND 1
REFERNCE DOCUMENTATION
ESTIMATE RISK
NEXT
SCENARIO
EVALUATE RISK
RISK MORE
ACCEPTABLE? SCENARIOS?
CONSIDER OPTIONS TO
REDUCE RISK
IMPLEMENTATION 6
11
LOPA - Probability
Calculating Probability
• Probability measured as a chance of happening out of a number of
occurrences:
– A dice has a 1/6 chance of falling on the number 5
• Probability (P5) = 1/6 = 0.167
– Probability of two dice falling on 6:
• P(6) AND P(6) = 1/6 * 1/6 = 1/36 = 0.0278
– A jar contains 4 blue, 5 red and 11 white marbles,
if 3 marbles are drawn at random, what is the P
that the first marble is red, second blue and third white?
• 5/20*4/19*11/18 = 220/6840 = 3.22%
Thank goodness for
probability / failure rate
data!
12
LOPA – Fault tree analysis
13
LOPA Group Exercise
14
LOPA - Example
Target mitigated likelihood: 10-5
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 High Connection Pressure sensor
pressure (tap) for does not
pressure measure the
sensor P1 drum pressure
becomes
plugged
15
LOPA - Example
Target mitigated likelihood: 10-5
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 High Connection 0.10 0.10 1. 1.0 1.0 1.0 .01 Pressure sensor
pressure (tap) for does not
pressure measure the
sensor P1 drum pressure
becomes
plugged
16
LOPA - Example
Target mitigated likelihood: 10-5
1 2 3 4 5 6 7 8 9 10
Protection Layers
# Initial Initiating Cause Process BPCS Alarm SIS Additional Mitigated Notes
Event cause likelihood design mitigation event
Description (safety valves, likelihood
dykes,
restricted
access, etc.)
1 High Connection 0.10 0.10 1.0 0.10 1.0 PRV 0.01 .00001 Pressure sensor
pressure (tap) for does not
pressure measure the
sensor P1 drum pressure
becomes
plugged The PRV must
exhaust to a
separation
(knock-out)
Enhanced design includes The enhanced design drum and fuel or
flare system.
separate P sensor for achieves the target
alarm and a pressure relief mitigated likelihood.
valve.
17
LOPA – Risk reduction
18
SIL - Defined
SIF1
SIF2
20
SIL - Defined
What is SIL 4?
SIL 4 is the highest level of risk reduction that can be obtained through a
Safety Instrumented System. However, in the process industry this is not a
realistic level and currently there are few, if any, products / systems that
support this safety integrity level.
SIL 4 systems are typically so complex and costly that they are not
economically beneficial to implement. Additionally, if a process includes so
much risk that a SIL 4 system is required to bring it to a safe state, then
fundamentally there is a problem in the process design which needs to be
addressed by a process change or other non-instrumented method.
21
SIL Group Exercise
22
SIL – Group Exercise
• Assignment of SIL is an exercise in risk analysis where the risk associated with a
specific hazard is calculated without the beneficial risk reduction effect of the
SIF. If the "unmitigated" risk is higher than the tolerable risk, then the risk must
be reduced by means of a SIF. This amount of required risk reduction is
correlated with the SIL target. As the required risk reduction increases, the
required SIL level increases.
• There are several methods used to assign a SIL. These are normally used in
combination, and may include:
– Risk Matrices
– Risk Graphs (cost benefit)
– Layers Of Protection Analysis (LOPA)
• Of the methods presented above, LOPA is by far the most commonly used by
large industrial facilities.
24
SIL - Challenges
25
SIL – Exercise 2
Task Detail
• Use the detail of the next two slides and the SIL tables to classify the given risk
and its frequency.
• Using this table, determine the maximum tolerable risk frequency to reduce the
risk to class 3.
• Calculate:
– Target risk reduction factor (RRF),
– PFD (avg) and
– Safety availability, required from the SIF to achieve the tolerable risk frequency.
• State the required SIL required by the SIF with reference to the SIL tables.
26
SIL – Exercise 2
27
SIL – Exercise 2
Proposed Solution
A safety instrumented system will monitor pressure limits and will trip out the
electrolyzer operation before the leak condition can arise.
28
SIL – Exercise 2
29
SIL – Exercise 2
30
End of Module 6
Thank you
31