Risk assessment of Risk assessment of relief streams on major relief streams on major hazard installations hazard installations Stuart Ord Stuart Ord Process Technologist Process Technologist
Mar 26, 2015
Risk assessment of relief Risk assessment of relief streams on major hazard streams on major hazard
installationsinstallations
Stuart OrdStuart OrdProcess TechnologistProcess Technologist
Hello!Hello!
Stuart OrdStuart Ord BSc, CEng, FIChemE, MEI, TechIOSHBSc, CEng, FIChemE, MEI, TechIOSH 7 years in Ministry of Defence7 years in Ministry of Defence 20 years in ICI20 years in ICI 3 years in BNFL3 years in BNFL 4 years in Stopford Projects Ltd4 years in Stopford Projects Ltd 5 years self-employed CEDCS Ltd5 years self-employed CEDCS Ltd
Risk assessmentRisk assessment
Modern approachModern approach Acceptance that all things can failAcceptance that all things can fail Specification of Tolerability of RiskSpecification of Tolerability of Risk Expectation that all risks are Expectation that all risks are
controlledcontrolled Judgement “by eye” unlikely to be Judgement “by eye” unlikely to be
adequate for significant risksadequate for significant risks
Safety Integrity LevelSafety Integrity Level
Applies to E/E/PE systemsApplies to E/E/PE systems Realistic assessment of a riskRealistic assessment of a risk Realistic estimate of its likelihoodRealistic estimate of its likelihood Consideration of all protective systemsConsideration of all protective systems In some cases, a layer of protection might In some cases, a layer of protection might
be a relief valvebe a relief valve If there is no need for an E/E/PE, it might If there is no need for an E/E/PE, it might
be that a PRV is the ultimate protective be that a PRV is the ultimate protective measure and, if given a reasonable PFD, measure and, if given a reasonable PFD, has then been shown to be adequatehas then been shown to be adequate
The legacy of learningThe legacy of learning
Historical approachHistorical approach Can the system be over-pressurised?Can the system be over-pressurised?
Specify a pressure relief systemSpecify a pressure relief system Design, install and operate it properlyDesign, install and operate it properly Consider the risk dealt withConsider the risk dealt with
Modern approachModern approach We should assess risks to ensure they are We should assess risks to ensure they are
tolerabletolerable We must ensure valves are installed in systems We must ensure valves are installed in systems
such that the risk of their (rare) failure is such that the risk of their (rare) failure is tolerabletolerable
The siteThe site
Large plants with toxic, corrosive, Large plants with toxic, corrosive, flammable and explosive materialsflammable and explosive materials
Some were designed over 40 years agoSome were designed over 40 years ago Culture of leading edge safety practicesCulture of leading edge safety practices
Hazard Studies had been appliedHazard Studies had been applied Best relief stream design and maintenance Best relief stream design and maintenance
principles had been appliedprinciples had been applied New owners determined to continue safety New owners determined to continue safety
performance improvement (leading and performance improvement (leading and lagging indicators)lagging indicators)
Risk assessment at the siteRisk assessment at the site
Category 1 Significant Consequences
Category 2 Serious Consequences
Category 3 Severe Consequences
Category 4 Major Consequences
Injury incident (on-site effects)
Minor/classified Low probability OTD
OTD Low probability of major injury
Major injury Multiple injuries
Fatality or few employee fatalities
Injury incident (off-site effects)
People affected- short term minor Few people require hospital treatment
Serious injury, 10s in hospital
Health incident (on-site effects)
Possible exposure Few cases of employee ill-health
Harmful conditions Several employees affected
Distressing exposure Serious health effects, eg carcinogen release
Fatality directly linked to exposure
Category 5 Extremely Serious Consequences
Category 6 Disaster
Category 7 Major Disaster
Injury incident (on-site effects)
Several fatalities (5 - 10), including some off site. many injuries
Many fatalities (10 - 100)
Large number of fatalities (> 100)
Injury incident (off-site effects)
Fatality(s), many injuries
Health incident (on-site effects)
Major health effects threaten operation Health risk unacceptable
- -
Consequence category model
Risk assessmentRisk assessment
10-7
ExtremelyUnlikely
2 4
Event Frequency (/yr)
10-6 10-5 10-4 10-3 10-2 0.1 1 10
5 6 7 431
VeryUnlikely
UnlikelyQuite
UnlikelySomewhatUnlikely
FairlyProbable
Probable
1
2
3
4
5
6
7Category 7Major Disaster
Category 6Disaster
Category 5Extremely Serious Consequences
Category 4Major Consequences
Category 3Severe Consequences
Category 2Serious Consequences
Category 1Significant Consequences
INTOLERABLE
TOLERABLE
TIFALARP
TIFALARP
10-7
ExtremelyUnlikely
2 4
Event Frequency (/yr)
10-6 10-5 10-4 10-3 10-2 0.1 1 10
5 6 7 431
VeryUnlikely
UnlikelyQuite
UnlikelySomewhatUnlikely
FairlyProbable
Probable
1
2
3
4
5
6
7Category 7Major Disaster
Category 6Disaster
Category 5Extremely Serious Consequences
Category 4Major Consequences
Category 3Severe Consequences
Category 2Serious Consequences
Category 1Significant Consequences
INTOLERABLE
TOLERABLE
TIFALARP
TIFALARP
Tolerability of Risk model
Relief streams at the siteRelief streams at the site
About 2850 relief streamsAbout 2850 relief streams Consequence category 0: 500Consequence category 0: 500 Consequence category 1: 1000Consequence category 1: 1000 Consequence category 2: 600Consequence category 2: 600 Consequence category 3: 400Consequence category 3: 400 Consequence category 4+: 350Consequence category 4+: 350
Relief streams at the siteRelief streams at the site
Consequence category 4+: 350Consequence category 4+: 350 Toxic gassesToxic gasses Liquefied toxic gasesLiquefied toxic gases Explosive gassesExplosive gasses Corrosive gasses and liquidsCorrosive gasses and liquids
Project scope (1)Project scope (1)
What has to be doneWhat has to be done Retrieve calculationRetrieve calculation Retrieve current P&IDRetrieve current P&ID Retrieve any other paperworkRetrieve any other paperwork
Internal and external independent reviewsInternal and external independent reviews Workshop maintenance recordsWorkshop maintenance records
Check P&ID against existing plantCheck P&ID against existing plant Review with TPM (see next slide)Review with TPM (see next slide) Complete Risk Assessment (see next slide)Complete Risk Assessment (see next slide) Follow-up issues if anyFollow-up issues if any
Project scope (2)Project scope (2)
Review with Technical Plant ManagerReview with Technical Plant Manager Frequency of operation of RSTFrequency of operation of RST Plant practical issues (manning, etc)Plant practical issues (manning, etc) Causes of any RV unreliabilityCauses of any RV unreliability
Risk assessmentRisk assessment LoPA styleLoPA style
Project managementProject management
Project scope (3)Project scope (3)
Estimated time ½ man-day per Estimated time ½ man-day per stream direct effort + ½ man-day stream direct effort + ½ man-day support + implementation of any support + implementation of any changeschanges Hence ~ 2800 man-days for site review Hence ~ 2800 man-days for site review
of of all relief streamsall relief streams Hence approaching £1million + cost of Hence approaching £1million + cost of
any changesany changes
Project scope (4)Project scope (4)
Estimated time ½ man-day per Estimated time ½ man-day per stream direct effort + ½ man-day stream direct effort + ½ man-day support + implementation of any support + implementation of any changeschanges Hence ~ 350 man-days for site review of Hence ~ 350 man-days for site review of
C4+ relief streamsC4+ relief streams Hence ~ £100k + cost of any changesHence ~ £100k + cost of any changes
Project scope (5)Project scope (5)
Review Cat 4+ streamsReview Cat 4+ streams Consider:Consider:
Is the design basis still sound?Is the design basis still sound? Is the paperwork up to date and correct?Is the paperwork up to date and correct? Is the risk properly managed?Is the risk properly managed?
If not, what changes should be made?If not, what changes should be made? Implement changesImplement changes
Manage procedureManage procedure Generate audit trailGenerate audit trail Correct records if necessaryCorrect records if necessary
Project scope (5)Project scope (5)
Review Cat 4+ streamsReview Cat 4+ streams Consider:Consider:
Is the design basis still sound?Is the design basis still sound? Is the paperwork up to date and correct?Is the paperwork up to date and correct? Is the risk being adequately controlled?Is the risk being adequately controlled?
If not, what changes should be made?If not, what changes should be made? Implement changesImplement changes
Manage procedureManage procedure Generate audit trailGenerate audit trail Correct records if necessaryCorrect records if necessary
How reliable is a relief How reliable is a relief device?device?
Review of test results from maintenance Review of test results from maintenance workshop:workshop: Relief valve – fail to lift at 130% of set pressure - Relief valve – fail to lift at 130% of set pressure -
probability = 0.022. This could be regarded as probability = 0.022. This could be regarded as PFD=0.022. PFD=0.022.
Bursting disc – no field data, assumed that PFD = 0.01Bursting disc – no field data, assumed that PFD = 0.01 Registered vents and overflows – PFD = 0.01Registered vents and overflows – PFD = 0.01 These assume “realistic pessimism”These assume “realistic pessimism”
Other authorsOther authors Relief valve – “clean” service – 0.01Relief valve – “clean” service – 0.01 “ “dirty” service – 0.1dirty” service – 0.1
Why are valves unreliable?Why are valves unreliable?
““Normal” failures:Normal” failures: Faulty manufacture Faulty manufacture Random failuresRandom failures Damage, contamination or deterioration in the field Damage, contamination or deterioration in the field
In practice, human errors can also contribute:In practice, human errors can also contribute: Wrong designWrong design Transcription error on specification sheets Transcription error on specification sheets Administrative error in the manufacture process, Administrative error in the manufacture process,
making the valve supplied not fit with the designmaking the valve supplied not fit with the design Incorrect installationIncorrect installation Incorrect spring settingIncorrect spring setting
Why are bursting disks Why are bursting disks unreliable?unreliable?
Cannot be non-destructively tested - Cannot be non-destructively tested - manufacturer makes a batch of disks manufacturer makes a batch of disks and then tests a sample and then tests a sample
Possible to fit the wrong disk, or to fit Possible to fit the wrong disk, or to fit it wrongly (e.g. backwards!)it wrongly (e.g. backwards!)
Blockage is still possible on dirty Blockage is still possible on dirty serviceservice
However, it is believed that the However, it is believed that the reliability of a bursting disk is greater reliability of a bursting disk is greater than that of a relief valve.than that of a relief valve.
Risk targetsRisk targets
ResultsResults Number of C4+ streams reviewed - 111Number of C4+ streams reviewed - 111 Risk results summary:Risk results summary:
Existing installation not necessary on risk Existing installation not necessary on risk grounds grounds ** : 9 (8%) : 9 (8%)
Existing installation necessary and adequate Existing installation necessary and adequate : 90 (81%): 90 (81%)
Existing installation inadequate : 12 (11%) Existing installation inadequate : 12 (11%) ##
* Retained because still required by law* Retained because still required by law # Consequently modified to meet risk # Consequently modified to meet risk
criteriacriteria
Example 1Example 1
Liquefied toxic gas stock tank Liquefied toxic gas stock tank bursting diskbursting disk relief relief Over-pressurised to failure and LOC of liquid due to Over-pressurised to failure and LOC of liquid due to
incorrect operation and failure of other protective measuresincorrect operation and failure of other protective measures Widespread personnel exposure & death of several workersWidespread personnel exposure & death of several workers Consequence – Category 6Consequence – Category 6 Tolerable frequency of occurrence – E-6 per yearTolerable frequency of occurrence – E-6 per year Probable frequency of occurrence (without BD) – E-7 per Probable frequency of occurrence (without BD) – E-7 per
yearyear Conclusion – Conclusion – not needednot needed
Example 2Example 2
Process evaporator (corrosive material) Process evaporator (corrosive material) spring relief valvespring relief valve Steam tube failure causes body to fail and LOC of hot Steam tube failure causes body to fail and LOC of hot
corrosive liquid, personnel exposure & death of 1corrosive liquid, personnel exposure & death of 1 Consequence – Category 4Consequence – Category 4 Tolerable frequency of occurrence – E-4 per yearTolerable frequency of occurrence – E-4 per year Probable frequency of occurrence (without RV) – 5E-2 per yearProbable frequency of occurrence (without RV) – 5E-2 per year Conclusion – Conclusion – PFD required 0.002PFD required 0.002 Single relief valve is Single relief valve is inadequateinadequate Introduced steam tube thickness checks, repositioned RV Introduced steam tube thickness checks, repositioned RV
dischargesdischarges
Example 3Example 3
Explosive gas compressor 1st stage Explosive gas compressor 1st stage spring relief spring relief valvevalve
Blockage of outlet causes LOC of gas; explosion & Blockage of outlet causes LOC of gas; explosion & death of 1death of 1
Consequence – Category 4Consequence – Category 4 Tolerable frequency of occurrence – E-4 per yearTolerable frequency of occurrence – E-4 per year Probable frequency of occurrence (without RV) – Probable frequency of occurrence (without RV) –
1.2E-4 per year1.2E-4 per year Conclusion – Conclusion – PFD required 0.83PFD required 0.83 Single relief valve is adequateSingle relief valve is adequate
Example 4Example 4
Corrosive liquid stock tank Corrosive liquid stock tank ventvent causes tank causes tank failure, rapid LOC of liquid breaches bund; failure, rapid LOC of liquid breaches bund; personnel exposure & death of 1personnel exposure & death of 1
Consequence – Category 4Consequence – Category 4 Tolerable frequency of occurrence – E-4 per yearTolerable frequency of occurrence – E-4 per year Probable frequency of occurrence (without vent) – Probable frequency of occurrence (without vent) –
9E-3 per year9E-3 per year Conclusion – Conclusion – PFD required 0.011PFD required 0.011 Single vent is adequate Single vent is adequate
Example 5Example 5
Liquefied toxic gas export line Liquefied toxic gas export line thermal relief valvethermal relief valve Over-pressurised to failure and LOC of liquid due to Over-pressurised to failure and LOC of liquid due to
incorrect operation and failure of other protective measuresincorrect operation and failure of other protective measures Widespread personnel exposure & death of 1Widespread personnel exposure & death of 1 Consequence – Category 4Consequence – Category 4 Tolerable frequency of occurrence – E-4 per yearTolerable frequency of occurrence – E-4 per year Probable frequency of occurrence (without BD) – E-3 per Probable frequency of occurrence (without BD) – E-3 per
yearyear Conclusion – Conclusion – PFD required 0.1PFD required 0.1 Single spring relief valve is adequate Single spring relief valve is adequate
ConclusionsConclusions Pressure relief is mandatory where over-pressure is possiblePressure relief is mandatory where over-pressure is possible
Assessment cost is about 1 man day per streamAssessment cost is about 1 man day per stream Remediation costs if stream is found inadequate will varyRemediation costs if stream is found inadequate will vary
Traditional approach of “just add a relief device of your Traditional approach of “just add a relief device of your choice” is not necessarily meeting acceptable risk criteriachoice” is not necessarily meeting acceptable risk criteria
LoPA style risk assessment is applicable to deciding LoPA style risk assessment is applicable to deciding whether a relief meets TOR criteriawhether a relief meets TOR criteria
Penalty costs of stream failing to protect could be much higher!Penalty costs of stream failing to protect could be much higher!