Acceptable Risk Criteria

Risk

Risk is commonly defined as a result of multiplication of likelihood (frequency of an event happening) and undesired consequence.

In mathematical language:

Risk = Frequency X Undesired consequences.

Acceptable risk criteria

People active in process safety business are familiar with the risk triangle depiction and borders showing the intolerable region, tolerable region and broadly acceptable region (picture below):

Figure 1: Risk triangle/categories

This picture simply shows our effort to minimize the risk and more importantly shows that we can’t eliminate risk completely. Human activities are risk related; however, we need to draw a line (border) where the risk acceptable is.

One might think that the tolerable risk border line shall be not greater than normal daily life activities risk.

This means that we try to design a plant as safe as daily activities. It is very difficult if not impossible to design a plant to have such a low risk comparable to risk of daily life activities.

If we set the acceptable risk level very low, it will be difficult to reach it and moreover fulfill the required safety aspects of the design. However, as an engineer, it is our moral and legal obligations to design a safe plant, protecting people, environment as well as assets.

Are you aware of how these border’s values are defined?

Fatality Rates

A good start for defining the borders is to find out what are the day-to-day activities risks:

There are a number of sources like Frank P. Lees, Loss Prevention in the Process Industries that provides such a list.

We can divide the activities into two categories: voluntarily and involuntarily. Examples of voluntary activities are staying at home, traveling by car or bicycle or airplane or train, or sports activity such as climbing.

Examples of involuntarily activities are struck by lightening or run over by a vehicle.

Below table is a general fatality rates per activities, of course these numbers might be slightly different from source to source, based on the geographical area and the data that was gathered. Such a table shall be used to have the magnitude of fatality rates.

Voluntary activityFatality rate (deaths per person per year)
Staying at home2,63E-04
Electrocution1,20E-05
Traveling by: 
Car2,0E-04
Bicycle8,4E-03
Air2,1E-06
Motorcycle2,0E-02
Canoeing8,76E-02
Rock climbing4,0E-05
Smoking5,0E-03
Table 1: Voluntary activity’s risk
Involuntary activityFatality rate (deaths per person per year)
Earthquake, California2,0E-06
Struck by lightening1,0E-07
Influenza2,0E-04
Cancer2,5E-04
Drowning1,0E-05
Run over by vehicle6,0E-05
Natural disasters (general)2,0E-06
All accidents5,0E-04
Table 2: Involuntary activity’s risk

Normally selected acceptable risk level

In general, the lower limit of intolerable risk per year for public is considered as (1E-4) and for workers (1E-3). The lower limit of tolerable region is considered as (1E-6).  These limits are shown in the figure 1 above.

The risk equal or greater than 1E-04 is intolerable. (Risk≥1E-4)

The risk higher than 1E-6 and less than 1E-4 is considered as tolerable. (1E-6<Risk<1E-4)

The risk less than 1E-6 is broadly acceptable region. As you can see the limit of acceptable risk or broadly acceptable risk is similar to the risk of fatalities because of natural disasters (general), one might say that it is 1/100 of fatality rate of staying at home.

A risk in tolerable region must be reduced to arrive at the tolerable region, provided that cost is reasonably low compared to risk reduction achieved (ALARP).

Suggestion for people involved in Risk assessment

As someone active in risk assessment, one needs to assess the risk without barrier and compare it to the acceptable risk level. This is done via hazard analysis methods like (LOPA). For information on LOPA see here.

Then it is always a good idea to discuss with the client and define the limits for unacceptable and acceptable risk.  After that any kind of risk assessment studies can be carried out.

Contact us

For more information, help on identifying applicable standard in your project or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Standards and lessons learned from Incidents

Standards can be considered as collective experience and knowledge of human being to do a certain work or making an equipment. In fact the International Organization for Standardization (ISO) defines a standard as:

Think of them as a formula that describes the best way of doing something. 

It could be about making a product, managing a process, delivering a service or supplying materials – standards cover a huge range of activities.

Standards are the distilled wisdom of people with expertise in their subject matter and who know the needs of the organizations they represent – people such as manufacturers, sellers, buyers, customers, trade associations, users or regulators. International Organization for Standardization (ISO).

In my last project for a relatively young organization, I prepared a list of standards that based on experience is relevant to Process and Process Safety. Part of my list was to explain between different levels of standards and which one has the priority over the other standards (Standard’s hierarchy).

Standard’s Hierarchy

Followings are a list of standards and guidelines available to any engineer in an descending order:

  • Local Codes (Highest level)
    Think of a municipality or county that your organization is located in and has specific requirements
  • Regional/Provincial Codes
    Think of a region or province/state in a country that has its own legislative or enforcement organization and requires specific requirements.
  • National Standards
    Think of it as each country standard organizations or if a code/instruction is required within national laws passed by parliament of that country.
  • Company standards
    Most of times, operating or engineering companies have standards, guidelines based on their cumulative experiences and might be even more stringent that other levels a good example is SHELL’s DEPs.
  • International/Industry Organizations
    Many organization or associations that are non-governmental and they gather their knowledge and guides. One best known example is American Petroleum Institute (API).
  • Best Practices (Lowest level)
    A best practice is a set of rules, recommendations, technique that is generally accepted as superior to other alternatives e.g., size of a tank’s drain connection (minimum 2 inch).

As a person involved in a project, one has to get familiar with the standards used in her/his field of expertise. Of course talking to your client or authorities that will review and approve your work is helpful.

Lessons learned from incidents

Many of standards and guidelines naturally are lessons that we as human beings have learned from incidents or our trial and errors.

Following is a list of topics (accidents) and lessons learned from them that you may consider them in your operating plant or your design and see if they are considered and well thought of:

  1. Safe siting of occupied portable buildings. This is based on BP Texas city isomerization unit explosion in USA on March 23, 2005. During this incidents contractors working inside portable buildings located next to the isomerization unit lost their lives
  2. ESD valves on production platform risers. This is based on Piper Alpha platform incidents in North Sea, UK on July 6, 1988. During this incidents there was no possibility to shut off the flow of flammable to the platform already on fire.
    For the other installation on shore, think of means to safely isolate process units from each other in case of an emergency.
  3. Temporary refuges. This is another point based on Piper Alpha platform incidents in North Sea, UK on July 6, 1988. Although this incidents applies for offshore installations mainly, however on an on shore installation, the design needs to be checked for incidents like explosion, fire or gas release in relation to the buildings locations and specifically control rooms. With this check, there is assurance that in case of need, a process can be safely bring back to stop and safe state.
  4. Permit to work. During incidents investigation of at least following incidents:
    • Piper Alpha Platform, UK, North Sea, July 6, 1988
    • Motiva Enterprises LLC, Delware, USA, July 17, 2001
    • Shell Port Edouard Herriot Depot, Lyon, France, June 2, 1987
    • BP Grangemouth Flare Line Fire, Scotland, UK, March 13, 1987. It is concluded that a permit to work and permit to work verification process was not followed that lead to hazardous situation and incident.
  1. Management of change is a direct lessons learned from numerous incidents. To name a few:
    • Flixborough, UK, June 1, 1974.
    • Chernobyl, USSR, April 26, 1986.
    • Bhopal, India, December 3, 1984.

During these incidents, a change was made to process that either was not reviewed within a team for making sure that the new situation is safe and operable (Flixborough incident) or the change was not communicated with other personnel (Bhopal).

Therefore make sure that changes are communicated in your project or plant effectively and they are reviewed for hazard by a hazard identification review tools like HAZOP to make sure that remaining risk is acceptable.

  1. Avoiding liquid release/relief to atmosphere. This is based on BP Texas city isomerization unit explosion in USA on March 23, 2005. During this incidents flammable material was released via a high point vent that caught fire and exploded.
  2. Avoiding tank overfill that might be followed by vapor cloud explosion (VCE). This is based on Buncefield storage terminal explosion, UK, December 11, 2005.For a tankage area, it is not only important to provide means of containing the releases of liquid to atmosphere, but also means to avoid it or mitigate the consequences of release for example adequate firefighting means and drainage system.
  3. Avoid brittle fracture of metallic materials. This is based on Esso Longford Gas Plant Explosion, Australia, September 25, 1998. This point aims to identify the minimum possible achievable temperature in a process and make sure that the design temperature is covered.
  4. Alarm management has been identified as contributing cause in many accidents even in air crashes. At least following examples are good ones to explain this point:
    • Three Mile Island Nuclear Reactor Core Meltdown, Pennsylvania, March 28, 1979.
    • Esso Longford Gas Plant Explosion, Australia, September 25, 1998.

Review the alarms in your design and plant and make sure that operator has adequate set of warnings for excursions of process parameters beyond safe limit and make sure that there is enough Process Safety Time (PST) available. See our previous article on process safety time (PST).

  1. Avoiding toxic material release (e.g. Ammonia, H2S). This is based on many incidents like:
  • Anhydrous ammonia release at Millard Refrigerated Services plant in August 23, 2010, in Theodore, Alabama, 2010.
  • Chuandongbei gas well blow-out, Gao Qiao, China, December 23, 2003

This point aims to manage the risk of harm to people and the environment by exposure to hazardous material.

  1. Avoiding reactive material mixing (e.g. water entering a storage tank). This is based on incident like Bhopal, India, December 3, 1984.

During this incident, 500 kg of water entered the Methyl Isocyanate (MIC) storage tank that caused a runaway reaction.

Make sure that MSDS of materials stored in your facility or produced by your facility are read and understood by everyone and there is no risk of reactive material mixing. Make sure that fire fighters are aware of means to put out a fire if an emergency arises. Water is not always a good mean to put out a fire.

Way forward

It is very important to identify and agree with your client what standards are applicable. Try to follow and understand the codes and if there is explanation required contact your client or organization responsible for that code/standards.

It is always a good idea to issue a document and every discipline in a project indicates which standards will be used during the project and agree with your client.

Contact us

For more information, help on identifying applicable standard in your project or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) Part 8 / PST Calculation Reporting

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4  part 5, part 6 and part 7 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

In the previous parts (See part 1, 2, 3, 4, 5, 6 and 7), I tried to define PST and calculation methodology, how to assess and explain the results and a sample calculation as well as notes and thoughts on for a terms of reference.

PST Calculation report contents
This part suggests contents of a typical PST calculation report.
At this stage, we have gathered lots of information and fata, and calculating the PST(s) for different SIFs in the project. For reporting of your findings try to cover the followings subjects as a minimum:

  • Present a summary of SIFs with relevant PST that you did calculation for.
  • If possible, summarize in the previous bullet’s table which method you used: qualitative, quantitative simplified or quantitative dynamic analysis (See part 3).
  • A simplified sketch of the system and SIF that is protecting it. You need to provide one sketch per SIF.
  • Define your terms and abbreviations for SIF response time, Safe design limits, etc.
  • Clearly write down your assumptions and give reference to the document that you took the data from.
  • Write down in detail how you calculated the PST, including formulas and input data. It is worth to note that using Excel program makes it easier if PST calculation is done by hand and not using a simulation program. For the result from a simulation program, print the report out, highlight the relevant sections and attach it.
  • Capture the SIF response time and SIF PST in a table, this makes it easier for the reader to see in a glance and conclude.
  • Write a conclusion if based on agreed criteria with your client, the PST calculated is acceptable or not.
  • Attach all documents that you used as reference to your report and list it. If you are attaching a pdf file, it would be great help for the reader to highlight where the data are taken from.
  • Of course your report might have several revision, make sure that you indicate the differences between two consecutive revisions.
  • Important point is to make sure that your report and calculation is checked internally inside your organization or by others, before you discuss it with your client.

Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) part 7 / PST Terms Of Reference (TOR)

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4  part 5, part 6, and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

In the previous parts (See part 1, 2, 3, 4, 5 and 6), I tried to define PST and calculation methodology, how to assess and explain the results and a sample calculation.

PST Calculation Terms of Reference (TOR)

This part suggests contents of a typical PST calculation terms of reference (TOR) to help setup the way forward for a process safety calculation.

In a typical TOR, one shall define roles and responsibilities of the PST calculation team member, what is expected as final result, calculation method, how to capture recommendation and possible follow up actions or extra steps/calculation still to do.

The PST calculation terms of reference is important as it defines and makes it clear how an specific PST is calculated, hence minimizing the need for extra meetings and discussions after the work is finished.

Try to cover following subjects as minimum:

  • What the scope of work is.
  • Roles and responsibilities.
  • How and where to gather data.
  • PST Calculation method for different SIFs.
  • Criteria for PST and SIF response time (SIFRT) comparison.
  • How the calculation will be checked and assessed.
  • Reporting of result, if a separate report is required.
  • How to capture recommendations and actions list.
  • Declines and calculation schedule.

Scope of work
It is very important to identify and agree which SIFs need PST calculation? Could you use PST of similar SIFs in other client’s asset? Which calculation you might delegate to the vendor.

Roles and responsibilities
Clearly identify who does what and the deadlines. In this way, you make sure that your target date could also met.
Important point is to make sure that your report or calculation is checked internally inside your organization or by others, before you discuss it with your client.

Approval of PST calculation TOR
Before starting your calculation and after PST TOR is drafted, it is wise to have a meeting with your client and agree on the PST calculation TOR. Then everything is set for starting the real work and calculation!
Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More
Proces safety time example diagram

Process Safety Time (PST) part 6 / A worked out example

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4  part 5, part 7 and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

This part contains a sample calculation to show a simple calculation with assumptions, available data and calculation procedure.

Definition of SIF loop
In the previous parts (See part 1, 2, 3, 4 and 5), I tried to define PST and calculation methodology and at the end how to assess and explain the results.
In this part, I will try to define and explain a sample calculation.

Consider a temperature switch after a gas heater) and after a knock-out drum, as shown in figure below that is providing the gas to the final consumer. This temperature switch protects the downstream heater #2 piping and stop flow to the final user (e.g. a compressor seal system).

Proces safety time example diagram
Figure 1 LTSD downstream heater #2 protects downstream users from condensation

One of the causes of low temperature is failure of heater #2. In this case the gas may condense in the downstream heater’s piping and may damage the end user (e.g. a compressor seals) leading to loss of containment and gas flow to the environment with risk of fire and explosion.

In other words, the intention of LTSD after heater #2 is to prevent the temperature reaching the gas dew point after knockout vessel/heater #2.

Assumptions and known data

Followings are assumptions and data are valid for the system described/shown in the Figure 1:

  1. Minimum gas temperature before the heater #2 is assumed to be 40 °C. Minimum backup gas temperature before PDCV is 3°C (trip setting of LTSD-1).
  2. Maximum flow through PDCV is 417.8 kg/h equal to 7.286 m3/h, based on Heat and Mass Balance.
  3. The outlet pressure of PDCV is 75 barg.
  4. Using a simulation software, one can calculate gas physical properties at 75 barg and 50°C, Molecular weight of gas us 18.25 kg/kmole.
  5. Gas molecular weight is 18.25 kg/kmole, Gas Cp/Cv=1.49 and Cp= 2441 J/kg K.
  6. Gas kinematic viscosity is 0.000014 kg/m.s (N.s/m2). Gas density is 57.4 kg/m3. Gas thermal conductivity is 0.042 W/m K.
  7. The temperature sensing element is a thermowell that measures the fluid (gas temperature).
  8. The pipe wall temperature and thermowell temperature are at equilibrium.
  9. The pipe wall and fluid form an adiabatic system with no heat transfer to surroundings.
  10. Complete instantaneous failure of the upstream heater #2 is allowed for.
  11. The gas will lose a negligible amount of energy and will not change temperature in traversing the pipe segment.
  12. Fouling has no effect on heat transfer.
  13. The conduction within the pipe wall is instantaneous therefore the pipe will be of uniform temperature.
  14. Calculation of a simplistic process safety time well above the expected system response time is sufficient.
  15. Gas dew point is assumed as design temperature to prevent condensation in the downstream system. The dew point of the gas after heater #2 is assumed as 40 °C (worst case).
  16. There is also a backup gas to the system. The dew point of the backup gas is assumed (-10 °C) worst case.
  17. LTSD-2 has a trip set point of +50°C.
  18. Outlet of Heater #2 is traced, however no credits have been taken for the electrical heat tracing of the line downstream of the Heater #2.
  19. Downstream pipe has initial the trip temperature.
  20. Downstream pipe (designated by D, in formulas) is 1″-Stainless steel, Schedule 40S and piping length between the gas heater and the user is assumed to be 3m.
  21. Pipe thermal conductivity (Kn) is taken from engineeringtoolbox.com and is 14.4 W/m K.
  22. Initial pipe wall temperature is 50°C.
  23. Using the gas volumetric flow and pipe diameter, gas velocity v is 3.63 m/s. This velocity will be used in Re number calculation.
  24. Cold gas scenario PST is more severe than cold back-up gas PST, as the trip set point has the lowest margin for the cold gas scenario. Only the cold gas scenario after Heater #2 is calculated.
  25. Heat transfer coefficient for forced convection of gases is typically in the region of 10 – 1000 W/m².K. Later on we need this range to see if our calculated h is within the range.
  26. Stopping end user takes 10 seconds (e.g. closing a valve or stopping a motor).
  27. A thermowell/Temperature transmitter will detect a temperature within 1 seconds.
  28. Logic solver (ESD system) is assumed to react within 0.3 seconds).

Calculation
The intention of calculation is to calculate the heat loss required to reach gas dew point (40 °C)
For this calculation we can use the simple heat transfer formula: q=m X Cp X dT.

Heat loss required to reach fuel gas dew point (40 °C)
Pipe is 1 inch, schedule 40S and 3m length. It has a nominal diameter of 0.03 m, with a weight of 2.54 kg/m (Pipe data from arvindpipe.com).
Pipe mass is then 3 m x 2.54 kg/m = 7.6 kg
Cp of stainless steel (data from: www.engineeringtoolbox.com) is 0.49 kJ/kg.K
Starting Temperature T1= 50 °C and Trip set point is 40°C.
Heat loss required to reach 40°C will then be -37 kJ (=7.6 kg x . 0.49 kJ/kg.K x (50-40) K)

Heat transfer coefficient hci
For this part of calculation, we must calculate heat transfer coefficient inside the pipe because of forced convection.
Heat transfer between the gas and the steel body is determined by the Dittus-Boelter equation:

The Dittus-Boelter correlation is valid for turbulent flow where Re > 10,000 and 0.6 < Pr < 160.
The Reynolds number is calculated as follows:

The Prandtl number is calculated as follows:

Where:
ν is momentum diffusivity
α is thermal diffusivity
μ is Viscosity
kg is Thermal conductivity
ρ is Gas density @ P and T
v is Gas velocity through pipe
D is pipe diameter
Cp is gas specific heat capacity

Using the information in assumption section above:
Re=385,242 and Pr=0.84. Then the Nu number will be 631.9 and hence hci=989.1 W/m².K.
This value is within the range of expected convective heat transfer coefficient (assumption 24).

Heat transfer from pipe to gas
Now that the forced convection heat transfer coefficient is calculated, we need to calculate how much heat is taken away by gas flow.
Initial pipe wall temperature is 50°C. Gas flows at a temperature of 40°C.

Overall heat transfer coefficient comprises of two parts: forced convection heat transfer (hci) inside pipe and pipe conduction heat transfer (Sn/Kn).

Using the formula:

Then U is 803 W/m2 K.

The heat taken away by flowing gas can be calculated by general heat transfer formula:

Pipe diameter is 0.03 m with a length of 3m then:
A (heat transfer area) is A= 3.14 x D x L = (3.14 x 3 x 0.03) = 0.3 m2
From assumption section: t1 = 40 °C and t2=50 °C
Then heat carried away by gas flow equals to:
803 W/m2 K x 0.3 m2 x (- 10) °C= – 2409 W = – 2409 J/s = – 2.4 kJ/s

Time to cool down the piping

We have calculated the heat required to be taken away from pipe to reach to 40 °C, as well as heat that gas is taking away while flowing in the 1” pipe.
If we divide these two values then the time that it takes to cool down the piping after heater #2 from 50°C to 40°C is calsulated.

Process Safety Time (PST) = (- 37 kJ) / (-2.4 kJ/s) = 18.5 seconds = 0.3 minutes

SIF response time
Using assumption for SIF components, SIF response is:
Thermowell response time + logic solver response time + final element response time equals to:
1+0.3+10 = 11.4 seconds

Comparison of SIF response time with PST
SIF response time is 11.4 seconds and PST calculated is 18.5 seconds. This means the SIF will react fast enough to bring the process to a safe state.
This is (11.4/18.5=0.6) or 60% of the PST available which is another check to see if calculated PST is acceptable (Refer to part 4).
Conclusion
Response time is less than PST and hence the SIF can act within time to prevent reaching the lower temperature (dangerous temperature) downstream heater #2.

Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) part 5 / calculation methodology

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 4, part 6, part 7 and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.
This is the part contains notes on gathering data and calculation procedure for a PST calculation.

Calculation procedures

In the previous parts (See part 1, part 2, part 3 and part 4), I tried to define PST and calculation methodology and at the end how to assess and explain the results.
In this part, I will try to summarize how to make a calculation procedure for yourself or your company.

It is very important that you make a uniform calculation procedure/calculation sheet for yourself or your company. My advice is to make excel calculation sheet for PST calculations that are straightforward and could be made using simple heat and mass balance equations.

For the other calculations that need dynamic simulation, an agreement with the client or authority that will review and finally approve these calculation is a better option.

When making your calculation in Excel program sheet, one must take care that following points are taken into account:

1. Set a clear approach on the calculation.
2. Establish and define the safe design limit.
3. Define key variables in a PST scenario calculation.
4. Suggest possible opportunities for refining the PST estimate.

Define key variables

It is very important before starting any PST calculation to prepare a heat and mass balance. This heat and mass balance will be used to get physical data like operating conditions, physical properties, and flowrates.

If the flowrate or heat flow is estimated, it is very important to write down any basis, assumption and source of data used in the flow or heat flow estimation. This way your PST calculation is clear and easier to check.

A very important point to remember is when a PST calculation is being carried out for an existing plant, then Heat and Mass balance document shall be checked against actual data from the plant. This is because through the years, existing plants might often operate in a different conditions.

For instrumentation like control valve care must be taken to obtain the correct Cv of control valve. This is to specify the fail open scenario flow rate. For the case of existing plant, a control valve might have been replaced or its internals might have been changed over the years.

Even contacting the vendor for latest data seems to be a good idea, if the valve was modified between start-up of plant and the PST calculation is taking place.

When looking for the operating parameters of a system, after finding the H&MB, a chat with the operating personnel is a great idea. Many times the plant might be operating at a different condition that it is designed for. For example, the normal liquid level in the vessel was designed to be 50% of the total volume, but at the time of PST calculation, the level is maintained at 40% of total volume. This has a direct impact on your PST calculation.

Contact us

For more information, help on your PST calculations or even a tailor-made training for you or your organization please don’t hesitate to contact us!

Read More

Process Safety Time (PST) part 4 / calculation methodology

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time (PST). (See part 1, part 2, part 3, part 5, part 6, part 7 and part 8 for more information).

PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

Review of calculation
After finishing PST calculation, it is very important that IPF/SIL classification team reviews the PST calculation in a meeting. This is to ensure that:
1- PST calculation is quality checked, assumptions and inputs are correct
2- Agree on the result and identify if PST calculation is acceptable or another rigorous calculation shall be carried out (only for the PST calculation that is debateable)
It is also a way to provide and make sure that any issues or problems in the calculation is identified before the IPF/SIF classification is completed.

Evaluation of PST result
At this stage, the SIF loop (sensor, logic solver and final element) are specified and bought. This means that failure rate data and response times are available.
One can calculate, the actual SIF loop response time by summing up all response times of SIF loop’s elements.

Now we will phase with three possibilities:
1- SIF response time is higher than PST calculated.
In this case the review team must decide if there is a need to the study before deciding to change in the design or add extra layer of protections to the system under review.

2- SIF response time is the same as the PST.
In this case the team must decide if this is acceptable and shall externally communicate and agree upon it with the client or certified body. Or team decides for another calculation or review the calculations again to identify if something is missed out.

3- SIF response time is less than PS.
In this case the design is acceptable. However you might distinguish and agree with your client about new SIFs and existing SIFs.

For an existing SIF this is acceptable as the SIF acts within the PST time to bring the system to safety. However for the new SIFs, it is a good idea to leave some room/margins between SIF response time and PST.
A good practice is to limit the SIF response time to 50 to 70% of PST.
In any case, it is better to discuss and agree this criteria with your client. In this way you will save time afterwards with redoing your calculation.

Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Please share this content.

Read More
Process safety time layers of protectiokn SIF

Process Safety Time (PST) part 3 / calculation methodology

IEC 61511 is the standard that set the requirements for Safety Instrumented Systems (SIF). As part of this standard, a SIF is required to act within adequate response time to bring the process or a system to a safe state. This is called response time of a SIF and the time available to act before anything dangerous happens is called process safety time. (See part 1, part 2, part 4  part 5, part 6, part 7 and part 8 for more information).
PST calculation and definition is a mandatory requirement for all the instrumented functions to which IEC 61511 is applicable.

Important point to remember and it is also resulting from definition of a SIF is:
In Layer of Protection Assessment (LOPA, see here), there are layer of protection that reduce the chance of main even happening and there are layers that try to reduce the effects/severity of dangerous that has happened. The first type of layers before a dangerous event are prevention barriers and the layers of protection after a hazardous event are mitigation barrier.
See figure below for graphical explanation:

Process safety time layers of protectiokn SIF

Choosing a proper method for PST calculation
As I mentioned in part 2 of this article series, there are three ways to choose for PST calculation:
• Qualitative Analysis (QA)
• Quantitative – Simplified Analysis (QSA)
• Quantitative – Dynamic analysis (QDA)

At this stage, you might wonder which method shall be used for PST calculation. This is not a simple question to answer. As a process/ process engineer, one needs to look into list of SIFs and decide which method is suitable. Following table could be consulted for selection.

Proces Safety time calculation method

Table above shows only a guideline for selection of the calculation method. In any case, you need to select a method for calculation and discuss it with your client and agree upon it. Finally the Notified Body, who will review and certify safety systems, shall review your calculation and agree upon your selected method and your outcome.

When selecting your calculation method remember following points:

1- SIFs with a high Safety Integrity Level (SIL) level, need more accurate calculation. This is because they are providing a higher risk reduction factor (RRF).
2- Some parameters rate of change is faster or slower than other parameters. For example a level increase is faster to detect than a temperature increase. Therefore, a quantitative dynamic analysis (QDA) with help of simulation programs might be more accurate for a temperature protection switch than level protection switch.
3- Help/Advise of an experienced operator or vendor in defining PST is invaluable, after all he/she has been working with the system or equipment for many years and could help much better than any calculation.
4- If you are having the same system inside your company but not at the same location, it would be a good idea to look to the other system that is running and see what the PST is or how it is calculated. For example, a dynamic simulation for a high pressure switch at the outlet of compressor might be time-consuming and very difficult to set up in the simulation software like HYSYS. If you can find a similar compressor within your asset who has the same pressure switch, you might use it. Of course the Notified Body or Authority having Jurisdiction shall agree with you.
5- You might need to ask vendor’s help you to set up a dynamic analysis when a SIF is acting in start up or shut down situations. Imagine a high pump temperature switch that protects the pump during a dry run scenario.

Contact us

For more information, help on your PST calculations or even a tailor made training for you or your organization please don’t hesitate to contact us!

Read More
Sign up for our newsletter

Get all the updates about interesting topics related to process safety