Can integration keep your processing plant safe?

By Contributing Editor Wayne Labs

IN MARCH of 2005, an explosion tore through the isomerization unit at the BP Amoco Texas City Refinery, killing 15 and injuring more than 100. At the time of the incident, contract workers were conducting maintenance during a turnaround of the unit.

Unfortunately, this was not the only accident at this refinery. As recently as last September, two employees were burned to death and a third severely injured by steam when they opened a 12-in. check valve on a high-pressure line without first relieving the pressure. In March, 2004, a pipe ruptured on a furnace, releasing flammable vapors that ignited a fire in the Ultraformer No. 4 desulfurizer section. Fortunately, no one was hurt.

According to an Aug. 25, 2004 OSHA press release, citations for 14 alleged serious violations of safety standards were filed against BP Amoaco, resulting in a proposed $63,000 in penalties for the March incident. According to OSHA, “The alleged serious violations include failures to identify, evaluate and control hazards associated with the emergency shutdown system; to activate the emergency shutdown system; to train employees to use the emergency shutdown system;, and to inspect and maintain process equipment. A serious violation is one in which there is a substantial probability that death or serious physical harm could result from a hazard about which the employer knew or should have known.”

Emergency shutdown systems—also known as safety-instrumented systems (SISs) or process safety systems—can prevent catastrophic events like those experienced by BP Amoaco. But for SISs to be effective, it is necessary to clearly define both the process risks/hazards and the safety integrity levels (SILs) needed to shut down a process before it gets out of control. While today’s newest safety systems require careful thought in their design and application, configuration and implementation is easier than in the older standalone systems, thanks to better engineering tools and integration with basic process control systems (BPCSs).

Doing the Numbers: Reduce the Risk
The best way to reduce risk in a manufacturing plant is to design safe processes—a tall order when dealing with dangerous chemicals and equipment that can fail. For example, look at the way safety systems are rated. SILs demonstrate the availability of equipment or the probability that a failure will occur either on demand or in continuous operation. In terms of availability, SIL1 means that safety equipment will be available 90.00-99.00% of the time; SIL2, 99.00-99.90%; SIL3, 99.90-99.99%; and SIL4, better than 99.99% (See Table, “SIL Availability and Risks”). For example, a high-level trip on a tank with a safety-instrumented system (SIS) rated SIL1 means that one out of every 10 times the tank reaches overflow, the SIS will be unable to react, causing an overflow. Can you live with this risk?

Table: SIL availability and risks
Safety Integrity Level (SIL) IEC 61508/61511	Safety Availability Required	Probability to Fail on Demand (PFD)	RRF = 1/PFD	Generalized Impact
4	>99.99%	E-005 to <E-004	100,000 to 10,000	Catastrophic to community
3	99.90% to 99.99%	E-004 to <E-003	10,000 to 1,000	Employee and community
2	99.00% to 99.90%	E-003 to <E-002	1,000 to 100	Major property and production protection; possible employee injury
1	90.00% to 99.00%	E-002 to <E-001	100 to 10	Minor property and production protection

The Weakest Link
According to Asish Ghosh, vice president, ARC Advisory Group, nearly 70% of today’s manufacturers are performing hazard and risk analyses for existing and new processes. Slightly more than half of the manufacturers interviewed by ARC said they test to ensure SIL compliance once a year. Not surprisingly, Ghosh attributes more than 90% of failures in safety systems to field devices—sensors and actuators.