Q: We have four liquified petroleum gas (LPG) spherical tanks complete with low-level transmitters connected to the shutdown system to stop the outlet pumps in case of low level, and high-level transmitters providing high level alarm. The following modifications are planned:
- Installation of a new shutdown valve at the inlet of each tank to be closed in case of high level and in case of common planned shutdown (PSD) or emergency shutdown (ESD).
- Installation of new shutdown valves at the outlet of each tank, which will be closed in case of low level in the corresponding tank and in case of common PSD or ESD.
- Installation of a new shutoff valves in the vapor line of each tank. The vapor lines will be connected together to equalize the pressure in the vapor spaces of the four tanks.
- Installation of a new standalone hydraulic control system complete with a dedicated PLC system to manage the operation of the new shutdown system.
- A serial interface between the new PLC and the existing DCS which presently monitors the operation.
- A hardwired interface between the existing ESD/F&G system and the new hydraulic/PLC system.
Now my question is this: Is it allowed from the standard point of view to use the existing level transmitters to control the inlet and outlet shutdown valves? In other words, is it allowed to convert the existing analog level signals from the existing ESD system into digital, and send them as digital input into the new PLC system, or do we have to install new dedicated transmitters?
Ragab Abdel Fattah
A: Firstly, congratulations to all of you for getting rid of the dictatorship in Egypt, and taking your nation's future into your own hands by successfully conducting a free election.
The question you ask is very familiar. I come across it on many projects when users are converting from a semi-manual mode of operation, such as yours, where the DCS automatically stops the outlet pumps on low level, but on high level, it provides no automatic action, only monitors, leaving the closing of valves to the operators or to an automatic control system serving emergency shutdown (ESD). Your choice of operating the new shutoff valves by a separate PLC is a logical one, and your plan to hardwire the PLC to the sensors is the correct one. Given the state of the art and reliability of wireless transmission, I recommend using wireless only for monitoring, but not for control and certainly not for ESD purposes.
Your question concerning the reuse of the existing level detectors and the safest method for interfacing the existing DCS with the new PLC is also often asked. On some projects, I found people getting in trouble by relying on standards, instead of trusting their common sense. In my view, you should always follow your common sense.
Concerning the reuse of existing level detectors, the common sense answer is that using two sensors is better than one! Detecting the occurrence of an unsafe condition by redundant sensors improves safety if either will trigger the ESD action. Naturally, if only one of the two sensors signaled abnormal level and triggered an ESD, then, before the operation is restarted, both sensors should be recalibrated. In other words, the safety integrity level (SIL) of a redundant-sensor-based system is always better than a single-sensor-based one if the above approach is used. Therefore, on the one hand, you should continue using the existing detectors, and, on the other, you should install another set of backup sensors.
The other rule dictated by common sense is that the fewer the number of components between the sensor and the actuated device, the safer the ESD system. Therefore, the new level detector signals should be hardwired directly to the PLC. Naturally, you should also hardwire the DCS outputs to the PLC, so that shutdown will be initiated whenever abnormal level conditions are detected by either sensor.