Forewarned is forearmed. Perhaps nowhere is this old saying more true than it is in process safety.
To secure the leading indicators it needs to tell further in advance what bad actors might potentially cause safety issues, RasGas Co. in Doha, Qatar, began a demand on safety system (DOSS) program about nine months ago on the seven liquefied natural gas (LNG) production trains processing gas from the 95 kilometers of pipelines, wellhead platforms and onshore facilities serving its huge, offshore North Field in the Arabian Sea.
"Key alarms may be few in number, but it's extremely important to address them," said Navid Farooqi, safety instrumented system (SIS) engineering advisor at RasGas. Farooqi presented "Demand on Safety System (DOSS)" today at the 2013 Foxboro & Triconex Global Client Conference 2013 in San Antonio, Texas.
With about 3,500 employees, RasGas is one of the world's leading integrated LNG enterprises with total production capacity of 37.1 million metric tons of LNG per year—much of which is used by its customers to generate power. It's also one of the world's leading helium producers. The company is owned by Qatar Petroleum (70%) and ExxonMobil (30%). The North Field covers 6,000 km2 off Qatar's north coast, and has 900 trillion ft3 of recoverable reserves, or about 10% of the world's known reserves.
"DOSS is a leading indicator in the process safety pyramid, and can identify events that could lead to significant consequences," explained Farooqi. "It determines the frequency and quantity of the demands against the process parameters operating on the verge of safe operating limits (SOL), and provides an additional opportunity to identify and correct weakness in the control systems. DOSS provides a means to measure an application's activity, status and performance against goals, and decide if they're properly defined, understood and selected. It then monitors and analyzes performance, which enables a company to take appropriate and timely corrective actions."
Farooqi reported that RagGas started its DOSS program by seeking and defining initiators that were or might get triggered, and by determining the criticality of the loops where they were located. Next, it analyzed events to identify bad actors, and is addressing applicable issues to rectify any flaws in its overall loops. He added that DOSS occupies Tier 3 on the classic Process Safety Pyramid, which is labeled as Challenges to or Demands on Safety Systems, and is occupied by other events, such as SOL Exceedance (SOLE), other spills, leaks and releases and other process fires.
"We're using DOSS to determine how often there is a demand on our safety system, which we define as any process parameter that goes beyond the safe operational limit, and may lead to an action in the field to ensure equipment or personal safety. DOSS monitors the performance and flaws in process designs, instruments, DCSs with continuous control that are always in demand, and operator responses."
To secure its information for its DOSS program, Farooqi and his colleagues at RasGas developed DOSS key performance indicator (KPI) reporting procedures and scorecards. These reports include SIS process trip indicators, such as valid signals from process high-high (HH) and low-low (LL) alarms; activation of mechanical shutdown events, such as turbine over-speed trips and mechanical trips; and activation of mechanical shutdown events. Exclusions from these reports include:
- Alarms due to startups or preventive maintenance, such as PPM or calibration.
- Alarms neglected if maintenance or start-up overrides are in place.
- Initiators due to routine test, such as LNG loading tests.
- Machine monitoring system (MMS) alarms directly sent to the DCS (because shutdown alarms from the MMS are hardwired to safety systems).
- All initiations during planned shutdown windows.
- Chattering alarms that are counted as one alarm.
- Duplicate alarms like first out and normal alarms with the same tags.
- Bad I/O alarms or system alarms.
To generate DOSS reports, engineers and operators at RasGas uses a "Consequential Alarm Report" utility in the alarm management system in its Plant State Suite (PSS) software. "This utility generates a report of defined alarm tags, which have HH, LL or shutdown block names, such as UZ, as part of their tagnames," explained Farooqi. "Corresponding to every alarm, whether it's HH or LL, is a set of consequential alarms. This includes all the HH, LL or UZ alarms that appeared one minute before or one minute after any event are also reported. The same is repeated for all HH and LL alarms. We must generate reports with well-defined alarm tags to make sure we're not getting any fake data."
The DOSS reports also include:
- Database of safety integrity level SIL-1, SIL-2 or SIL-3loops, which is a complete database of SIL references generated through RasGas's SAP system. For every instrument loop there is an equipment strategy based on the SIL level it carries. This database is a reference to assign the SIL level against each of the initiators in the DOSS report.
- Segregation of initiators, which are categorized based on their asset; SIL level; number of times an initiator gets triggered; and type of initiator such as process HH or LL alarms, manual shutdown such as by pushbutton, or mechanical shutdown from over-speed or vibration.
- Filters configured in the report. For example, the initiator must have the UZ as "following" against it; all the alarms must be "state" alarms, which are valid alarms coming from the SIS system; data removed due to planned shutdown; chattering alarms removed because they appear more than three times; and data removed due to LNG loading tests offsite.
The DOSS KPI reports also summarize and present their results on scorecards with user-friendly spreadsheets, bar charts and pie charts. These scorecards also group all applicable events by number of occurrences, initiator counts and if they're at SIL-1, SIL-2 or SIL-3 levels. Farooqi says the reports and scorecards make it easy to see any bad actors.
"We also recommend building a team of subject matter experts from the process engineering, loss prevention, asset operations and control system departments, determining tasks to perform, and then assigning roles and responsibilities for every individual on the team," added Farooqi. He also suggests:
- Arranging monthly meetings on DOSS reports to analyze the bad actors
- Generating a report on the team's findings and respective actions;
- Raising and encouraging management of change (MOC) to develop consensus with other concerned parties in the organization to help obtain necessary approvals;
- Implementing each change or parking it until the next shutdown window, if an online change is a risky proposition;
- Observing the change for a few months to monitor its results; and,
- Closing the item if no issues are observed.