What Should Have Happened at Deepwater Horizon
Two of our regular contributors have weighed in on the Deepwater Horizon oil spill in our SoundOff! blog (http://tinyurl.com/2b29538). From Béla Lipták: "I would never allow ANY critical shut-off valve to be installed without a remote trigger. Same with the dead man switch. The same with mine operation without methane monitored escape alarm, etc, etc."
John Cusimano of exida, (www.exida.com) sent the following comment:
"[Why aren't] BOPs designed and certified to IEC 61508 (SIL 3 or better)? None are listed in the Safety Automation Equipment List (http://tinyurl.com/2d3dspk), nor was I able to find any on Google. IEC 61508 has been the international standard for functional safety since 1998. Numerous valves and actuators, including hydraulic actuators, have been certified, yet these super-critical valves that are the last defense to prevent a catastrophe like the Deepwater Horizon don't seem to have any functional safety certification.
"The literature I've seen lists the following certifications: API RP 500B, API RP 14F, NEC Article 500, NFPA 476, UL, CSA, FM, NEMA, CENELEC, BASEEFA, British Standards
"This excellent paper (http://tinyurl.com/2g3sglz) discusses application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry. Section A14.2 discusses BOPs.
"From this picture of the Deepwater Horizon BOP (http://tinyurl.com/2dtdrjy), it appears to me this valve was configured to be Normally Open (NO). To be failsafe, shouldn't it have been designed to be Normally Closed and held open by a signal from the platform? Clearly this thing wasn't designed to be fail-safe. BP engineers say even the E-Stop didn't work.
"‘We don't know why it didn't work,' says BP spokesman William Salvin. ‘We know automatic systems did not close it; we know workers hit the manual switch before evacuating the rig; and we have been trying since hours after the incident to activate the blowout preventer, and that has not been successful.'
"Unfortunately, if no one is specifying SIL-rated BOPs, then no one is going to get them."
Rush to Judgement
This in response to Walt Boyes' May 5 SoundOff! post on the oil spill (http://tinyurl.com/2cguj9g): Until someone comes forward with solid evidence of why the Blow Out Preventer system failed to trip properly, I recommend withholding judgement on BP's post accident behavior. I'll concede that at the moment, they appear to be doing many of the correct things.
Right now, we haven't heard much from anyone who might know what the condition the well is in under 5000 feet of water. For all we know, they could have stumbled upon extreme conditions that nobody could have predicted.
Ultimately, the drilling rig risks are entirely BP's. On the other hand, this caliber of oil-spill risk was not theirs to take. If evidence suggests they cut corners on the BOP maintenance, it could be the end of the company.
Until we hear or see evidence of what went wrong, I recommend suspending judgment of BP's culpability.
An error appeared in a news item in May's InProcess. It should have read as follows: "Houston-based Vize, LLC, supplies a complete line of magnetic level indicators (MLI), engineered bridle solutions and accessories. An important addition to the Ohmart/VEGA family, Vize product lines complete Ohmart/VEGA's full offering of level measurement technologies. Ohmart/VEGA and Vize share the goal of understanding individual process and application needs, to supply a solution that is safe, accurate, and low-maintenance."