Chemical processes always carry risk of incidents and such incidents can cause catastrophic consequences including loss of life, property, environment and legal consequences. Nobody wants incident to occur in their manufacturing plants but it demands efforts and expenditure to prevent them. Thus, there is always a question that “How safe is safe enough?”
In this article we will take a close look at quantification of risk and reliability of safeguards.
What is risk?
The risk is multiplication of Probability of occurrence of cause of incident and Severity of the consequences. Risk is generally ranked in a semi-quantitative manner in PHA/HAZOP. Refer our last article on process of risk identification and risk ranking. Link
Thus, to reduce risk, there are two options
Option 1: Reduce probability of occurrence of event
Option 2: Reduce severity of the incident
Reducing the probability of occurrence of event is the preferred option wherever possible as reducing severity is not always feasible with currently available technology with economic viability
Tolerable Risk Criteria
To answer “how much risk reduction is good enough?”, industries define their risk tolerance criteria. This criteria is nothing but at what frequency the organization accepts catastrophic events to take place. A general range is once in 10000 to 100000 years i.e 10-4 to 10-5 event per year.
Failure Frequency
Incident can occur only in case of a failure. There are many ways this failure can occur ranging from “Human Error” to “Failure of BPCS Loop”. But each of the failure does not fail with same frequency. Thus, CCPS (Centre for Chemical Process Safety) has published a failure frequency for most of the types of failure.
Examples for failure frequency:
- The dangerous failure rate of a BPCS: 0.1/year.
- Pump seal leakage:1/year
- Single check valve failure: 0.1/yr
- Failure of double check valves in series: 0.01/year
Independant Protection Layers (IPLs)
To reduce frequency of occurrence for failures leading to catastrophic incidents, it is required to install multiple protection layers. These protection layers will come with their individual failure frequencies, but frequency of their simultaneous failure (along with the failure frequency of the cause) will be low. This simultaneous failure frequency should be less than tolerable risk criteria. Simultaneous failure frequency (Also called PFD Total) is the multiplication of individual failure frequencies.
Conditions to qualify as IPL
- Components of layer are not shared for operation of the process
- Well defined and auditable function
- It has defined reliability (or failure frequency)
- Its function is secured through access control and management of change
Examples of IPLs with reliability (Failure frequency)
- Rupture Disc: 0.01/year
- Conservation Vacuum and/or Pressure Relief Vent (Breather Valve): 0.01/year
- Spring-Operated Pressure Relief Valve: 0.01/year
- Pressure reducing regulator: 0.1/year
Requirement and reliability of SIL
From the data shared above, it is evident that reaching tolerable risk criteria of 10-4 to 10-5 event/year is not easy by use of single IPL and thus a combination of them is required. The gap between existing PFDTotal and required PFD (Tolerable risk criteria) is the demanded risk reduction satisfied by installing SIF Loop (also called a SIL rated function)
What is SIF Loop:
SIF (Safety Instrumented Function) consisting of a sensor (eg. Temperature Transmitter), a processor (Safety PLC) and Final control element (eg. ON-OFF valve). The role of the function is to put final control element when the process parameter reaches defined value as read by the sensor. The signal is processes through independent processor so that there is no “common failure mode” and the safety action is executed reliably when there is demand.
Reliability of SIL rated functions:
SIL rated functions are categorized based on their PFDs (or reliabilities) as following:
Fig 2: SIL Reliability
A Simple Example of SIL Calculation:
Q: An exothermic reaction requires heating to be provided till a certain temperature is reached after that the reaction is self-sustaining and can lead to thermal runaway in case of external heating is supplied. Thus, there is a Process Interlock provided to stop steam on High temperature. As the exothermic reaction will generate pressure, to prevent rupture of vessel, a adequately sized rupture disc is provided. What is the level of SIL measure required additionally to reduce risk to 10-4 per year.
Answer:
- PFD for BPCS Loop failure is 0.1/year (Initiating event frequency)
- A rupture disc sized for the scenario has a reliability of 0.01/year (PFD for safeguard)
- Thus, total PFD (Multiplication of the two) is 0.1*0.01=0.001 i.e 10-3 /year
- Additional risk reduction required is 0.1 (to reach 10-4 per year)
- Thus, SIL 1 rated interlock (with separate sensor and actor is required to reach desired risk reduction.
Frequency of occurrence can be adjusted based on site conditions by using factors like occupancy factor, ignition probability and time at risk which brings down the required SIL level that needs to be implemented.
Let us know in the comments if you want to know more on the same
