SIL and LOPA: How Reliable are your safeguards?

Written by Chemolution in Process Safety

Chemical processes always carry the risk of incidents, and such incidents can cause catastrophic consequences, including loss of life, property, environment, and legal consequences. Nobody wants incidents to occur in their manufacturing plants, but efforts and expenditure are required to prevent them. Thus, there is always a question, “How safe is safe enough?”

In this article, we will take a close look at the quantification of risk and the reliability of safeguards.

What is Risk?

The risk is the multiplication of the probability of occurrence of the cause of the incident and the severity of the consequences. Risk is generally ranked in a semi-quantitative manner in PHA/HAZOP. Refer to our last article on the process of risk identification and risk ranking. Link

Thus, to reduce risk, there are two options

Option 1: Reduce the probability of the occurrence of an event

Option 2: Reduce the severity of the incident

Reducing the probability of occurrence of the event is the preferred option wherever possible, as reducing severity is not always feasible with currently available technology with economic viability

Tolerable Risk Criteria

To answer, “How much risk reduction is good enough?” Industries define their risk tolerance criteria. This criterion is nothing but the frequency at which the organization accepts catastrophic events to take place. A general range is once in 10000 to 100000 years, i.e 10-4 to 10-5 events per year.

Failure Frequency

Incidents can occur only in the case of a failure. There are many ways this failure can occur, ranging from “Human Error” to “Failure of BPCS Loop”. But each of the failures does not fail with the same frequency. Thus, CCPS (Centre for Chemical Process Safety) has published a failure frequency for most of the types of failure.

READ  Interview Questions for Process Safety and Technical Safety Professionals

Examples of failure frequency:

  1. The dangerous failure rate of a BPCS: 0.1/year.
  2. Pump seal leakage:1/year
  3. Single check valve failure: 0.1/yr
  4. Failure of double-check valves in series: 0.01/year

Independent Protection Layers (IPLs)

To reduce the frequency of occurrence of failures leading to catastrophic incidents, it is required to install multiple protection layers. These protection layers will come with their individual failure frequencies, but the frequency of their simultaneous failure (along with the failure frequency of the cause) will be low. This simultaneous failure frequency should be less than tolerable risk criteria. Simultaneous failure frequency (Also called PFD Total) is the multiplication of individual failure frequencies.

Conditions to qualify as IPL

  • Components of the layer are not shared for the operation of the process
  • Well-defined and auditable function
  • It has defined reliability (or failure frequency)
  • Its function is secured through access control and management of change

Examples of IPLs with reliability (Failure frequency)

  1. Rupture Disc: 0.01/year
  2. Conservation Vacuum and/or Pressure Relief Vent (Breather Valve): 0.01/year
  3. Spring-Operated Pressure Relief Valve: 0.01/year
  4. Pressure reducing regulator: 0.1/year
Architecture of Basic Process Control System (BPCS) and Risk Reduction ...
Fig 1: BPCS and SIS

Requirement and reliability of SIL

From the data shared above, it is evident that reaching tolerable risk criteria of 10-4 to 10-5 events/year is not easy with the use of a single IPL, and thus a combination of them is required. The gap between existing PFDTotal and required PFD (Tolerable risk criteria) is the demanded risk reduction satisfied by installing SIF Loop (also called a SIL rated function)

What is SIF Loop?

SIF (Safety Instrumented Function) consists of a sensor (e.g., temperature transmitter), a processor (safety PLC), and a final control element (e.g., an ON-OFF valve). The role of the function is to put the final control element when the process parameter reaches a defined value as read by the sensor. The signal is processed through an independent processor so that there is no “common failure mode” and the safety action is executed reliably when there is demand.

READ  HAZOP (Hazard and Operability Study): Everything You Need to Know

Reliability of SIL-rated functions:

SIL-rated functions are categorized based on their PFDs (or reliabilities) as follows:

What is Basic Process Control Systems (BPCS) and how to determine ...

Fig 2: SIL Reliability

What is LOPA?

LOPA is a systematic study to analyze exiting IPLs and its reliability leading to pinpointing gaps in terms of additional risk reduction required (Either through technical or instrumented functions)

The steps for conducting a LOPA are as follows:

  • Identify and define the undesirable impact or consequence
  • Determine what events could initiate the undesirable impact
  • Determine and list available layers of protection for preventing the initiating event from creating an undesirable impact
  • Quantify from existing data and engineering judgment how frequently the initiating events take place
  • Quantify based on existing data and engineering judgment (probability of failure on demand) for the existing safeguards
  • Calculate the resulting frequency of the undesirable impact and decide whether acceptable or needs further risk reduction

A Simple Example of SIL Calculation:

Q: An exothermic reaction requires heating to be provided till a certain temperature is reached; after that, the reaction is self-sustaining and can lead to thermal runaway in case external heating is supplied. Thus, there is a process interlock provided to stop steam at high temperatures. As the exothermic reaction will generate pressure, to prevent rupture of the vessel, an adequately sized rupture disc is provided. What is the level of SIL measure required additionally to reduce risk to 10-4 per year?

Answer:

  • PFD for BPCS Loop failure is 0.1/year (Initiating event frequency)
  • A rupture disc sized for the scenario has a reliability of 0.01/year (PFD for safeguard)
  • Thus, total PFD (Multiplication of the two) is 0.1*0.01=0.001 i.e 10-3 /year
  • Additional risk reduction required is 0.1 (to reach 10-4 per year)
  • Thus, a SIL-1 rated interlock (with a separate sensor and actor) is required to reach the desired risk reduction.
READ  Interview Questions for Process Safety and Technical Safety Professionals

The frequency of occurrence can be adjusted based on site conditions by using factors like occupancy factor, ignition probability, and time at risk, which brings down the required SIL level that needs to be implemented.

Let us know in the comments if you want to know more about the same.

Related Posts:

Chemolution

I am a passionate Chemical Engineer with experience in Operations, Process Engineering and Process Safety. I am trained in Process Engineering. Process Hazard Analysis, SIL and LOPA, Functional safety and Fire and explosion prevention. I like to write technical blogs and discuss industry problems to suggest feasible solutions in Chemical Engineering World.

One thought on “SIL and LOPA: How Reliable are your safeguards?

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts