Implementing LOPA Recommendations Into Design of Instrumented Protective Systems

Safety and Health Division
AIChE Spring Meeting and Global Congress on Process Safety
April 30, 2013 - 10:45am-11:15am

The inherent process risk is reduced to a tolerable level by implementing Protective Functions. Each organization has to define the tolerable risk level. Each Protective Function reduces the risk by certain order of magnitude and act as an Independent Protection Layer (IPL).  Layers of Protection Analysis (LOPA) is one of the most widely used semi-quantitative methods of analyzing and documenting protective functions. An important outcome of LOPA is identification of Instrumented Protective Functions (IPF) essential for required risk reduction. The required Safety Integrity Level (SIL) of each IPF is also determined during LOPA. SIL defines the target performance level of an IPF in terms of a range of Probability of Failure on Demand (PFD).

The Instrumented Protective System (IPS) design, implementation, maintenance and operation are covered by ISA84 standard as Functional Safety Lifecycle. ISA84 is endorsed by OSHA as a Recognized And Generally Accepted Good Engineering Practice (RAGAGEP).  If an employer documents that it will comply with ISA84 and meets all ISA84 requirements, the employer will be considered in compliance with OSHA PSM requirements for the IPS.

An IPF must be designed to meet the requirements of ISA84 to be an Independent Protection Layer (IPL). In Functional Safety lifecycle, the next step after LOPA is conceptual design of the IPS. In most cases multiple IPFs and control functions require the same process value. For example, an alarm, a trip and a PID control loop may require the same process measurement.

This paper talks about the design of adequate instrumentation that needs to be provided to meet the independency criteria of IPL.  Various scenarios are discussed on how and when to share the process signals between IPS and Basic Process Control System (BPCS). Good engineering practices to achieve safety as well as reliability of the system by means of different fault tolerant configurations are discussed. Typical P&ID representation of some of the common scenarios is also presented.

If operator response to alarm is one of the IPLs, then some additional requirements need to be taken into consideration such as Operator Response Time, Process Safety Time, Human factors, etc. If certain protection layers are found to be inadequate during the safety system engineering and design, an iterative approach to revisit the LOPA is required to ensure the required risk reduction is achieved by the IPLs.

Professional Development Hours
0.5 PDHs
You will be able to download and print a certificate for these PDH credits once the content has been viewed. If you have already viewed this content, please click here to login.

Would you like to access this content?

No problem. You just have to complete the following steps.

You have completed 0 of 2 steps.

  1. Log in

    You must be logged in to view this content. Log in now.

  2. Purchase Technical Presentation

    You must purchase this technical presentation using one of the options below.
    If you already purchased this content recently, please click here to refresh the system's record of ownerships.


Credits 0.5 Use credits
List Price $25.00 Buy now
AIChE Members $15.00 Buy now
AIChE Undergraduate Student Members Free Free access
AIChE Graduate Student Members Free Free access
Related Topics: