(30b) Is Your SIF Trying to Do Too Much?
AIChE Spring Meeting and Global Congress on Process Safety
2021
2021 AIChE Virtual Spring Meeting and 17th Global Congress on Process Safety
Global Congress on Process Safety
Engineered Safety Systems and Mitigation Technologies I
Tuesday, April 20, 2021 - 11:20am to 11:40am
What if the SIF includes all the sensors and final elements that are involved in any trip of a large processing unit like a heater, a reformer, or a distillation column? What if the SIF includes the actions to shutdown upstream units that feed the unit being tripped? What if the SIF includes the actions to shutdown downstream units that feed the unit being tripped? When SIL verification is done for an SIF as described here, the result may be that the target PFD and SIL cannot be achieved. The temptation may be to add redundancy in sensors and final elements or to reduce the proof test interval in an attempt to reduce the calculated PFD. Frustration may abound as capital and operating costs rise steeply.
This paper shows how to use the principles of LOPA (layer of protection analysis) and the information in the PHA (process hazard analysis) to split up the massive SIF into smaller SIFs that more manageable. The smaller SIF need include only the sensors, logic solver(s), and final elements that detect and prevent a specific scenario (one cause leading to one consequence). The approach makes sure all the smaller SIFs can protect against all the scenarios that the massive SIF was intended to prevent. Trips of upstream and downstream units are considered as orderly shut-down actions. If needed, trips of upstream and downstream units are analyzed as small SIFs, as well.
With reasonable size SIFs, there is an opportunity to design the SIF with a reasonable number of sensors and final elements, and a reasonably long proof test interval.
Examples will be included