jouney of process safety (2)

Fail- safe designs & Fall- back systems- Journey of ………. Process safety …….

May 2015

Balarama Krishna Rajasekhar Polapragada – Principal Process Engineer –

SLFE- Kingdom of Saudi Arabia

Krishna- Principal process Engineer SLFE- Al-Khobar- K.S.A

Green and Sustainable Design

Fail-safe Design

Fall-Back

Safe- Design

Why Fail-Safe Designs ?


• Operators may not be qualified or trained ,• 100% Safe Systems may not be developed . • Instruments or equipments may fail. • Design basis may be not be right. • Natural disasters, war, sabotage etc. • Not learnt from past failures ( history repeats).

But we want DESIGN to work safely.

Flixborough, England (1974)


What all can Fail ?


•Instruments ? •Equipment ?•Process or Utilities ?•Operators ?• Designers ? •All the above !

Which should NOT fail ?


• Fail- safe Designs !

• Fall-back safe systems !

• Fool- Safe operations!

Fail- Safe Designs !-Golden Gate bridge in San Francisco (designed for double load )-Single redundancy -Double redundancy -SIL 1, 2,…… SIL 10.-Why only Driver less cars ? why not operator less plants ? -90% learn from mistakes -1% need second chance to learn.-0.1% will never learn.-Extra cost, extra caution, extra data required. Krishna- Principal process Engineer SLFE- Al-Khobar- K.S.A

Fall – back safe systems -Early DCS designs retained pneumatic instruments . -Spare equipment, units and plants ! -German designs have small spare wheel so that M/C will not be neglected. - RAM -Process Safety, HAZOP, PSSR, -MOC, API 750. -Continuous improvement of systems is required.


Fool- safe Operation !•Hanging restaurant ( protection for a fall /jump ?) -Inter-locks -Permissive-Stand-by equipment -Operator prompting -Remote monitoring -Remote Shut-off -(satellite -Google style)


Real time design failures Data – Eg. Rain fall in Saudi Arabia is Nil Samples/- Eg. Crude assay old or not available. . Design basis - 3 refineries in india designed oSulfur units for 80:20 Al/AH vs sweet Bombay high crude Design changes : Fuel gas H2S content is different , when tested. -Cost cutting : Universal management strategy. -Tight schedule : Do it yesterday ! - Design tools - Approved Software or lack of it ! -Expertise/training : Updating of software or lack of practice. -Crash tests : Unlike automobiles, crash tests are not feasible. -Common standards : on learning curve or declining curve ?.-Risk levels : Risk levels are based on past experiences. - Future God knows ?


Why designs fail ? -Inadequate protection – no. of Cheese layers. -Lack of data /accurate data -Lack of samples/ right samples. -Lack of clarity on design basis -Frequent changes to design -Cost cutting -Squeezing tight schedule -Lack of right design tools-Lack of design expertise/training -Lack of crash tests -Lack of agreed standards. -Under estimating risk levels.


Case 1 : Reformer Reactor failure : RAM Rating Act A3- Pot. A-4C

What happened ?•6X 9 “ hole on reactor plate

•Where ? •Refinery catalytic reformer

•Final element failure “•Valve to shut-off did not get signal from DCS.

•What design failure ?•Shut –off logic design. •Two-state shut-off , where valve was kept on manual in 1st stage. •programming error . .


How hard wired trip are made fail-safe ? -By redundancy -By Voting mechanism,

How complicated are Nuclear reactor Computer trip systems designs ? Same way as hard wired. But trip checking mechanisms are complicated.

What is the solution ? Failure Mode and Effect Analysis to be made.

Safe Design Solutions – case 1 :


Inherently safe Design ! ESP implementation, for higher reactor temperature. •Fail-safe design : Provide Air Valve trip on High oxygen .•Fall-Back system : Independent valve trip.•Fool-safe Operation : DCS logic change need to be part of Hazop

Case 2 :Steam turbine Rotor failure Ref. Shell Global solutions reports: RAM Rating Act A4- Pot. A-4D

What happened ? Loss of Turbine Blades Where ? 3rd Stage Steam turbine Root cause/ Final element failure •Corrosion assisted fatigue ;•Erosion due to high pH steam condensing.What failed ?•Failure to maintain Blow down. – Operation failure •No steam sampling point– Design failure .• Fail-safe design : Automatic Blow-down • Fall-Back system : Additional Polisher system . • Fool-safe Operation : Remote monitoring of BFW/steam analyzers • .


Case 3 : FCC air Blower trip RAM Rating Act C4- Pot. D4/D5

What happened ? Level control for BFW froze and tripped Boiler. Water entered steam driven air blower and turbine was damaged. Where ? Air blower trip damaged Steam turbine Root cause/ Final element failure •Re-starting Boiler with high steam drum level. What failed ?•Level instrument . Design failure . Inadequate freeze protection •Fail-safe design : protection for severe winter. Review Site conditions. Eg. Saudi Arabia. Nil rain fall is not true. •Fall-Back system : Additional permissive to start Boiler on high steam drum level. •Fool-safe Operation : share freeze-protection practices. • .


Case 4 : Failure of piping RAM Rating Act C4- Pot. D4/D5

What happened ? Furnace Transfer line dislodged. What impact ? Vacuum tower internals damaged ( 20 days shutdown of plant) Root cause/ Final element failure •Steam introduced for furance emergency contained water What failed ? Design failure Inherently safe Design ! Piping slope to drain and , min. distance between remote valve and steam injection point. •Fail-safe design : Slow opening of emergency valve.•Fall-Back system : Additional knock-out pot on steam line •Fool-safe Operation : all valves between remote valve and steam traps to be open • .


Case 5 : Reactor air-cooler Freezing RAM Rating Act A5- Pot. C4

What happened ? Reactor Effluent air cooler leaked and caught fire. (estimated USD 80 Million loss ) Where ? During de-pressuring of reactor Root cause/ Final element failure •Wash water was continued to air cooler , while de-pressurising. What failed ? Design failure for air cooler protection during water freezing. Inherently safe Design : Air cooler design for protection during freezing. •Fail-safe design : TI point to be provided for low temp. below zero and air cooler metallurgy to consider freezing. • Fall-Back system : Automated system to stop water . •Fool-safe Operation : Hazop to include freezing hazard. • .


How to build Intrinsic safe designs ? -Built –in Protection How ? • Accurate data -Right samples. - Clarity on design basis -Firm Design -Provide cost and time -Provide right design tools-Right Design expertise/training -Common safety standards. -Over- estimating risk levels.


What Next ? Green and Sustainable Design

Fail-safe Design Fall-Back

Safe- Design

Intrinsic Safe Design Thanks !

Fool-proof operation

Every one needs Rest and Sleep

what is the ultimate ? , Intrinsic….. Safe Designs to sustainable , green designs ?


Intrinsically Safe Designs with built in Intelligence ?