Continue to Site

Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

Register Log in
  • Congratulations IDS on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

SIS and LOPA 1

Status
Not open for further replies.
owg

owg

Chemical
Sep 2, 2001
741
I would be interested to hear of our members' experiences with Safety Instrumented Systems (SIS) and/or Layer of Protection Analysis (LOPA). Some of our clients are taking tentative steps into these subjects. They are writing engineering standards and starting to apply them. They are asking whether they should include determination of Safety Integrity Level for some of their critical Protective Control Systems. About 3 or 4 years ago the Center for Chemical Process Safety of the AIChE published a book on Layer of Protection Analysis. Are members applying this methodology? What outcomes have resulted?

HAZOP at
 
Replies continue below

Recommended for you

Sort by date Sort by votes
I lack exposure to LPA. LPA appears to be another trendy marketing method for hazard and risk evaluation. As with the other methods I suppose that you identify a Safety Integrity Level for each subset of a process facility. This is required to determine the level of field instrument coverage associated with the Safety Instrumented System. Various methods exist for process hazard analysis. HAZOP is among the most popular.

ISA-TR84.00.02-2002 – Part 1 includes the phrase Safety Instrumented Functions (SIF). ISA 84 addresses Fault Tree and Markov. Although the Layer of Protection Analysis is all over the ABS site, I do not recall seeing LPA in ISA 84.

From the ABS Consulting site,
Key Questions for Protection Layers
How safe is safe enough?
How many protection layers are needed?
How much risk reduction should each layer provide?

LOPA Answers the Key Questions About the Number and Strength of Protection Layers by:
Providing rational, semiquantitative, risk-based answers
Reducing emotionalism
Providing clarity and consistency
Documenting the basis of the decision
Facilitating understanding among plant personnel

HAZOP has deficiencies. The questions fall along the lines of excess of a property such as flow or pressure then inadequate level of that property around a node. HAZOP does not address the environmental issues associated with area classification, etc. I participated in a HAZOP of a platform with some majore compressors. The skids were poorly classified and crappy instrument and electrical devices installed without any regard to rathional thought. The HAZOP does not address these type problems. I encourage each process hazard consulting firm to add a few issues to the process analysis that are outside the piping system. Do you suppose the LOPA is the answer?

John
 
Upvote 0 Downvote
Thanks for kicking off the thread John. Regarding your question, I would rather hold off on betraying my bias until a few more members have weighed in.

HAZOP at
 
Upvote 0 Downvote
We are just starting to use this methodology (LOPA) for safety instrumented systems.
One of the key drivers for this is the UK CoMAH legislation (We are a top tier site), and the HSE enforcement for this goes along the lines of requiring us to demonstrate that our instrumentation is fit for purpose. LOPA is a useful tool for doing this, and was certainly better to many of the other alternatives outlined in the IEC 61511 standard. One of the main advantages is that other systems directly tell you that there is a requirement for a certain safety integrity level (SIL) of an instrument. LOPA allows the assessing team to come up with alternative strategies for dealing with the risks.
 
Upvote 0 Downvote
As you review serious losses of containment, do you find that instrument failure was in the chain of events? It seems to me that quite a few catastrophic releases are due to corrosion/erosion/impact, and isolation or release instrumentation, no matter how reliable, will do little to mitigate the loss.

HAZOP at
 
Upvote 0 Downvote
Owg,

Control systems are not my expertise but I'm at a facility that for years have had their own proprietary means of evaluating safety critical instrumentation. They are in the process of revising their methods to fall in line with the ISA standards, for one reason because OSHA has accepted it as a good engineering practice.

I'm sure there are many places on the internet that you can find discussions about this but here's one as example....

So now our facility is applying the SIL determinations for any new designs and will be reassessing all existing systems to the new SIL requirements. As far as I know, I don't think using the new SIL determinations are resuliting in any significant changes to the safety systems as was previously designed using their proprietary methods.

In regards to your last post, take another look at the above internet link.
 
Upvote 0 Downvote
EGT01 - Thanks for the reference, it provided a helpful summary of the situation. The article opened with a brief description of three major losses. It is not clear from the paper whether these three losses were due to control system failure. I haven't read about Sevesco recently but I don't think Flixborough and Bhopal were due to control system failure. I don't think Chernobyl was due to control system failure either. The paper then states that HSE examined 43 incidents that were due to control system failures. Inferences are then drawn from these statistics.

I have reviewed a few accident reports at and I have not found "failure of the protective system" among the causes, either root or contributing. Are we focusing our scarce resources in the right area?

HAZOP at
 
Upvote 0 Downvote
owg,
LOPA is not intended just a system for evaluating instrumentation systems. It is first and foremost a risk assessment tool. It can be applied to assessing the integrity level required for an instrumented system. If it is simply a case of using LOPA to determine the integrity of an instrumented system, then in my opinion, it is not being used as effectively as it could be. The LOPA tool is used simply to determine whether the system or process is 'safe', where safe is defined as meeting a required standard or level of risk. It can indeed be used as a tool for incidents caused by corrosion, erosion, human error etc. I have often found that, when carrying out our LOPA assessments that simply upgrading instrumentation is often neither the easiest or most cost effective approach. Indeed we have a policy of reducing the reliance on safety instrumented systems as far as possible.
In this months 'The Chemical Engineer' magazine, published by the IChemE in the UK, there is a quote by Clive de Salis (md of Rowan House and chair of the 61508 association's education working group).
The fact that a SIL 2 safety looop is necessary is not a success, it is a failure. It means that the residual risk from the process was unacceptable and that SIL 2 reliability on the safety trip was necessary to bring the residual risk down to an acceptable level. SIL any number is a failure. A high integrity safety instrumented system should not be a sticking plaster over poor process plant safety.
Click to expand...
 
Upvote 0 Downvote
TrevorP - Many thanks for your excellent summary on the proper use of LOPA. I will make use of that quote, and I will be checking the context.

HAZOP at
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TiCl4
  • Locked
  • Question
Stripper Large Turndown and Design Equations
Replies
6
Views
215
pierreick
pierreick
engr2GW
  • Locked
  • Question
Double block and bleed and bypass
Replies
13
Views
379
1503-44
1503-44
MHamza37
  • Locked
  • Question
Pumps and Compressors
Replies
1
Views
119
LittleInch
LittleInch
aegis4048
  • Locked
  • Question
Split ratio control for split gas flow (99% and 1% split) 2
Replies
8
Views
327
georgeverghese
georgeverghese
wd1980
  • Locked
  • Question
flare capacity and flare radiation 1
Replies
10
Views
291
pierreick
pierreick

Part and Inventory Search

Sponsor

Back
Top Bottom