Embed SIL Determination with PHA/HAZOPs – Part II
There is essentially No change to how we lead HAZOPs when discussing SIL; SIL is just one of the available safeguards (exsiting or future). We do not risk rank in the meetings either; qualitative judgement is as good or better than risk ranking anyway due to the extremely large standard deviations of failure rates data for causes and safeguards. It takes too long to explain the whole approach here, but if you have been leading a lot of HAZOPs, perhaps just what I typed above will make sense.
Example 1: I’m on a HAZOP of a Crude Unit in Canada this week. We are NOT risk ranking and have covered 45 nodes of equipment (a line system is a node and includes pumps and heat exchangers); a column is a node; a vessel is a node. For each node we discuss about 8-10 possible parametric deivations and loss of containment. This is for continuous (normal) mode of operation. In 6 months we will review step-by- step to find new scenarios that are unique to non-routine modes of operation (80% of major accidents occur during non-routine modes such as startup and online maintenance). The team brainstorms a scenario about about high pressure in the atmospheric column and finds there are five relief valves that together add up to the full capacity of the large release possible/needed. We discuss the cause (vent valve from the overhead receiver fails closed) and determine that the only time the max capacity limit is when the recycle of naptha also shutdown at the same time (a partial power is needed in addition to the vent valve failing closed); if it doesn’t shutdown then we have double the relief capacity needed for the standard issue, if the vent valve fails closed. So, the team qualitative judges the scenario is safeguarded well enough and no additional safeguards are needed. So, we Determined no SIF is required. That was a SIL determination.
Example 2: IF for the same scenario we determined that no additional failures were necessary to reach the design pressure (relief valve setup) and capacity limits, then we would likely have recommended an additional safeguard or two. Choices are; adding a second, full size relief system (non-SIS but still a great safeguard that is valued at about a 10 fold to 100 fold reduction in risk, if we were doing a LOPA, which we aren’t yet) or we would recommend a SIF… the team would then qualitative decide sould it be a SIL 1 or 2, just comparing relatively to the qualitative experience the members have with SIS safeguards. The SIF would likely be a second vent line opening on high pressure, rather than a shut down tyoe. In EITHER of these choices of additional protection layers, we just completed the SIL Determination.
After approval of the findings and recommendations, we will design what is necessary, including any SIF; then just like with double-checking the relief valve sizing to make sure the relief capacity is sufficient, we will do a SIL Verification, if that form a protection layer was chosen, to make sure the SIF from the final design will give us the SIL we asked for.