ARNOLD, K. (1999). Design of Gas-Handling Systems and Facilities (2nd ed.) Episode 2 Part 7 docx

CHAPTIR

14

Safety Systems*

This chapter discusses overall safety analysis techniques for evaluating

production facilities, describes the concepts used to determine where safe￾ty shutdown sensors are required, and provides background and insight

into the concept of a Safety and Environmental Management Program.

To develop a safe design, it is necessary to first design and specify all

equipment and systems in accordance with applicable codes and stan￾dards. Once the system is designed, a process safety shutdown system is

specified to assure that potential hazards that can be detected by measur￾ing process upsets are detected, and that appropriate safety actions (nor￾mally an automatic shutdown) are initiated. A hazards analysis is then

normally undertaken to identify and mitigate potential hazards that could

lead to fire, explosion, pollution, or injury to personnel and that cannot

be detected as process upsets. Finally, a system of safety management is

implemented to assure the system is operated and maintained in a safe

manner by personnel who have received adequate training.

Safety analysis concepts are discussed in this chapter by first describ￾ing a generalized hazard tree for a production facility. From this analysis,

decisions can be made regarding devices that could be installed to moni￾tor process upset conditions and to keep them from creating hazards.

^Reviewed for the 1999 edition by Benjamin T. Banken of Paragon Engineering

Services, Inc.

386

Safety Systems 387

This analysis forms the basis of a widely used industry consensus stan￾dard, American Petroleum Institute, Recommended Practice 14C, Analy￾sis, Design, Installation, and Testing of Basic Surface Systems for Off￾shore Production Platforms (RP14C), which contains a procedure for

determining required process safety devices and shutdowns. The proce￾dures described here can be used to develop checklists for devices not

covered by RP14C or to modify the consensus checklists presented in

RP14C in areas of the world where RP14C is not mandated.

While RP14C provides guidance on the need for process safety

devices, it is desirable to perform a complete hazards analysis of the

facility to identify hazards that are not necessarily detected or contained

by process safety devices and that could lead to loss of containment of

hydrocarbons or otherwise lead to fire, explosion, pollution, or injury to

personnel. The industry consensus standard, American Petroleum Insti￾tute Recommended Practice 14J, Design and Hazards Analysis for Off￾shore Facilities (RP14J), provides guidance as to the use of various haz￾ards analysis techniques.

The final portion of this chapter describes the management of safety

using Safety and Environmental Management Programs (SEMP) as

defined in API RP75, Recommended Practices for Development of a

Safety and Environmental Management Program for the Outer Continen￾tal Shelf (OCS) Operations and Facilities, and using a Safety Case

approach as is commonly done in the North Sea.

HAZARD TREE

The purpose of a hazard tree is to identify potential hazards, define the

conditions necessary for each hazard, and identify the source for each

condition. Thus, a chain of events can be established that forms a neces￾sary series of required steps that results in the identified hazard. This is

called a "hazard tree." If any of the events leading to the hazard can be

eliminated with absolute certainty, the hazard itself can be avoided.

A hazard tree is constructed by first identifying potential hazards.

Starting with the hazard itself, it is possible to determine the conditions

necessary for this hazard to exist. For these conditions to exist, a source

that creates that condition must exist and so forth. Using this reasoning, a

hierarchy of events can be drawn, which becomes the hazard tree. In a

hazard analysis an attempt is made, starting at the lowest level in the tree,

to see if it is possible to break the chain leading to the hazard by elimi-