Take security seriously
From a purely economic point of view, the loss of containment in a container or an accident are monetary impacts from its most basic and trivial, aspect which is the loss of production and replacement of production units. Not to mention when it's damage to nature and, much worse, when there are dead as a result of an accident.
Legislation
There are also norms and standards (as, for example, the standards IEC / EN 61508 and IEC / EN 61511 on instrumented systems of safety or standard EN 54 fire and gas detection systems) that are responsible for establishing procedures, development, support and analysis methodologies and approaches. While in Europe the norms and standards are not mandatory (unless the legislation refers explicitly to these documents), they are considered "good engineering practices" and automatically become the standard de facto field dealing with. No questions today, ISO-9000 or 14000 standards. They have simply been in a quasi-obligatory reference.
Accidents
Table 1 shows some of the best known in recent years accidents. The list could be supplemented by dozens of cases more, involving similar levels of consequences and tragedies. In fact, even the figures provided by different organizations and authors coincide with differences, in dramatic, of thousands of dead cases, good accidentally directly or indirectly as a result of emissions or burns.
Year | Company | Place | Installation | Consequences |
---|---|---|---|---|
1974 | Nypro | Flixborough (UK) | Caprolactam plant | Plant destroyed 28 dead 36 wounded serious hundreds of minor injuries 2,000 affected buildings |
1976 | ICMESA | Seveso (Italy) | Plant pesticides | Emission of dioxins damage to the environment |
1984 | PEMEX | San Juan from Ixhuatepec (Mexico) | LPG plant | Plant destroyed 498 killed 7,000 + injured |
1984 | Union Carbide | Bhopal (INDIA) | Plant of isocyanates | Toxic cloud of isocyanate 15,000 + dead 500,000 + affected |
1984 | Petrobras | Cubatao, Brazil) | Pipeline | Spill and fire 508 deaths |
1992 | PEMEX | Guadalajara (Mexico) | Sewerage system | Explosion of gas 190 dead 470 wounded 1,500 affected buildings |
1993 | PDVSA | Caracas-Tejerias (VENEZUELA) | Gas pipeline | 70 dead |
1994 | PEMEX | Tabasco (Mexico) | Gas pipeline | 10 dead |
1994 | PDVSA | Monagas (VENEZUELA) | Gas pipeline | 70 dead |
1996 | Repsol YPF | Puertollano, Spain) | Caldera | 4 killed, 4 injured |
2001 | AZF (Total) | Toulouse (France) | Warehouse of ammonium nitrate | Plant destroyed 31 dead, 2,500 injured 27,000 affected buildings |
2003 | Repsol YPF | Puertollano, Spain) | Park tanks | Several tanks destroyed nine wounded several dead |
2003 | Sonatrach | Skikda (Algeria) | Gas plant | Plant destroyed 27 dead, 74 injured |
2003 | CNPC | Chongqing (CHINA) | Gas reservoir | 193 killed 10,000 + intoxicated 28 affected urban centres |
2004 | Fluxys | Ghislenghien (Belgium) | Gas pipeline | 15 killed 200 + injured |
2005 | BP | Texas (USA) | Isomerization unit | Plant destroyed 15 dead 100 + injured |
The security of the process
The first measures of security that is usually to talk about are those of the worker: safety, gloves, goggles product, boots correct postures, harnesses, etc. This set of equipment (known as EPIs - Individual protection equipment) make up job security. Large number of accidents stem from bad practices of work or lack of training and work safety culture. In other cases, it is the security of the process which is to blame.
There are many theories and methods on risk analysis, tools to identify and study the dangers and methodologies for their minimization. The best known methods of process hazards analysis (PHA - Process Hazard Analysis), include studies HAZOP (HAZard and OPerablity), What-If, trees of failures (FTA) and similar.
All these methods of study are focused on the identification of causes of potentially dangerous scenarios. And based on their results correction and protective measures are proposed. Some of these measures relate to the control of the process (monitor a variable which had not taken into account or generate an alarm, for example); others relate to both physical and civil of the installation (strengthen the walls of the container, build pails under the tanks, or install disks of break-up, to name a few); another group may include changes in procedures for the operation and access to a particular area.
Types of safety instrumented systems
- ESD (emergency shutdown or emergency stop system). System for the prevention of accidents, which will take the plant to secure State (partial or full stop) in a situation of risk.
- F&G (Fire & Gas System or system of fire and Gas). System responsible for the mitigation of the consequences of an accident or other event derived from leaks, fires, etc.
- BMS (burner management system or system management burners). System responsible for the protection of the boiler, starting and stopping their burners and monitoring the flames. Avoid burners to boot if the right conditions have not been fulfilled and initiates the stop of the burners to unsafe conditions
- HIPS (high integrity protection system or system of high integrity protection). System to replace the pressure relief devices. It must be fast enough to prevent overpressure in the container.
IEC 61508 and 61511 standards
The SIS is designed through the analysis of the information of the HAZOP and the study and modification of the P & IDs process. So there is new measurement and Instrumentation (independent of the basic control) Act whose function is to bring the process to a safe state (stop full or partial) to unsafe conditions. The "head" of this set (SIS) is the logical element, which can be purely based on relays or even on programmable computers electronic (PLCs). The set of ties of security (RIS - Safety Instrumented Function) is what is actually known as SIS. And each loop SIF is assigned a level of integrity of safety (SIL - Safety Integrity Level), which determines the criticality of this loop and relates to the probability that fail the SIF in a need to stop orConversely, the availability of safety equipment when its action is required (see table 2).
In other words, the SIL is related to the probability that any of the components of the system of security fail when he has to carry the process to State insurance (on request of demand). Obviously this data is critical, as is the level that we accept that the security guard not rolled to a flaw in the basic control equipment and all the other physical safeguards. The consequences are obvious: when failure security system there is an accident. The SIL level also requires the use of certain redundancies in the field instrumentation and the logical element (IEC 61511, clause 11.4), aspect which is sometimes forgotten.
Therefore, it is obvious that the SIL level is a very important value. However, no less important is the fact that, following these rules, and in particular the 61511, is the end user responsible for allocating its target level of tolerance to each risk, and as a result, if you need a safety loop or not, and the level of security of the SIF.
Usually forgotten, by the fact that it is not taken into account for the time being by the rules, is the false fire caused by the SIS data. Considered the availability of the SIS, related to the SIL, but not usually take into account the availability of the process, equally important aspect. False shot occurs when the security guard causes a stop of plant without that process conditions are unsafe.
It is simply a failure. A failure at times because of the instrumentation and other times because of the "mastermind" of the guard. And what consequences does this rate of fire in false? An unnecessary stop generates as a first step economic losses, because it stops, or as little is decreased, the production. But we must not forget that a sudden stop of plant generates a huge human movement in the installation.
You want to find out the reasons for such a stop, to prevent other problems and reboot as soon as possible. As a result there are moments of high stress among workers, plant engineers and maintenance staff. And stress causes errors. And errors, accidents. Therefore it should not be forgotten that the boot of a plant is the most dangerous and delicate, time where many elements are in "by-pass" by requirements of the start-up procedure and where the process is more delicate.
SIL | Availability required | Probability of Failure in Demand (1/year) (Low Demand Mode) | Probability of Failure in Demand (1/hour) (High Demand Mode) | Factor of Reduction of Risk |
---|---|---|---|---|
4 | >99.99% | 10-5 to 10-4 | 10-9 to 10-8 | 10.000 to 100.000 |
3 | 99.90- 99.99% | 10-4 to 10-3 | 10-8 to 10-7 | 1.000 to 10.000 |
2 | 90.00- 99.90% | 10-3 to 10-2 | 10-7 to 10-6 | 100 to 1.000 |
1 | 90.00- 99.00% | 10-2 to 10-1 | 10-6 to 10-5 | 10 to 100 |