443548 Voting Architectures to Meet Safety Integrity Levels Challenges and Considerations

Wednesday, April 13, 2016: 9:35 AM
Grand Ballroom BC (Hilton Americas - Houston)
Menno van der Bij, Technip, Zoetermeer, Netherlands

This paper addresses the challenges and considerations for implementation of safety instrumented systems for ethylene cracking furnaces.

To ensure stable operation, many process variables are continuously controlled from a distributed control system (DCS). To ensure that safe operation is maintained, a safety instrumented system (SIS) is implemented to prevent operation outside the design constraints of the cracking furnace.

The first challenge is selecting measurement principles and sensors that can effectively measure the process variable under all process and environmental conditions.

Once a suitable measurement principle is selected, "independence" between the control and safety functions shall be achieved. This would not only require independent instruments, but also segregation between impulse lines and, if applicable, trace heating.

When we can improve the reliability of our control functions we can reduce the demands on our safety system. Under very specific conditions as defined in the standards, we can share instruments for both control and safety functions and still achieve the required safety integrity level (SIL).

The selected measurement principle might be perfect for control, but not suitable for a safety function when voting architectures (i.e. more than one instrument) are required. By careful evaluation of the applications we can make a choice between diversity and / or redundancy.

From safety point of view a high reliability of the SIS is required, but at the same time high availability shall be maintained to prevent spurious trips. These may be conflicting objectives when selecting voting architectures e.g. for ESD valves. Reducing the number of valves by employing partial stroke testing sounds attractive, but we may introduce a false sense of safety.

When selecting the optimum voting architecture considerations shall be given to the ALARP model observing personal safety, environmental consequences and asset losses.

Among others, examples will be provided for LL dilution steam and feed flow trips.


Extended Abstract: File Uploaded
See more of this Session: Ethylene Unit Safety Session
See more of this Group/Topical: Topical 4: The 28th Ethylene Producers’ Conference