Design Considerations for High-Risk Offshore Safety Systems

Abstract

ABSTRACT A review of the conceptual aspects involved in the design of offshore safety systems is presented. The statistical nature of safety is addressed along with discussions of acceptable and target risk, hazard and demand rates. The use of quantitative system analysis and reliability engineering techniques is stressed, rather than relying on subjective, intuitive decisions. The pros and cons of various technologies, ranging from pneumatic, relay, solid state and microprocessor based systems, are discussed. INTRODUCTION Major incidents such as offshore and onshore disasters, oil spills, as well as concerns over pollution, have heightened the public awareness of the risks posed by industrial installations and are serving to fuel public and political debate. Safety Systems are designed to respond to conditions of the plant, which may be hazardous in themselves, or if no action were taken could eventually give rise to a hazard, and to generate the correct outputs to mitigate the hazardous consequences or prevent the hazard.1 Historically, safety systems offshore were usually pneumatic and totally independent of the process control system. With the advent of electronic control systems, however, this situation is rapidly changing. There are a number of industry groups which are currently in the process of writing guidelines and standards for the design of these systems.2–4 This is a difficult task because not only are there a number of different technologies and configurations available, but there is little agreement between individuals and companies on such basic issues as separation of process and safety systems, how to measure risk, how to measure safety system performance, and how to determine which system is appropriate for the application in question. Regulatory practices and controls are not yet standardized or applicable in all countries, yet in the event of a major catastrophe the designers may have to demonstrate in a court of law the basis, or the lack thereof, for their decisions relating to the safety systems.5 The principles outlined in this paper emphasize:The performance of safety systems should be related to process hazard and demand rates as determined by systems analysis techniques.Reliability engineering practices should be utilized instead of relying on subjective or intuitive decisions.Frequent, automatic testing and fault diagnostics of the complete system are required in order to reduce unavailability due to hidden faults. SEPARATION OF PROCESS AND SAFETY CONTROL SYSTEMS Safety begins with the decision to start a project and continues through design, implementation and operation.6 Offshore platforms require protection against events that might cause damage to personnel, capital equipment, production and the environment.7 One of the most basic decisions is whether the safety system be should separate from the process control system. Many users are under pressure to incorporate safety interlock, emergency shutdown, and fire and gas detection into a single distributed control system (DCS). The reasons put forth are cost savings and a single source of supply. This practice is not recommended as it is contrary to practices for high risk projects and may be exposing users to an "unacceptable" level of risk.