Chemical Technology July 2015

Layers of protection and safety integrity

by Daniel J E Rademeyer, ISHECON, Johannesburg, South Africa

In industry there are hazards which can lead to loss of life and property. To avoid these consequences, it is essential to prevent them from happening in the first place or, as a last resort, mitigate their effects by means of protection. If prevention is included in the term protection, then one may visualise an installation with various layers of protection around it.

T hus, if a hazardous event should occur, it will have to break through the layers of protection before people andproperty couldbeharmed, as illustrated inFigure1. Layers of protection can be achieved by manual actions, by mechanical devices or by instrumentation. The more reli- able each protection layer is and the more of them there are, the more difficult it will be for a hazardous effect to penetrate through to hurt people or damage assets. There- fore the integrity of a protection layer is important, ie, its availability, which is a function of its reliability and maintain- ability. Lately, through modern technology, a lot of emphasis is put on the implementation of instrumented protection, like trips and interlocks, in processes and operations. Independent layers of protection The concept of an Independent Protection Layer (IPL) which is an independent safety system devised to stop the pro- gression of an event to the hazardous state, is used. This can be illustrated by referring to Figure 2 depicting a simple example where an operator has to fill a tank with a corrosive and toxic liquid. If the main hazard identified is pollution, then in this situation the causes could be overfilling of the tank or tank failure, eg, cracking. In this case there are no

layers of protection and pollution is extremely likely. Referring to Figure 3, the following layers of protection can be added: 1. Design integrity, ie, specification of a non-corrosive mate- rial of construction for the tank. 2. Providing the operator with procedures and training to monitor the tank level visually and close the valvewhen full. 3. Provision of a level indicator so that the operator does not need to climb onto the tank to observe the level. 4. Add a level control loop to automatically control the level in the tank avoiding the need for the operator to be in attendance. 5. Add a high level alarm so that whenever the control loop fails, the operator is alerted to take corrective action, eg, close the valve. 6. Add a high level interlock using a high level switch to automatically close an actuated valve, should any of the above protection layers fail. 7. Finally, provide an overflow pipe on the tank and a bund to contain any spillage should any of the above layers of protection fail. It is important that each layer of protection is capable of acting independently of any other protection layer.

10

Chemical Technology • July 2015