3. Redesign the process to make the hazard development slower

4. Redesign the process to eliminate the hazard or to incorporate additional

Independent Protection Layers (and bring the risk to a tolerable level)

5. Prevent the hazard (reduce the risk) by mechanical locking of valves

6. Design an Inhibit SIF

3.1

Review whether the optimum SIF has been specified

In some cases, the SIF designed is not the only possible solution, and from a required

response time viewpoint, is not the optimum. It might well be logical that a high pressure

scenario should be prevented by a PSHH (high pressure trip). But by their nature, pressure

increases are often fast, and therefore the process safety time will be short. In the case of

gas blowby hazards, where a vessel with a gas/liquid interface is allowed to drain so that

high pressure gas passes to systems rated for low pressure liquid, the best solution for the

SIF may well be a LSLL (low liquid level trip), rather than a high pressure trip downstream.

Some companies identify “candidate SIFs” at the time of SIL assessment, while others prefer

an approach where the SIF is not yet designed. It’s important that the responsible party for

the production of the SRS understands the hazard well, the issues of speed of hazard

development, and alternative designs. The purpose of a SIL assessment is not to design

solutions, but in particularly difficult cases such as these, some guidance should be noted, or

actions assigned to ensure that an appropriate solution is designed.

3.2

Review/optimise the parameters used for the Process Safety time calculation

This paper recommends that clear terms of reference are defined for Process Safety Time

calculations. Assigning a task to the Process department to calculate the PST without clear

parameters has been shown to yield inconsistent results.

Relatively complex dynamic process modelling needed for overpressure scenarios needs to

be set-up in terms of the process state and response from other equipment or systems.

IEC61511-1 defines the Process Safety Time as the time to the occurrence of the hazardous

event, but at what overpressure do we consider this to be? We could consider any of the

following criteria:

• Exceed design Pressure

• Prevent relief valve operation

• Exceed Design pressure +15%

• Exceed test pressure (not recommended)

Furthermore, the PST modelling should generally be based on worst case levels in vessels

or other process conditions that would make the hazard development faster (e.g. if a control

valve fail open is the cause, assume failed to 100% open). No “help” should be modelled

from process control functions or relief valves. The PST should represent the maximum time

in which the SIF needs to operate independently of other protection layers to prevent the

hazard.

So then, how can the PST modelling be optimised? A number of factors may be considered,

or conservative assumptions adjusted, including: