Chemical Technology • July 2015

10

Layers of protection

and safety integrity

T

hus, if a hazardous event should occur, it will have to

break through the layers of protection before people

andproperty couldbeharmed, as illustrated inFigure1.

Layers of protection can be achieved by manual actions,

by mechanical devices or by instrumentation. The more reli-

able each protection layer is and the more of them there

are, the more difficult it will be for a hazardous effect to

penetrate through to hurt people or damage assets. There-

fore the integrity of a protection layer is important, ie, its

availability, which is a function of its reliability and maintain-

ability. Lately, through modern technology, a lot of emphasis

is put on the implementation of instrumented protection,

like trips and interlocks, in processes and operations.

Independent layers of protection

The concept of an Independent Protection Layer (IPL) which

is an independent safety system devised to stop the pro-

gression of an event to the hazardous state, is used. This

can be illustrated by referring to Figure 2 depicting a simple

example where an operator has to fill a tank with a corrosive

and toxic liquid. If the main hazard identified is pollution,

then in this situation the causes could be overfilling of the

tank or tank failure, eg, cracking. In this case there are no

layers of protection and pollution is extremely likely.

Referring to Figure 3, the following layers of protection

can be added:

1. Design integrity, ie, specification of a non-corrosive mate-

rial of construction for the tank.

2. Providing the operator with procedures and training to

monitor the tank level visually and close the valvewhen full.

3. Provision of a level indicator so that the operator does not

need to climb onto the tank to observe the level.

4. Add a level control loop to automatically control the level

in the tank avoiding the need for the operator to be in

attendance.

5. Add a high level alarm so that whenever the control loop

fails, the operator is alerted to take corrective action, eg,

close the valve.

6. Add a high level interlock using a high level switch to

automatically close an actuated valve, should any of the

above protection layers fail.

7. Finally, provide an overflow pipe on the tank and a bund

to contain any spillage should any of the above layers of

protection fail.

It is important that each layer of protection is capable of

acting independently of any other protection layer.

In industry there are hazards which can

lead to loss of life and property. To avoid

these consequences, it is essential to

prevent them from happening in the

first place or, as a last resort, mitigate

their effects by means of protection.

If prevention is included in the term

protection, then one may visualise

an installation with various layers of

protection around it.

by Daniel J E Rademeyer, ISHECON, Johannesburg, South Africa