Table of Contents Table of Contents
Previous Page  116 / 648 Next Page
Information
Show Menu
Previous Page 116 / 648 Next Page
Page Background

Safety and environmental standards for fuel storage sites

Final report

114

Figure 25

Demand tree illustration

165 The tree is developed to a level of detail at which the initiating events (demand failures) can

have some frequency assigned to them.

166 It is very important that protective measures do not appear on the demand tree. This has at

least three benefits: (a) there is clarity of thinking without the complication of worrying about the

protective measures, (b) you get a smaller diagram and (c) it helps you to consider the causal

failures on a wider basis and may include some for which there are no protective measures.

Next stages

167 Having identified a number of initiating events, the demand tree can be used as an input to

other analysis techniques to carry out a more detailed risk assessment. This further stage would

typically use either a fault-tree analysis or a layer of protection analysis (so long as the LOPA

methodology used has sufficient flexibility to treat each cause separately and then combine them

when assessing the frequency of the hazardous event).

Annex 4 Discussion of ‘time at risk’

168 The concept of ‘time at risk’ is used to account for periodic, discontinuous, operations. Where

operations are essentially continuous, the hazards associated with the operation will be present

continuously. In contrast, where operations are carried out as batch operations, the hazards

associated with the batch operation will only be present while the batch is being carried out.

High liquid level

in the separator

allowing flow into

the vapour line

Start-up

Normal operation

Shut down

Develop further

Failure of level sensor

LT245 reading low

Failure of control

valve LCV245 closed

Manual

operation

Frequency of manual

control and loss

of attention

Other loss of control

from manual

intervention

Spurious operation

of low-level trip

Real demand on trip,

causing closure of

trip valve

Develop further

looking at sources

of demand on this

function

Develop further

Failure of level

control loop

LC245 causing

the control valve

LCV245 to close

Closure of trip valve

XV246

Develop further

Closure of valve of

other stoppage of

flow downstream

from LCV245

Failure of level

controller LICA245

with low output

1 111 112 113 114 115 116 117 118 119 120 121 122 648 P & I Design Ltd