Table of Contents Table of Contents
Previous Page  131 / 648 Next Page
Information
Show Menu
Previous Page 131 / 648 Next Page
Page Background

Safety and environmental standards for fuel storage sites

Final report

129

Appendix 4 Guidance on automatic

overfill protection systems for bulk

gasoline storage tanks

Introduction

1 This appendix provides guidance on good practice on overfill protection for new and existing

in-scope tanks. It covers the design, implementation, lifecycle management, maintenance and

proof testing for an automatic system on tank overfill protection to achieve the required SIL in

compliance with BS EN 61511 so far as is reasonably practicable. It includes annexes on PFD

calculations, hardware reliability, configuration requirements for fault tolerance and redundancy.

2 The following items are not covered:

mechanical integrity of pipelines and delivery systems;

the effects of automatic shutdown on continuous processes;

the integrity of manual response to alarms where automatic shutdown is not provided.

3 This guidance is not intended to replace BS EN 61511 but supplement it specifically in relation

to tank overfill protection SIS (safety instrumented system). It does not cover all the requirements

of BS EN 61511. Where guidance is not given on any requirement such as protection against

systematic failures then reference should be made to the standard.

Standards of overfill protection

4 Paragraphs 70–77 in the main report set out the overall requirement for overfill protection.

Tanks meeting the criteria in paragraph 24 of the main report should be provided with a high

integrity overfill prevention system that, as a minimum, provides a level of SIL 1 as defined in

BS EN 61511-1. To reduce risk as low as reasonably practicable the overfill prevention system

should preferably be automatic and should be physically and electrically separate from the tank

gauging system.

Detailed design requirements

5 The following specific requirements from BS EN 61511 should all be complied with:

the design must meet the safety requirement specification;

the system architecture must meet the hardware fault tolerance requirements for the specified

SIL (see Annexes 1 and 2);

the overall PFD of the safety instrumented function design must meet the PFD as determined

by the risk assessment (see Annex 3);

subsystems should meet the general requirements of BS EN 61511 section 11.5.2 and

section 12 for programmable subsystems.

1 126 127 128 129 130 131 132 133 134 135 136 137 648 P & I Design Ltd