Table of Contents Table of Contents
Previous Page  24 / 648 Next Page
Information
Show Menu
Previous Page 24 / 648 Next Page
Page Background

Safety and environmental standards for fuel storage sites

Final report

23

35 Systems providing a risk reduction of less than 10 are not in scope of BS EN 61511. They

may, however, still provide a safety function and hence are safety systems and can be a layer of

protection. Such systems should comply with good practice in design and maintenance so far as

is reasonably practicable.

36 Shutdown of product flow to prevent an overfill should not depend solely upon systems or

operators at a remote location. The receiving site should have ultimate control of tank filling by

local systems and valves.

37 The normal fill level, high alarm level and high-high alarm/trip level should be set in compliance

with the guidance on designating tank capacities and operating levels.

38 Tank level instrumentation and information display systems should be of sufficient accuracy

and clarity to ensure safe planning and control of product transfer into tanks.

Application of LOPA to the overflow of an atmospheric tank

39 The dutyholders should review the risk assessment for their installations periodically and take into

account new knowledge concerning hazards and developments in standards. Any improvements

required by standards such as BS EN 61511 should be implemented so far as is reasonably

practicable.

40 LOPA is one of several methods of risk assessment that can be used to facilitate SIL

determination; BS EN 61511 Part 3 provides a summary of the method. Other methods described in

BS EN 61511, eg risk graphs, are equally acceptable for the determination of SIL. Detailed guidance

for the application of LOPA to the overflow of an atmospheric tank is provided in Appendix 2.

Incorporating the findings of SIL assessments into COMAH safety reports

41 The findings of the SIL assessment, using the common methodology, should be included in

the COMAH safety report for the site. This should provide sufficient detail to demonstrate that:

the overall systems for tank filling control are of high integrity, with sufficient independence to

ensure timely and safe shutdown to prevent tank overflow; and

SIS and management systems should be commensurate with the requirements of

BS EN 61511, so far as is reasonably practicable.

Operator responsibilities and human factors

42 Monitoring and control of levels, and protection against overfill, may depend on operators

taking the correct actions at a number of stages in the filling procedure. These actions may

include, but not be limited to:

calculation of spare capacity;

correct valve line up;

cross-checks of valve line up;

manual dipping of tank to check automatic tank gauging (ATG) calibration;

confirmation that the correct tank is receiving the transfer;

monitoring level increase in the correct tank during filling;

checks for no increase in level in static tanks;

closing a valve at the end of a transfer;

response to level alarm high (LAH); and

response to level alarm high-high (LAHH).

1 19 20 21 22 23 24 25 26 27 28 29 30 648 P & I Design Ltd