Table of Contents Table of Contents
Previous Page  30 / 648 Next Page
Information
Show Menu
Previous Page 30 / 648 Next Page
Page Background

Safety and environmental standards for fuel storage sites

Final report

29

74 A high integrity overfill prevention system should, as a minimum, provide a level of SIL 1 as

defined in BS EN 61511-1. To reduce risk as low as reasonably practicable the overfill prevention

system should preferably be automatic and should be physically and electrically separate from the

tank gauging system. Automatic overfill prevention may include, but not be restricted to, measures

such as automatic shutdown of the supply line or automatic diversion of the flow to another tank.

75 Where the installation of such an independent automatic overfill prevention system at an

existing tank is demonstrated to give rise to other more serious safety or environmental risks

elsewhere then other alternative measures may be adopted to achieve the same ALARP outcome.

76 Dutyholders will need to prepare a robust demonstration that alternative measures are

capable of achieving an equivalent ALARP outcome to an overfill prevention system that is

automatic and physically and electrically separate from the tank gauging system.

77 Alternative measures:

should include an overfill prevention system to at least BS EN 61511-1 SIL 1, combined with

other measures to provide high integrity and reliability; and

those that include an operator(s) as part of the overfill prevention system should demonstrate

that the reliability and availability of the operator(s) can be adequately supported to undertake

the necessary control actions to prevent an overfill without compromising the ALARP

outcome. Operator involvement should be properly managed, monitored, audited and

reviewed on an ongoing basis. It is unlikely that an operator can be included in an overfill

prevention system rated above SIL 1 as defined in BS EN 61511-1.

Proof testing

78 Appendix 4 paragraphs 23–33 give guidance on proof testing of overfill protection systems in

accordance with BS EN 61511-1.

Tank overfill prevention: Defining tank capacity

79 To prevent an overflow, tanks should have headspace margins that enable the filling line to

be closed off in time. The set points of high level trips and alarms requiring operator action should

allow sufficient time for the action to be taken to deal with the developing situation.

Overfill level (maximum capacity)

80 A vital element of any system to prevent overfilling of a storage tank is a clear definition of

the maximum capacity of the vessel. This is the maximum level consistent with avoiding loss of

containment (overfilling or overflow) or damage to the tank structure (eg due to collision between

an internal floating roof and other structures within the tank, or for some fluids, overstressing due

to hydrostatic loading).

Tank rated capacity

81 Having established the overfill level (maximum capacity), it is then necessary to specify a

level below this that will allow time for any action necessary to prevent the maximum from being

reached/exceeded. This is termed the ‘tank rated capacity’, which will be lower than the actual

physical maximum. Reference should be made to Appendix 3, ‘Guidance on defining tank

capacity’ for a definition of these terms.

82 The required separation between the maximum capacity and the tank rated capacity is a function

of the time needed to detect and respond to an unintended increase in level beyond the tank rated

capacity. The response in this case may require the use of alternative controls, eg manual valves, which

are less accessible or otherwise require longer time to operate than the normal method of isolation.

1 25 26 27 28 29 30 31 32 33 34 35 36 648 P & I Design Ltd