Table of Contents Table of Contents
Previous Page  22 / 443 Next Page
Information
Show Menu
Previous Page 22 / 443 Next Page
Page Background

Local Fuel – Shoreham Oil Terminal

Safety Requirement Specification

P & I Design Ltd

DOCUMENT NO: LF364005_RPT

2 Reed Street, Thornaby, UK, TS17 7AF

ISSUE:C DATE: 14.08.15

Tel: + 44 (0)1642 617444

PAGE 6 OF 19

Fax: + 44 (0)1642 616447

www.pidesign.co.uk

2.3

Description of Operation

2.3.1 Gasoline Import Operation from Ship

The gasoline pipeline valve is controlled manually. This valve is controlled by the terminal and

ship import operations cannot affect the operation of the valve.

The pipeline valve will be fail safe and will close on the activation of a site ESD. No overrides

are installed. The safe state is with the import valve closed and no flow into any of the gasoline

tanks.

The normal modes of operation are batch filling from a ship.

On detection of any of 4 storage tanks (1, 2, 3 or 4) high high level, fault or power supply

failure, the output is removed to the pipeline valve, resulting in the valve closing.

The valve cannot be re-opened until the high high level, fault or power supply failure are

returned to a healthy state. Then on operation of a momentary reset pushbutton on the tank SIS

panel the SIS system will reset and the valve will be enabled.

There is no requirement to override the SIF to allow the operation of the import into any of the

tanks when one of the level switches has activated or is in fault.

The valve will be opened for each import and closed after the import is complete. This will

provide a form of regular stroke testing.

Each SIF shall be designed as a 1oo1 system for sensor, logic solver and 1oo1 final element

although the import valve is common to all SIFs.

On all the gasoline storage tanks, the methodology used is high level protection by RF type

level switch closing the storage tank import valve prior to the tank overspilling.

Only one tank will be selected for import at any one time.

Common cause failure is not normally an issue with non-redundant sub systems. The valve is

a simple ball valve actuated with a fail closed electro hydraulic spring return actuator.

Surge calculations have been carried out for the terminal to confirm the valve closure time that

could lead to dangerous surge conditions. The actual valve closure times will be controlled to

minimise surge problems.

The Safety Instrument function will operate as a low demand mode system with demands

placed on the system from operations no more frequently than one in 10 years, which is less

than the demand calculated in the LOPA (6.7 x 10

-3

per year).

As the import process is performed on a batch basis, no specific requirements requiring 1oo2,

2oo2 systems or specific requirements regarding nuisance tripping are considered necessary.

An assessment of the human response time to check that on an SIS trip the correct action has

occurred is required to be carried out during commissioning and on the periodic system testing.

1 17 18 19 20 21 22 23 24 25 26 27 28 442-443 P & I Design Ltd