![Show Menu](styles/mobile-menu.png)
![Page Background](./../common/page-substrates/page0029.jpg)
Simon Storage Ltd – Immingham East Terminal
Gasoline Import – Layers of Protection Analysis
P & I Design Ltd
DOCUMENT NO: SI057001_RPT
2 Reed Street, Thornaby, UK, TS17 7AF
ISSUE: G DATE: 29.06.12
Tel: + 44 (0)1642 617444
PAGE 29 OF 34
Fax: + 44 (0)1642 616447
www.pidesign.co.uk5.3.3 Independent Protection Layers (Ref. PSLG Guidelines, Clauses 78-86)
Protection layers are totally independent, effective and auditable.
Protection Layer 1
BPCS with Level Indication and alarms monitored by Operator
A VTW (SCADA) system enables the operator to view the tank levels.
ATG Alarms
Topping off alert
Normal fill alert
High Level Alarm
The normal fill level and high alarms are software derived from the VTW. The alarms are
audible within the control room and transmitted by radio.
This is primarily the function of the shift supervisor & No. 1 operator. The credit taken for
the layer above is calculated as:
((1-PFD(sys) x (PFD(Operator)) + PFD(sys)
i.e. ((1 - 0.1) x (0.1 )) + 0.1 = 0.19
Experience from other sites for modern Control Systems suggests reliability data much
better than 1 in 10 years.
Note 1: Reliability Data for VTW/BPCS
The LOPA uses an order of magnitude 0.1 PFD for the level and control system. This is the
maximum that can be taken for a non SIS system not designed to BS EN 61511. However,
this is a modern control system which will be designed with a significant amount of
diagnostics utilising modern process control instrumentation.
The credit taken for the layer above is taken as 0.19
The protection layer is auditable via the site maintenance records for failures of level
measuring devices and associated SCADA systems. The level monitoring function of the
control system includes the ATG, VTW and Radio Alarms.
Protection Layer 2
High High Level alarm and automatic closure of import valves
Mid Range SIL 2 SIS
The actual credit available from the SIS is calculated as: 2.5 x 10
-3
. See SIS Design Report
SI277001_RPT. The protection layer will be auditable via the SIS maintenance and testing
records.
It is considered that this Protection Layer can be used for all initiating events as all of the
gasoline tanks are protected by individual tank-side valves that will close on activation of
the level switch on that particular tank. Within the scope of this LOPA, a gross misrouting
of gasoline into any other tanks on the terminal has not been considered.
Protection Layer 3
Cross Check: Quantities transferred from ship is compared to total quantity imported to the
tank.
Probability that cross check by the sender of what has been exported from the ship compared
to what has been received in the tank send fails = 0.1
The protection layer is auditable via the movement transfer records.