LOPA [Compatibility Mode]

LAYER OF PROTECTION ANALYSIS

Sebuah Risiko…..

Protesha Sinergy – Copyright 2010

Analisis Risiko


Siklus Analisis Risiko System Description Hazard Identification Scenario Identification

Accident Probability

Accident Consequences

Risk Determination

Risk and/or Hazard Acceptance

NO

YES

Build and/or Operate System Protesha Sinergy – Copyright 2010

Modify Design

Aliran Analisis Risiko


Milestone Analisis Risiko

Non-Based Scenario

Based-Scenario


Hazard Scenario

Refer to reactor system shown.

Cooling Coils o o e Monomer Feed Cooling Water to Sewer Cooling Water In

T C

Thermocouple

The reaction is exothermic. exothermic A cooling system is provided to remove the excess energy of reaction. In the event of cooling li function f i is i lost, l the h temperature of reactor would increase. This would lead to an increase in reaction rate leading to additional energy release. The result could be a runaway reaction with pressures exceeding the bursting pressure of the reactor. The temperature within i hi the h reactor is measured and is used to control the cooling water flow rate by a valve. 7


HAZOPS untuk HAZARD Scenario Guide Word

Deviation

Causes

Consequences

Action

NO

No cooling

Cooling water valve malfunction

Temperature increase in reactor

Install high temperature alarm (TAH)

REVERSE

Reverse cooling flow

Failure of water source resulting in backward flow

Less cooling, possible runaway reaction

Install check valve

MORE

More cooling fl flow

Control valve f il failure, operator t fails to take action on alarm

Too much cooling, reactor t cooll

Instruct operators on procedures d

AS WELL AS

Reactor product d iin coils

More pressure in reactor

Off-spec product

Check maintenance i procedures and schedules

OTHER THAN

Another material besides cooling water

Water source contaminated

May be cooling inefffective and effect on the reaction

If less cooling, TAH will detect. If detected, isolate water source. Back up water source? 8


Analisis dalam LOPA


Definisi  A Simplified Si lifi d fform off risk i k assessment which hi h uses order of magnitude categories for initiating event frequency, q y, consequence q severity, y, and the likelihood of failure of independent protection layers (IPLs) to approximate the risk of a scenario.  an analysis tool that typically builds on the information developed during g a qualitative hazard evaluation, such as a process hazard analysis (PHA)

REDUCE FREQUENCY TO ACHIEVE TOLERABLE RISK Sumber : CCPS Protesha Sinergy – Copyright 2010

Risk of Scenario


Tahapan dalam LOPA 1. Pengidentifikasi dan pendefinisian skenario 2.. Penentuan e e tua skenario ske a o insiden s de 3. Identifikasi “Initiating Event” 4 P 4. Pengidentifikasian id tifik i penyebab b b (I (Initiating iti ti E Event) t) dan penentuan “Initiating Event Frequency” 5 P 5. Pengidentifikasian id tifik i “Protection “P t ti Layer” L ”d dan penentuan “Probability Failure on Demand (PFD) (PFD)” 6. Penentuan “Risk Frequency”


Konsep dasar LOPA Intiating Event (Cause)

Enabling Events & Condition

Conditional Modifier (Condiitional Influence)

Diagram alir skenario Independent Protection Layer (IPL)

Consequence

1. Initiating Event : Penyebab tunggal pada suatu skenario yang berujung pada terjadinya konsekuensi yang tidak dii diinguinkan i k 2. Enabling Event & Condition : Penyebab lanjutan yang dipicu oleh I iti ti Event Initiating E t 3. Conditional Modifier : Kemungkinan dampak tambahan yang memperparah konsek ensi konsekuensi (Probability of ignition, Probability of fatal injury, etc) Protesha Sinergy – Copyright 2010

Konsep dasar LOPA Initiating Event

IPL1

IPL2

Preventive F Feature

Preventive F Feature

Success Initiating Event

IPL3

Mitigated Risk = reduced frequency * same consequence S Scenario i Consequence

Preventive F Feature Safe Outcome

Success

Safe Outcome Success

Failure Failure Failure

Diagram alir cara kerja IPL

Safe Outcome

Consequences exceeding criteria

Key: Thickness of arrow represents frequency of the consequence if later IPLs are not successful


Impact Event

frequency

Analisis Konsekuensi Guide Word

Deviation

Causes

Consequences

Action

NO

No cooling

Cooling water valve malfunction

Temperature increase in reactor

Install high temperature alarm (TAH)

REVERSE

Reverse cooling flow

Failure of water source resulting in backward flow

Less cooling, possible runaway reaction

Install check valve

MORE

More cooling fl flow

Control valve f il failure, operator t fails to take action on alarm

Too much cooling, reactor t cooll

Instruct operators on procedures d

AS WELL AS

Reactor product d iin coils

More pressure in reactor

Off-spec product

Check maintenance i procedures and schedules

OTHER THAN

Another material besides cooling water

Water source contaminated

May be cooling inefffective and effect on the reaction

If less cooling, TAH will detect. If detected, isolate water source. Back up water source? 15


Analisis Konsekuensi Metode analisis konsekuensi yang sering di pakai dalam LOPA 1 Category 1. C A Approach h without ih di direct reference f to h human h harm 2. Qualitative estimates with human harm 3. Qualitative estimates with human harm with adjustments for postrelease probabilities 4 Quantitative estimates with human harm 4. 5. Overall cost resulting from potential incident (e.g., capital losses, production losses etc.)


Analisis Konsekuensi 1. Category Approach without direct reference to human harm  Fokus pada upaya pencegahan daripada mitigasi  Tidak menggunakan ukuran “human injury/fatality”  Menggunakan matrix untuk masing-masing kategori


Analisis Konsekuensi 2 Qualitative estimates with human harm 2.  Fokus pada dampak yang diderita noleh manusia  Hasil perhitungan risiko dapat dibandingkan secara langsung dengan Risk Tolerance Criteria


Analisis Konsekuensi 3. Qualitative estimates with human harm with adjustments for postrelease probabilities  Serupa dengan metode no. no 2, namun penekanannya lebih pada setelah penyebab terjadi (misal : release-nya bahan kimia)  Memperthitungkan : Probabilitas kejadian yang menjadi penyebab, probabilitas manusia yang ada disekitarnya, probabilitas terjadinya i j /f t lit injury/fatality


Analisis Initiating Event Untuk menentukan suatu penyebab (Initiating Event) dalam skenario selalu didahului pertanyaan :  What is the likelihood of the undesired event in the scenario ?  What Wh t iis th the risk i k associatedwith i t d ith thi this scenario i ?  Are there sufficient risk mitigation measures ?


Analisis Initiating Event Jenis jenis penyebab (Type of Initiating Event) Jenis-jenis Jenis kejadian

Contoh

Kegagalan bersifat mekanis (Mechanical failures)

Korosi, Vibrasi, Erosi, Fracture, PSV stuck open, fabrication defect, brittle, gas/seal/flange bocor

Kegagalan karena sistem pengendali (Control System Failures)

Sensor/Logic/Control Element Failures, Wiring failures, Software crashes, Interface blocked

Kegagalan karena sistem penunjang (Utility Failures)

Power failures, Cooling System failure, Instrument air system failure

Kegagalan karena bencana alam (Natural external events)

Gempa bumi, Tornado, Banjir, Petir

Kegagalan egaga a karena a e a kondisi o d s eksternal e ste a

Pabrik ab tetangga teta gga failure, a u e, d ditabrak tab a kendaraan

Kegagalan karena ketidakmampuan kondisi manusia (Human Failures)

Operational Error, Maintenance Error, Response Error


Analisis Initiating Event Sumber data untuk menentukan Initiating Event Frequency diperoleh dari : 1. Data Industri (biasanya dari lembaga eksternal - contoh : OREDA)) 2. Pengalaman Perusahaan 3 Data 3. D t vendor d (d (data t ddarii pembuat b t alat) l t)


Analisis Independent Protection Layer (IPL) IPL : Sistem/Alat/Aktifitas Si /Al /Ak ifi yang b bertujuan j mencegah h (preventing) atau memindahkan (mitigate) penyebab ((initiating g event)) agar g tidak menjadi j dampak p yang y g tak diharapkan (the undesired consequences) Tipe-tipe p p yyang g tergolong g g IPL : • Process Design (Inherently Safer Design) • Basic Process Control System • Critical C i i l Al Alarm and dH Human IIntervention i • Safety Instrumented System • Physical y Protection • Post-release Protection • Plant Emergency Response • Community Emergency Response Protesha Sinergy – Copyright 2010

Analisis Independent Protection Layer (IPL) COMMUNITY EMERGENCY RESPONSE

PLANT EMERGENCY RESPONSE

MITIGATION Mechanical Mitigation Systems Fire and Gas Systems

PREVENTION Safety Critical Process Alarms

Safety Instrumented Systems

Basic Process Control Systems Non-safety Process alarms Operator Supervision Process Design


Analisis Independent Protection Layer (IPL) Agar suatu sistem/alat/tindakan (safeguard) dapat dipertimbangkan sebagai IPL maka harus memenuhi : • Efektif dalam mencegah agar tidak terjadi dampak ketika berfungsi  Dapat men-detect penyebab  Dapat D men-decide d id tindakan i d k yang akan k dilakukan dil k k  Dapat men-deflect dampak supaya tidak muncul • Independent p dari p penyebab y (Initiating ( g Event)) dan komponen p IPL lainnya untuk skenario yang sama • Auditable dalam hal tingkat efektifannya dalam mencegah dampak, p , terutama dalam hal PFD

Apabila p seluruh IPL dipengaruhi p g oleh Common-Cause Scenario, maka seluruh IPL tersebut dianggap IPL tunggal Protesha Sinergy – Copyright 2010

Analisis Independent Protection Layer (IPL) P Process Design D i Umumnya ada 2 hal yang terkait dalam Inherently Safer Design dalam IPL IPL-Process Process Design • Eliminasi dengan menggunakan metode Inherently Safer g Design • Memberikan angka non-zero PFD pada langkah Inherently safer Design yang lain Nilai PFD Inherently (CCPS,2001)


Analisis Independent Protection Layer (IPL) BPCS adalah sistem yang memonitor, mengendalikan dan mempertahankan proses dalam rentang operasional yyangg aman

Komponen-komponen Komponen komponen sederhana dari Loop BPCS

BPCS memiliki 3 fungsi safety terkait dengan IPL 1.

Continuous Control Actions - mempertahankan process dalam rentang operasional yang aman (level controller)

2.

Actions Alarm - Adanya Logic Solver/Alarm trips : mempertahankan process dalam rentang operasional normal dan alarm untuk operator

3.

Return process to stable state - Adanya Logic Solver/ Control relay : secara otomatis mengembalikan proses kepada keadaan yang aman


Analisis Independent Protection Layer (IPL) BPCS Failure Rate Data (CCPS, 2001)

PFD dalam BPCS dipengaruhi p g oleh : • Adequacy of security and access procedures - terkait dengan manusia • Level of redundancy - terkait dengan back-up system • Historic failure rate - terkait dengan latar belakang terjadinya terjadin a kerusakan/kegagalan • Effective test rate - terkait dengan test •

Other factors - Other factors to be considered include design design, manufacture manufacture, installation and maintenance. Protesha Sinergy – Copyright 2010

Analisis Independent Protection Layer (IPL) C i i l Alarm Critical Al and d Human H Intervention I i (CAHI)

PFD dalam da a CAHI C d dipengaruhi pe ga u o oleh e : • Detection - Saat alarm berbunyi • Decision - Saat response • Action A ti - Saat S t tindakan ti d k dilakukan dil k k


Analisis Independent Protection Layer (IPL) SIS adalah Safeguard/IPL yang terdiri atas sensor, logic solver, dan final element Fungsinya adalah “hanya” hanya membawa kondisi operasi ke “Safe Safe State” State Dikenal dengan berbagai nama : Safety Interlock System, Emergency Shut-down System, dll PFD dalam SIS dikenal pula sebagai RRF (Risk Reduction Factor) dan secara International Standard (IEC 61511) dikategorikan dalam Safety Integrity Level (SIL)


Analisis Independent Protection Layer (IPL) PFD dalam SIL


Analisis Independent Protection Layer (IPL) Physical Protection  Relief Valve  Rupture R Disc Di PFD untuk Physical Protection


Analisis Independent Protection Layer (IPL) Physical Protection Faktor yang mempengaruhi nilai PFD  Sizing alat  Design  Instalasi I l i  Kualitas Inspeksi  Kualitas Perawatan  Kebersihan cairan proses


Analisis Independent Protection Layer (IPL) Post-Release Protection  Blast Wall  Dike Dik PFD untuk Post-Release Protection


Studi Kasus - 1


Format tabel LOPA 1

2

3

4

5

6

7

8

9

Additional mitigation (safety valves, dykes, restricted access, etc.)

Mitigated event likelihood

10

Protection Layers #

Initial Event Description

Initiating cause

Likelihood = X

Cause likelihood

Process design

BPCS

Alarm

SIS

Probability of failure on demand = Yi

Mitigated likelihood = (X)(Y1)(Y 2)  (Yn)


Notes

Kasus 1: Flash drum for “rough” component separation for this proposed design. cascade

PAH

Split p range g

Feed Methane Ethane (LK) Propane Butane Pentane

T1

PC-1

T5

T2

LAL LAH

FC-1

F2

TC-6

Vapor product

T3

LC-1

F3 AC-1 Process fluid

Steam

L. Key


Liquid Li id product

Kasus 1: Flash drum for “rough” component separation. Complete the table with your best estimates of values. 1

2

3

4

5

6

7

8

9

10

Protection Layers #

Initial E t Event Description

Initiating cause

1

High g pressure

Connection (tap) for pressure sensor P1 becomes plugged

Cause lik lih d likelihood

Process d i design

BPCS

Alarm

SIS

Additional mitigation iti ti (safety valves, dykes, restricted access, etc.)

Mitigated eventt likelihood

Notes

Pressure sensor does not measure the drum pressure

Assume that the target mitigated likelihood = 10-5 event/year Protesha Sinergy – Copyright 2010

Kasus 1: Some observations about the design.

•

The drum pressure controller uses only one sensor; when it fails, the pressure is not controlled.

•

The same sensor is used for control and alarming. Therefore, the alarm provides no additional protection f this for thi initiating i iti ti cause.

•

No safety valve is provided (which is a serious design flaw). flaw)

•

No SIS is provided for the system. (No SIS would be provided for a typical design.)


Kasus 1: Solution using initial design and typical published values. 1

2

3

4

5

6

7

8

9

10

Protection Layers #


Initiating cause

Cause likelihood

Process design

BPCS

Alarm

SIS

1

High pressure


0.10

0.10

1.

1.0

1.0

Additional mitigation (safety valves, dykes dykes, restricted access, etc.) 1.0


Notes

.01


Much too high! We must make improvements to the design.


Kasus 1: Solution using enhanced design and typical published values. 1

2

3

4

5

6

7

8

9

10

Protection Layers #


Initiating cause

Cause likelihood

Process design

BPCS

Alarm

SIS

1

High pressure


0.10

0.10

1.0

0.10

1.0

Additional mitigation (safety valves, dykes, restricted access, etc.) PRV 0.01


Notes

.00001


Enhanced design includes separate P sensor for alarm and a pressure relief valve.

The enhanced design achieves the target mitigated likelihood.

Sketch on process drawing.

Verify table entries.


The PRV must exhaust to a separation (k k t) (knock-out) drum and fuel or flare system.

Studi Kasus - 2


Scenario The two-phase separator V 180 is under level control (Level control LC 213). In case of high high liquid level, the level switch LSHH 214 would close emergency shutdown valve ESDV 172 and shutdown compressor C 130 downstream of V 180. This is to prevent carrying liquid over to the compressor leading to compressor damage. Protesha Sinergy – Copyright 2010

Hasil PHA (HAZOPs)


Analisis LOPA


Analisis LOPA


Evaluasi Risiko


Terima Kasih


LOPA [Compatibility Mode]

Recommend Documents