1.4 Layer of Protection

8/13/2019 1.4 Layer of Protection

1/41

1.4 Layer of Protection

DR. AA


2/41


3/41


4/41

Technology - Multiple PIDs, cascade, feedforward,

etc.

Always control unstable variables(Examples )

Always control quicksafety related variables

- Stable variables that tend to change quickly

(Examples?)

Monitor variables that change very slowly

- Corrosion, erosion, build up of materials

Provide safe response to critical instrumentationfailures

- But, we use instrumentation in the BPCS?

1. Basic process Control System (BPCS)

4


5/41

Control Strategy

Feedback Control

Single-loop feedback

Overcoming disturbances

Cascade

Feed forward Ratio

Constraints

Split-range, override/select control

Multivariable

multi-loop

Decoupling

Multivariable control

5


6/41

Typical Control Loop

Controller

F1

T1

T

F

F2

T2

TC

Actuator

System

TT

Sensor

System

6

Major components- Sensor & Transmitter

- Cables

- Controller

- Actuator


7/41

Level Control on a Tank

Fin

LT

Fout

Lsp

LC

Without a cascade levelcontroller, changes in

downstream pressure disturb

the tank level.

Ordinary Feedback Control

Fin

FC

LT

RSP

FT

Fout

Lsp

LC

With cascade level controller, changes

in downstream pressure will be

absorbed by the flow controller before

they can significantly affect tank level

because the flow controller responds

faster to this disturbance than the tank

level process.

Cascade Control

7


8/41

Level Control: Feedback vs feedforward

Make-upWater

To SteamUsers

LT

LC

Feedback-only mustabsorb the variations in

steam usage by feedback

action only.

Make-upWater

To Steam Users

LT

FT

FF

Feedforward-only handle variation

in steam usage but small errors in

metering will eventually empty or

fill the tank.

FeedforwardFeedback

8


9/41

Level Control: Feedforward-Feedback

To SteamUsers

LT

FT FF

LC +

Make-up Water

Combined feedforward and feedback has best

features of both controllers.

9


10/41

Split Range Control: Another Example

FT

FT

FC

FC

Sometimes a single flow control loop cannot provide accurate

flow metering over the full range of operation.

Split range flow control uses two flow controllers One with a small control valve and one with a large control

valve

At low flow rates, the large valve is closed and the small valve

provides accurate flow control.

At large flow rates, both valve are open.

Larger Valve

SignaltoControlValve(%)

Smaller Valve

Total Flowrate

10


11/41

Titration Curve for a Strong Acid-Strong Base

System

0

2

4

6

8

10

12

14

0 0.002 0.004 0.006 0.008 0.01

Base to Acid Ratio

pH

Therefore, for accurate pH control for a wide range of flow rates

for acid wastewater, a split range flow controller for the NaOH is

required.

11


12/41

Override/Select Control

Override/Select control uses LS and HS action tochange which controller is applied to the

manipulated variable.

Override/Select control uses select action to

switch between manipulated variables using the

same control objective.

12


13/41

Furnace Tube Temperature Constraint Control

FT

FC

TT TT

LS TCTC

RSP

FlueGas

Process

FluidFuel

13


14/41

Column Flooding Constraint Control

FT

AC

AT

LSDPC

FC

RSP

Lower value of flowrate is selected to avoid column flooding

14


15/41

T1

Cold

feed

T2

TYTC

Measured value

to PID

controller

Controller

output

>

TY

Selects the

largest of all

inputs

To increase safety when using dangerously high

reactor temperature, use of multiple sensors and

select most conservative value !

15


16/41

Summary of Control Strategies

Feedback Control

Enhancement of single-loop Feedback control

Cascade, split-range, override control

Feedforward and Ratio Control

Computed Control (e.g. reboiler duty, internal reflux etc) Advanced Control

Inferential control

Predictive control

Adaptive control

Multivariable control

16


17/41

Alarm has an anunciator and visualindication

- No action is automated!

- A plant operator must decide.

Digital computer stores a record of recent

alarms

Alarms should catch sensor failures

- But, sensors are used to measure variables

for alarm checking?

2. Alarms that require actions by a Person

17


18/41

Common error is to design too many alarms- Easy to include; simple (perhaps, incorrect) fix to preventrepeat of safety incident

- example: One plant had 17 alarms/h - operator acted on only 8%

Establish and observe clear priority ranking

2. Alarms that require actions by a Person

- HIGH = Hazard to people or equip., action required

- MEDIUM = Loss of RM, close monitoring required

- LOW = investigate when time available

18


19/41

Automatic action usually stops part of plant

operation to achieve safe conditions- Can divert flow to containment or disposal

- Can stop potentially hazardous process, e.g.,

combustion

Capacity of the alternative process must be forworst case

SIS prevents unusual situations

- We must be able to start up and shut down

- Very fast blips might not be significant

Extreme corrective action is required and automated

- More aggressive than process control (BPCS)

Alarm to operator when an SIS takes action

3. Safety Interlock System (SIS)

19


20/41

The automation strategy is usually simple, for example,

If L123 < L123min; then, reduce fuel to zero

steam

water

LC

PC

fuel

How do we

automate this SISwhen PC is adjusting

the valve?

Example

20


21/41

If L123 < L123min; then, reduce fuel to zero

steam

water

LC

PC

fuel

LS s s

fc fc

15 psig

LS = level switch, note that separate sensor is used

s = solenoid valve (open/closed) fc = fail closed

Extra valve with tight shutoff

3. Safety Interlock System

21


22/41

The automation strategy may involve several

variables, any one of which could activate the SIS

If L123 < L123min; or

If T105 > T105max.

then, reduce fuel to zero

SIS

100

L123T105

..

s

Shown as box

in drawing with

details elsewhere

SIS: Another Example

22


23/41

The SIF saves us from hazards, but can shutdown the plant

for false reasons, e.g., instrument failure.

1 out of 1

must indicate

failure

T100s

2 out of 3

must indicatefailure

T100

T101T102

s

False

shutdownFailure on

demand

5 x 10-35 x 10-3

2.5 x 10-6 2.5 x 10-6

Better

performance,

more expensive

SIS: measurement redundancy

Same variable,

multiple sensors!

23


24/41

We desire independent protection layers, withoutcommon-cause failures - Separate systems

sensors

SIS system

i/o i/o.

sensors

Digital control system

i/o i/o.

BPCS and AlarmsSIS and Alarms

associated with SIS

SIS & DCS

24


25/41

4. Safety Relief System

Overpressure Increase in pressure can lead to rupture of vessel or

pipe and release of toxic or flammable material

Underpressure

Also, we must protect against unexpected vacuum!

Relief systems provide an exit path for fluid

Benefits: safety, environmental protection,

equipment protection, reduced insurance,

compliance with governmental code

25


26/41

Entirely self-contained, no external power required

The action is automatic - does not require a person

Usually, goal is to achieve reasonable pressure

- Prevent high (over-) pressure

- Prevent low (under-) pressure

The capacity should be for the worst case

scenario


26


27/41

No external power required -

self actuating - pressure of

process provides needed force!

Valve close when pressure

returns to acceptable value

Relief Valve - liquid systems Safety Valve - gas and vapor

systems including steam

Safety Relief Valve - liquid

and/or vapor systems

Pressure of protected systemcan exceed the set pressure.


Process

27


28/41

I li f l d di h d


29/41

Why is the pressure

indicator provided?

Is it local or remotely

displayed? Why?

What is the advantage of two in series?

Why not have two relief valves (diaphragms) in series?

In some cases, relief valve and diaphragm are used

in series WHY?

29

In some cases relief valve and diaphragm are


30/41

Why is the pressureindicator provided?

If the pressure

increases, the disk

has a leak and should

be replaced.

Is it local or remotely

displayed? Why?

The display is local to

reduce cost, because

we do not have to

respond immediately

to a failed disk - the

situation is not

hazardous.

What is the

advantage of two in

series?

The disc protects the

valve from corrosiveor sticky material.

The valve closes

when the pressure

returns below the

set value.

In some cases, relief valve and diaphragm are

used in seriesWHY?

30

We should also protect against excessive


31/41

This example uses buckling pins

overpressure

underpressure

We should also protect against excessive

vacuum

31


32/41

Location of Relief System

Identify potential for damage due to high (or low)pressure (HAZOP Study)

In general, closed volume with ANY potential for

pressure increase may have exit path that should not be closed but could be

hand valve, control valve (even fail open), blockage of line

Remember, this is the last resort, when all other safetysystems have not been adequate and a fast response is

required!

32


33/41

Flash Drum Example


34/41

LETS CONSIDER A FLASH DRUM

Is this process safe and ready to operate?

Is the design completed?

T5F1

34


35/41

Where could we use BPCS in the flash process?

F1

Basic Process Control System

35


36/41

The level is

unstable; it mustbe controlled.

The pressure will

change quickly and

affect safety; it

must be controlled.

F1

36


37/41

F1

Where could

we use alarms

in the flash process?

Alarms

37


38/41

F1

A low level could

damage the

pump; a high

level could allowliquid in the

vapor line.

The pressure affects

safety, add a high

alarmPAH

LAH

LALToo much light key

could result in a

large economic

lossAAH

38


39/41

F1

Safety Relief System

Add relief to the following system

39

Th d b i l t d ith th t l l li f i


40/41

F1

The drum can be isolated with the control valves; pressure relief is

required.

We would like to recover without shutdown; we select a relief valve.

40


41/41

End of Topic 1.4

1.4 Layer of Protection

Documents

Transcript of 1.4 Layer of Protection