Process plant shutdown systems

Last updated February 01, 2024

A process plant shutdown system is a functional safety countermeasure crucial in any hazardous process plant such as oil and gas production plants and oil refineries. The concept also applies to non-process facilities such as nuclear plants. These systems are used to protect people, assets, and the environment when process conditions get out of the safe design envelope the equipment was designed for.

Although functionally separate, process control and shutdown systems are usually interfaced under one system, called an integrated control and safety system (ICSS). Shutdown systems typically use equipment that is SIL 2 certified as a minimum, whereas control systems can start with SIL 1. SIL applies to both hardware and software requirements such as cards, processors redundancy and voting functions.

Types

There are two main types of industrial safety systems in process industry:^[1]

Process safety system (PSS) or process shutdown system (PSD).
Safety shutdown system (SSS) or emergency shutdown (ESD), which usually entails activation of an emergency depressurization (EDP) or emergency blowdown system.

Process shutdown (PSD)

An automatic PSD typically isolates the system by shutdown isolation valves, thus bringing it to a safe state before the process parameters, such as level, temperature or pressure, exit the system safe design envelope. Its inputs are critical process signals from the likes of pressure and temperature transmitters, which must be separate from those used for process control. This separation provides redundancy and reliability.

Emergency shutdown (ESD)

These systems may also be redefined in terms of ESD/EDP levels as:

ESD level 1: In charge of general plant area shutdown, will also activate ESD level 2 if necessary. This level can only be activated from the main control room.
ESD level 2: This level shuts down and isolates individual ESD zones and may activate if necessary EDP.
ESD level 3: provides fluid containment by closing shutdown isolation valves or emergency shutdown valves (ESDVs).

The safety shutdown system shall shut down the facilities to a safe state in case of an emergency situation, thus protecting personnel, the environment and the asset. The safety shutdown system shall manage all inputs and outputs relative to emergency shutdown (ESD) functions (environment and personnel protection). Inputs include for example manual activation and signals from the fire and gas system (FGS). Apart from the actuation of shutdown valves and blowdown valves, outputs include isolation of electrical sources, power shutdown, activation of fire pumps, etc. ESD is usually activated when a loss of containment and/or a fire is detected, although it may be activated at any time the plant operators feel it is necessary to preserve life, assets and the environment.

Fire and gas system (FGS)

The main objectives of the fire and gas system are to:

Detect at an early stage the presence of flammable gas using gas detectors.
Detect at an early stage hazardous liquid spills.
Detect incipient fire and the presence of fire using fire detectors.
Provide automatic and/or facilities for manual activation of the fire protection system as required.
Transmitting input to the ESD system for it to initiate appropriate automatic actions.

Emergency depressurization (EDP)

Emergency depressurization, or blowdown, is an important system for safeguarding process plant in the event of an emergency. Equipment such as pressure vessels exposed to fire could undergo catastrophic failure leading to an uncontrolled loss of containment. Depressurization reduces potential failure by removing inventory from the plant thereby decreasing the internal mechanical stresses and extending the plant’s integrity at elevated temperatures.^[2] Its function is distinct from that of pressure relief valves, which are passive devices opening if pressure reaches a value above the process safety trip, but still below the design pressure of the equipment. Relief valves complement the PSD.

A process plant is typically divided into isolatable sections by emergency shutdown valves (ESDVs). Each section may be designated as belonging to a fire zone that is depressurized by a dedicated blowdown valve (BDV) or set of BDVs. During ESD conditions, the depressurization of only specific isolatable sections is undertaken. However, during more widespread emergency circumstances, the whole facility may be depressurized.^[2]

In a typical depressurization system, the goal is typically reduce the pressure in the plant to less than 50% of the design pressure or to 7 barg, whichever is lower, within 15 minutes.^[2]

Disposal of blowdown fluids is generally to flare systems or, if safe to do so, non-fired blowdown drums. Blowdown may be strategically delayed by fire zone to shave peak flow and allow the flare to deal with the incoming gas. This is generally referred to as a staggered blowdown.

Depressurization facility Blowdown.jpg — Depressurization facility

A depressurization system comprises an actuated valve and a restriction orifice. The BDV valve is normally held in the closed position but opens on demand or on failure of the actuator. A restriction orifice (RO) downstream of the BDV is sized to achieve the desired blowdown rate. A locked-open valve may be located downstream of the orifice. The valve, in the closed position, allows the functionality of the BDV to be tested without depressurizing that section of the plant.^[3]

Notes

↑ Most of this article is summarized from some Yemen LNG documentation on safety systems, No. YE-001-30-POC-JBS-25300 and YE-001-30-POC-JBS-25200.
1 2 3 Dole, R (December 2013). "Design a staggered depressurization sequence for flare systems". Hydrocarbon Processing. 92 (12): 57, 58, 60.
↑ Piping and Instrumentation Diagrams, various plants

This engineering-related article is a stub. You can help Wikipedia by expanding it.

Related Research Articles

Safety engineering is an engineering discipline which assures that engineered systems provide acceptable levels of safety. It is strongly related to industrial engineering/systems engineering, and the subset system safety engineering. Safety engineering assures that a life-critical system behaves as needed, even when components fail.

A valve is a device or natural object that regulates, directs or controls the flow of a fluid by opening, closing, or partially obstructing various passageways. Valves are technically fittings, but are usually discussed as a separate category. In an open valve, fluid flows in a direction from higher pressure to lower pressure. The word is derived from the Latin valva, the moving part of a door, in turn from volvere, to turn, roll.

In engineering, a fail-safe is a design feature or practice that, in the event of a failure of the design feature, inherently responds in a way that will cause minimal or no harm to other equipment, to the environment or to people. Unlike inherent safety to a particular hazard, a system being "fail-safe" does not mean that failure is impossible or improbable, but rather that the system's design prevents or mitigates unsafe consequences of the system's failure. That is, if and when a "fail-safe" system fails, it remains at least as safe as it was before the failure. Since many types of failure are possible, failure mode and effects analysis is used to examine failure situations and recommend safety design and procedures.

<span class="mw-page-title-main">Nuclear meltdown</span> Reactor accident due to core overheating

A nuclear meltdown is a severe nuclear reactor accident that results in core damage from overheating. The term nuclear meltdown is not officially defined by the International Atomic Energy Agency or by the United States Nuclear Regulatory Commission. It has been defined to mean the accidental melting of the core of a nuclear reactor, however, and is in common usage a reference to the core's either complete or partial collapse.

A boiler is a closed vessel in which fluid is heated. The fluid does not necessarily boil. The heated or vaporized fluid exits the boiler for use in various processes or heating applications, including water heating, central heating, boiler-based power generation, cooking, and sanitation.

A safety-critical system or life-critical system is a system whose failure or malfunction may result in one of the following outcomes:

A relief valve or pressure relief valve (PRV) is a type of safety valve used to control or limit the pressure in a system; excessive pressure might otherwise build up and create a process upset, instrument or equipment failure, explosion, or fire.

Passive nuclear safety is a design approach for safety features, implemented in a nuclear reactor, that does not require any active intervention on the part of the operator or electrical/electronic feedback in order to bring the reactor to a safe shutdown state, in the event of a particular type of emergency. Such design features tend to rely on the engineering of components such that their predicted behaviour would slow down, rather than accelerate the deterioration of the reactor state; they typically take advantage of natural forces or phenomena such as gravity, buoyancy, pressure differences, conduction or natural heat convection to accomplish safety functions without requiring an active power source. Many older common reactor designs use passive safety systems to a limited extent, rather, relying on active safety systems such as diesel-powered motors. Some newer reactor designs feature more passive systems; the motivation being that they are highly reliable and reduce the cost associated with the installation and maintenance of systems that would otherwise require multiple trains of equipment and redundant safety class power supplies in order to achieve the same level of reliability. However, weak driving forces that power many passive safety features can pose significant challenges to effectiveness of a passive system, particularly in the short term following an accident.

In functional safety a safety instrumented system (SIS) is an engineered set of hardware and software controls which provides a protection layer that shuts down a chemical, nuclear, electrical, or mechanical system, or part of it, if a hazardous condition is detected.

A pressure regulator is a valve that controls the pressure of a fluid to a desired value, using negative feedback from the controlled pressure. Regulators are used for gases and liquids, and can be an integral device with a pressure setting, a restrictor and a sensor all in the one body, or consist of a separate pressure sensor, controller and flow valve.

Like other pressure relief valves (PRV), pilot-operated relief valves (PORV) are used for emergency relief during overpressure events. PORV are also called pilot-operated safety valve (POSV), pilot-operated pressure relief valve (POPRV), or pilot-operated safety relief valve (POSRV), depending on the manufacturer and the application. Technically POPRV is the most generic term, but PORV is often used generically even though it should refer to valves in liquid service.

A blowdown stack is an elevated vent or vertical stack that is used to vent the pressure of components of a chemical, refinery or other plant if there is a process problem or emergency. A blowdown stack can be used to complement a flare stack or as an alternative. The purpose is to prevent 'loss of containment' of volatile liquids and gases. Blowdown from several systems may be combined in a blowdown header prior to the stack. A knock-out pot may be provided at the base of the stack to remove any liquids. Blowdown stacks may either be ignited or un-ignited. The height of the blowdown stack must be tall enough to ensure the safe dispersal of vapour.

A shutdown valve is an actuated valve designed to stop the flow of a hazardous fluid upon the detection of a dangerous event. This provides protection against possible harm to people, equipment or the environment. Shutdown valves form part of a safety instrumented system. The process of providing automated safety protection upon the detection of a hazardous event is called functional safety.

A high-integrity pressure protection system (HIPPS) is a type of safety instrumented system (SIS) designed to prevent over-pressurization of a plant, such as a chemical plant or oil refinery. The HIPPS will shut off the source of the high pressure before the design pressure of the system is exceeded, thus preventing loss of containment through rupture (explosion) of a line or vessel. Therefore, a HIPPS is considered as a barrier between a high-pressure and a low-pressure section of an installation.

The three primary objectives of nuclear reactor safety systems as defined by the U.S. Nuclear Regulatory Commission are to shut down the reactor, maintain it in a shutdown condition and prevent the release of radioactive material.

Instrumentation is used to monitor and control the process plant in the oil, gas and petrochemical industries. Instrumentation ensures that the plant operates within defined parameters to produce materials of consistent quality and within the required specifications. It also ensures that the plant is operated safely and acts to correct out of tolerance operation and to automatically shut down the plant to prevent hazardous conditions from occurring. Instrumentation comprises sensor elements, signal transmitters, controllers, indicators and alarms, actuated valves, logic circuits and operator interfaces.

Partial stroke testing is a technique used in a control system to allow the user to test a percentage of the possible failure modes of a shut down valve without the need to physically close the valve. PST is used to assist in determining that the safety function will operate on demand. PST is most often used on high integrity emergency shutdown valves (ESDVs) in applications where closing the valve will have a high cost burden yet proving the integrity of the valve is essential to maintaining a safe facility. In addition to ESDVs PST is also used on high integrity pressure protection systems or HIPPS. Partial stroke testing is not a replacement for the need to fully stroke valves as proof testing is still a mandatory requirement.

Boiling water reactor safety systems are nuclear safety systems constructed within boiling water reactors in order to prevent or mitigate environmental and health hazards in the event of accident or natural disaster.

An isolation valve is a valve in a fluid handling system that stops the flow of process media to a given location, usually for maintenance or safety purposes. They can also be used to provide flow logic, and to connect external equipment to a system. A valve is classified as an isolation valve because of its intended function in a system, not because of the type of the valve itself. Therefore, many different types of valves can be classified as isolation valves.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Most of this article is summarized from some Yemen LNG documentation on safety systems, No. YE-001-30-POC-JBS-25300 and YE-001-30-POC-JBS-25200.

[:0-2] 1 2 3 Dole, R (December 2013). "Design a staggered depressurization sequence for flare systems". Hydrocarbon Processing. 92 (12): 57, 58, 60.

[3] Piping and Instrumentation Diagrams, various plants

[1]

[2]

[3]