Big Chemical Encyclopedia

Chemical substances, components, reactions, process design ...

Articles Figures Tables About

BPCS operator action

Operator actions that are implemented through the BPCS, in response to process conditions, can be credited with a risk reduction of less than 10 under the following conditions  [Pg.48]

The hardware associated with a BPCS operator action is not covered by the standard. However, its performance should be monitored to ensure that it is sufficient. Formal PFD calculation is typically not required. Human factors should be considered in the design of any critical operator activity. For example, the design of the BPCS operator interface should incorporate human factors engineering (HFE) principals to ensure that the operator responds adequately to an alarm or process indication. However, a detailed human-error analysis is not required for operator actions implemented in the BPCS. Refer to Table B-1 for additional allocation and risk-reduction guidance. [Pg.48]

In BPCS, operator actions in response to process conditions are not part of a safety system (see lEC 61511 -1 2003 Clause 9.4.2) if risk reduction is less than 10. It is needless to say that BPCS should be designed as per ISA standard for alarm systems. Also the design of a BPCS operator interface should incorporate human factors engineering principles to ensure adequate response of the operator to displays and alarms. It is extremely important that operator response during both normal and abnormal conditions in the facility should not unduly violate process safety limits and norms and put the facility in an unsafe or undesirable mode or condition. [Pg.837]

Remember that the BPCS operates with signals that are relatively dynamic. This makes BPCS failures generally detectable by plant personnel. Example diagnostic methods include flat line outputs, quality indicators, pre-alarms, deviation alarms, and out of range signals. While a BPCS operates under relatively dynamic conditions, safety instrumented system signals are static Boolean variables. Since the SIS only takes action when a potentially dangerous condition is detected, it can be very hard for operations and maintenance persormel to detect certain failure modes of a SIS. [Pg.21]

NOTE - Layer of protection analysis (LOPA) is often implemented as an order-of-magnitude assessment. Consequently, it is typical for the purpose of the LOPA calculation to assume a rounded off risk reduction factor of 10 for an operator action IPL implemented in the BPCS layer when it has met the other criteria discussed in this Annex and in Annex F. [Pg.47]

Finally, when allocating risk reduction, it is important to remember that one operator equals one response. Multiple alarms generally do not yield higher performance because the operator is the single point of failure for the necessary response. If the team has allocated risk reduction to an operator action in the BPCS layer, additional risk reduction should not be taken for an operator action allocated to the SIS layer for the same hazard scenario unless a detailed analysis is performed. When examining the overall risk reduotion that can be provided by the alarms, it is important to recognize the potential for common-mode failure due to operator or procedural error. [Pg.49]

Safety Interlock - A system (SIS) or function that detects an out-of-limits (abnormal) condition, or improper sequence and brings it to a safe condition, consists of a sensing function, a control function, and a final control element. The control function must be separate from the BPCS. A Safety Interlock deals with Class A B events only. Note Safety interlocks operate automatically no operator action is involved. [Pg.273]

Introduction The chemical processing industry relies on many types of instrumented systems, e.g., the basic process control systems (BPCSs) and safety instrumented system (SIS). The BPCS controls the process on a continuous basis to maintain it within prescribed control limits. Operators supervise the process and, when necessary, take action on the process through the BPCS or other independent operator interface. The SIS detects the existence of unacceptable process conditions and takes action on the process to bring it to a safe state. In the past, these systems have also been called emergency shutdown systems, safety interlock systems, and safety critical systems. [Pg.103]

The SIS is normally designed to fail-safe on loss of power and takes action only when the process demands that it do so. These demands often occur when safe operating limits are exceeded due to BPCS failures. Therefore, the SIS is designed and managed to be independent of the BPCS in terms of its hardware and software and its user interfaces, such as operator, maintenance, and engineering interfaces. [Pg.104]

Process interlocks make up an automatic system that detects an abnormal condition and either halts process action or takes corrective action to return the process to normal. Process interlock systems may be part of the Basic Process Control System (BPCS). The BPCS is a system of measurements and controls including alarms and interlocks that function to keep the process within acceptable operating limits. The BPCS is usually associated with producing good quality or in-spec finished product. [Pg.142]

Where the above actions depend on an operator taking specific actions in response to an alarm (for example, opening or closing a valve), then the alarm shall be considered part of the safety instrumented system (i.e., independent of the BPCS). [Pg.57]

Where the above actions depend on an operator notifying maintenance to repair a faulty system in response to diagnostic alarm, this diagnostic alarm may be a part of the BPCS but shall be subject to appropriate proof testing and management of change along with the rest of the SIS. [Pg.57]

Operators often take control actions on a process through the BPCS. Normal process control actions are generally not considered safety functions. [Pg.47]

Alarms for which an operator or facility worker is required to evacuate an area (e.g., fire and gas alarms) and are not intended to direct the operator to take action on the process are generally not considered safety instrumented functions. These alarms should not be allocated to the BPCS but may be allocated to the SIS or to another independent protection layer. Refer to Annex F, Figure F.1, for an overview of protection layers. These alarms are generally classified as safety-related and are designed and managed in a manner that supports the allocated risk reduction. [Pg.47]

Human response to BPCS indication or alarm with S10 minutes response time Simple well-documented action with clear and reliable indication that the action is required. The operator does not have to perform troubleshooting or diagnostics to take the action. 2 1 X 10 (limited by ISA-84.00.01-2004) 1 X 10 ... [Pg.50]

ANSI/ISA-84.00.01-2004-1 assumes that the owner/operator has considered and addressed the application requirements for the device. These are typically the same type of requirements considered for BPCS performance. These may include the technology required to detect the process conditions, to make decisions on the actions to take, and to take action on the process, the correct measurement or control ranges, the materials of constmction necessary for the environment and process conditions, and the correct installation practices. The device safety manual may outline different requirements based upon the SIL claim limit, and these must be followed. [Pg.178]

Video dispiays may be used to dispiay SiS status. A BPCS, or other computer-based controi system, through its normai operator dispiays, may inciude information reiated to the status of the SiS. For exampie, deviation aiarms may be dispiayed on the operator interface. However, as discussed in iSA-TR84.00.04-1, Annex B, it is recommended that safety-criticai aiarms, requiring that the operator take action to prevent a process hazard, be dispiayed on a separate interface from the BPCS HMi. [Pg.209]

The actions required to maintain safe operation during degraded or disabled states should be defined for each SIF. Refer to ISA-TR84.00.04-1, Annex B, for a discussion of operator-initiated safety functions and ISA-TR84.00.04-1, Annex F, for a discussion of the relationship between the SIS and BPCS. Any procedures required to continue safe operation should also be documented, followed by training of operation and maintenance personnel. [Pg.225]

Alarms. Provided there is an alarm which is independent of the BPCS, sufficient time for an operator to respond, and an effective action he can take (a handle he can pull ), credit can be taken for alarms to reduce the probability of the Impact Event... [Pg.119]

SIS This is the first automatic protection layer to BPCS and second overall layer of protection. It is desired that this shall be independent of BPCS. Even if these are combined it is necessary to ensure that single failure does not take toll of safety. SIS may stop part of plant operation and/or diverts some flow safely, etc. It may have separate set of instrumentation to detect and take safety action in the event of instrument/system failure. It has to be more aggressive than BPCS for safety functions. Under SIS, there will be several interlocks and protections to save the system and in many places like off shore design, ESD is considered as last resort or emergency plan achievable through PEs. [Pg.70]

Not only because final elements contribute 50% of PFD share, but also final control elements are the key components of any control loop in any system, be it BPCS or SIS. Therefore selection of final elements needs special attention. Final element implements the action determined by the logic system. This final control element of interest to SIS is typically a pneumatically/hydraulicaUy actuated on-off valve operated by solenoid valve(s). But it could be other types also. It is important to keep in mind the applicability SIL assignment to final elements. When needed, assignment criteria may be applied. Using perspective of lEC 61508 and 61511 same assignment criteria could be fixed. [Pg.627]

The SIS in Figure 10.1 serves as an emergency backup system for the BPCS. The SIS starts automatically when a critical process variable exceeds specified alarm limits that define its allowable operating range. Its initiation results in a drastic action, such as starting or stopping a pump or shutting down a process unit. Consequently, it is used only as a last resort to prevent injury to people or equipment. The term Safety Interlock System was previously used, but the newer term Safety... [Pg.171]

Sometimes redundant sensors and actuators are utilized. For example, triply redundant sensors are used for critical measurements, with SIS actions based on the median of the three measurements. This strategy prevents a single sensor failure from crippling SIS operation. The SIS also has a separate set of alarms so that the operator can be notified when the SIS initiates an action (e.g., turning on an emergency cooling pump), even if the BPCS is not operational. [Pg.172]

Upon loss of the HMI, the operator has a shutdown button mounted on the console that will be used to initiate a sequence of actions, which is necessary to bring the process to a safe state in an orderly fashion. The shutdown pushbutton provides discrete inputs to the SIS and BPCS logic solvers and causes Shortstop chemical addition through BPCS action. [Pg.34]

See other pages where BPCS operator action is mentioned: [Pg.48]    [Pg.48]    [Pg.66]    [Pg.348]    [Pg.538]    [Pg.837]    [Pg.837]    [Pg.80]    [Pg.83]    [Pg.80]    [Pg.83]    [Pg.58]    [Pg.24]    [Pg.121]    [Pg.3]    [Pg.70]    [Pg.349]    [Pg.470]   


SEARCH



Operator Actions

© 2024 chempedia.info