Get access

Evaluating non-independent protection layers

Authors


  • A 10th Anniversary PPSS Paper.

Abstract

The overall performance of a system that shares inputs and outputs between the BPCS and SIS can be better than the performance of a BPCS system and SIS system with dedicated inputs and outputs. Layer of Protection Analysis (LOPA) assumes that independent protection layers (IPLs) are independent of the initiating event (IE) components and any components of any other IPL in the LOPA scenario. This paper first focuses on those situations where protection layers all have separate components but are not independent solely because they:

  • share common utilities such as plant air, electricity, or cooling water,

  • share components in instrumented loops with other instrumented IPLs or the IE,

  • be in the same location and share vulnerability to a common failure such as a fire, or extreme weather

Second, this paper demonstrates each of these situations using simple examples and a fault tree model of the LOPA scenarios to address the impact of sharing components or subsystems. Third, this paper, shows the difference between analyzing sharing at the order of magnitude LOPA level and using the best estimate component reliability data with fault tree models.

Fourth, this paper provides examples showing the overall performance of a system that shares inputs and outputs between the IPLs or between the BPCS and SIS can be better than the performance of a BPCS system and SIS system with dedicated inputs and outputs. The maintenance and operational management issues involved with linking formerly “independent” systems can be managed to maintain the shared system performance advantage.

Fifth, this paper suggests some general guidelines addressing sharing issues in LOPA. Finally, this paper discusses the potential benefits of selected sharing and the costs associated with assuring that the related complexities are controlled. © 2009 American Institute of Chemical Engineers Process Saf Prog, 2009

Ancillary