I ran across this white paper by Tom Jeansonne that I'd thought I'd share it over a series of discussion posts. Tom is the Energy Sales Manager at Emerson Process Management Valve Automation, Waller, TX. He has more than 30 years of experience in the valve and valve automation industry with both distributors and manufacturers. He can be reached at Tom.Jeansonne@Emerson.com
Crude oil, chemical and liquid refined product spills at onshore storage, processing, transportation and handling facilities, as well as large oil lightering tankers, are not isolated incidents for the industry. A number of recent events have brought a new awareness to the cost and risk involved in a overfill event. While some spills are directly related to natural disasters, each year, there are numerous overfills at bulk liquids storage terminals in all parts of the world. In many of the incidents, the equipment on the tank or vessel, designated to help prevent such occurrences, does not exist, is overridden, gets ignored or is in non-working order. In many smaller, remote terminals, no automated emergency shutoff receipt valves, high level alarms or other preventive instruments and sensors are even installed. Terminal operations personnel have often played a role by being inattentive, undertrained, or relying on instruments that should have been operable, but were not. The consequences of these spills have been, in many cases, disastrous to corporate assets and fatal to civilian and facility personnel. The vast majority of these overfill events could have been averted or at least significantly mitigated with a Safety Instrumented System (SIS).
Concept
Most modern facilities use Basic Process Control System (BPCS) and an independent Safety Instrumented System (SIS). The BPCS controls the process (including normal tank filling operations) while the purpose of the SIS is to take the BPCS to a safe state when pre-determined “acceptable” conditions are violated.
The SIS includes automated shut-down valve(s) or final control elements (FCE) which are typically operated by solenoid valves. With a SIS, the concern is more with how the system FAILS rather than how the system OPERATES.
An SIS is a set of components, including sensors, logic solvers and final control elements arranged for the purpose of taking the process to a safe state.
A bulk liquid tank farm SIS would minimally consist of a sensor (such as a high-high sensor at the tank) to monitor the critical safe tank level, a relay logic solver that constantly monitors the high-high tank level sensor signal, operational readiness and a final control element (FCE) that shuts down the tank filling operation when conditions warrant. Such a system would automatically shut down the receipt valve at the tank’s inlet, stopping the flow. Alternatively, it could be configured to divert to a relief tank which would also be similarly equipped.. Such as system would very likely prevent a tank overfill event – A SAFE STATE.
Major energy corporations have developed internal standards in compliance with safety standards, such as ANSI/ISA S84.01, IEC 61508 & IEC 61511, API 2350, which have defined Safety Integrity Levels (SILs) to translate risk reduction factors to predefined required safety levels. These same corporations have turned to leading technology firms who can not only assist in development of these internal standards, but also provide an integrated final control element (FCE) and a complete final control solution.
The following parts describe summary guidelines developed by Emerson Process Management Valve Automation, in partnership with a major energy corporation, to assist that company in standardizing procedures for overfill prevention at its global tank farm terminals.
Part 2 - Why Focus on the Final Control Element?