Safety risk assessments require a methodical look at all the areas of a manufacturing process where hazardous conditions may exist. I caught up with certified functional safety expert (CFSE), Mike Schmidt, who recently worked with a terminal operator to relook at the safety risks at the terminal. Mike is a consultant in Emerson’s Refining and Chemical industry center.
Mike worked with the risk assessment team which included members from HSE (health, safety and environmental), engineering, operations, and the terminal manager.
The team looked at the layers of protection in place as well as the current safety instrumented functions (SIF) that were currently in place to reduce the risks of various hazards. For a terminal which takes in and sends refined hydrocarbon products like gasoline and diesel these possible hazards include things like ruptured pipelines, loss of pipeline containment, storage tank overfill, tank truck overfill, and barge overfill to name some.
Following the total safety lifecycle as prescribed by the global IEC 61511 safety standard (ISA S84.01 2004 in the U.S.), the team very methodically considered every risk, its likelihood, and the consequence of the hazard occurring. Areas were identified to add to the existing layers of protection and safety instrumented functions.
An example Mike shared was the hazardous condition caused by a storage tank overfill condition. These tanks are filled either by an incoming pipeline or from a marine vessel. The team determined that the likely cause of a storage tank overfill with the worst consequences is an error or failure condition during receipt of product from a pipeline, because a pipeline represents an essentially infinite source of spilled material. To mitigate this risk, redundant level sensors are placed on each tank. The operating level is monitored and controlled with a separate level transmitter. Should a possible overfill condition begin to occur the safety instrumented system initiates closure on the pipeline isolation valve. Given the consequences and impact of this potential hazard, this safety instrumented function was rated SIL 2.
Out of this assessment, the next step was to develop a detailed safety requirements specification, again consistent with the IEC 61511 standard.
The performance-based standards outlined in the IEC 61511 standard more and more require this close working relationship between the process manufacturer and safety instrumented system provider to carefully examine the hazards and develop and execute a plan to mitigate the risks identified.