Академический Документы
Профессиональный Документы
Культура Документы
REVISION 1
Rev1
TABLE OF CONTENT
Page No FOREWORD 1.0 2.0 3.0 4.0 5.0 5.1 5.2 6.0 7.0 8.0 8.1 8.2 9.0 9.1 9.2 9.3 9.4 9.5 9.6 9.7 10.0 10.1 10.2 11.0 11.1 11.2 11.3 12.0 12.1 12.2 12.3 12.4 INTRODUCTION.. SCOPE . APPLICATION . POLICY .. TERMINOLOGY DEFINITIONS .. ABBREVIATIONS REFERENCE STANDARDS........................ METHODOLOGY/APPROACH ................................... TEAM STRUCTURE AND RESPONSIBILITIES........................................... TEAM STRUCTURE......................................................................................... ROLES AND RESPONSIBILITIES................................................................... REQUIREMENTS............................................................................................. PREPARATION OF THE REVIEW................................................................... SIL REVIEW..................................................................................................... VALIDATION OF SIF........................................................................................ CAUSE DEMAND SCENARIO......................................................................... CONSEQUENCES OF FAILURE ON DEMAND (CoFD)................................ INDEPENDENT SAFEGUARDS...................................................................... SIL ASSESSMENT CALIBRATED RISK GRAPH METHOD........................ PLANNING....................................................................................................... PREPARATION OF THE REVIEW................................................................... TIMING OF THE REVIEW................................................................................ DOCUMENTS REQUIRED AND RECORDING............................................. DOCUMENTS REQUIRED............................................................................... RECORDING.................................................................................................... REPORTING AND FOLLOW-UP..................................................................... APPENDICES................................................................................................. APPENDIX I: TYPICAL SIL REVIEW WORKSHEET USING RISK GRAPH METHOD.......................................................................................................... APPENDIX II: TYPICAL SIL ACTION SHEET.................................................. APPENDIX III: TYPICAL SIL REVIEW REPORT TABLE OF CONTENT....... APPENDIX IV: SIL REVIEW PREPARATION ITEMS CHECKLIST................. 5 5 5 5 5 5 7 8 8 9 9 10 11 11 12 13 13 14 14 14 20 20 20 20 20 20 21 22 22 23 24 25
Page 2 of 31
Custodian Dept: ST
Rev1
APPENDIX V: DESCRIPTION OF PROCESS INDUSTRY RISK GRAPH PARAMETERS................................................................................................. APPENDIX VI - DEMAND RATE...................................................................... APPENDIX VII CORPORATE RISK MATRIX............................................... REVISION HISTORY LOG .
26 27 28 31
Page 3 of 31
Custodian Dept: ST
Rev1
FOREWORD
This document has been developed by Corporate HSE Support Department, reviewed and edited by Corporate Quality and Management System Department and circulated for review by user departments before being endorsed by QP Management to provide guideline. This document is published for QP Departments/ Contractors/ Consultants utilization. It shall be emphasized that the document to be used for QP operations wherever applicable and appropriate. This document is subjected to periodical review to re-affirm its adequacy or to conform to any changes in the corporate requirements or to include new developments on the subject. It is recognized that there will be cases where addenda or other clarifications need to be attached to the standard to suit a specific application or service environment. As such, the content of the document shall not be changed or re-edited by any user, but any addenda or clarifications entailing major changes shall be brought to the attention of the Custodian Department. The custodian of this document is Corporate HSE Support Department (ST). Therefore, all comments, views, recommendations, etc. on it shall be forwarded to the same and copied to Manager, Corporate Quality & Management Systems Department (QA).
Page 4 of 31
Custodian Dept: ST
Rev1
1.0
INTRODUCTION
Safety Integrity Level (SIL) review is an analysis which aims at the determination of the appropriate reliability required from the elements of the Safety Instrumented Functions (SIF) identified in prior safety reviews (e.g. HAZOP). The approach of this guideline is to remove the uncertainty regarding the safety integrity, cost effectiveness and availability requirements, reducing over and under engineering, in a traceable manner. SIL study is a method to record all the SIF for a project development and document the expected reliability level. SIL study provides a basis for future maintenance and operating strategies. SIL shall be conducted during FEED phase and /or EPIC phase in accordance with Project HSE Plan or as required by the outcome of Safety Reviews of a project. SIL assignment is based on the amount of risk reduction that is necessary to mitigate the risk associated with the process to a tolerable level. All of the Safety Instrumented Systems (SIS) design, operation and maintenance choices must then be verified against the SIL assigned.
2.0
SCOPE
This guideline details the structure, responsibilities and techniques of the Safety Integrity Level (SIL) review.
3.0
APPLICATION
The SIL review of the project shall cover all Safety Instrumented Systems (SIS) in process and utility units where there is potential for hazard to human safety, environment or asset /production loss.
4.0
POLICY
QP is committed to protect the health and safety of its employees and others that may be affected by its activities and to give proper regard to the conservation of the environment. QP policy is to conduct its activities such that it strives towards an incident free, secure, safe and healthy workplace. Safety studies and reviews shall be performed during the course of a project or modifications to an existing facility. This is to identify, qualify, quantify and to establish that design safety measures shall provide adequate protection and mitigate any risk involved with the proposed project development or the modifications.
5.0
5.1
TERMINOLOGY
DEFINITIONS
Basic Process Control System (BPCS)
A combination of Sensors, Logic Solvers and Final elements which automatically regulate the process within normal production limits. The BPCS provides control of a process in the desired manner.
Page 5 of 31 Custodian Dept: ST
Rev1
Factor contributing alone or in combination with others to the release of a hazard (in this guideline synonymous to the demand scenario triggering a SIF). Means QATAR PETROLEUM or QP Number of fatalities and/or serious injuries likely to result from the occurrence of the hazardous event. Effect on personnel safety, economic loss, environmental loss.
Escalation events that happen after the failure of the SIF during its solicitation. Effect on personnel safety, economic loss, environmental effect. The number of times per year that the hazardous event would occur in the absence of the safety instrumented function under consideration. The set of conditions (synonymous Cause). triggering a SIF action
The reason why a SIF is set. Its purpose. A device which manipulates a process variable to achieve control. e.g. Control Valve, Emergency Block Valve, motor starter.
A process of evaluating the effectiveness of Independent Protection Layers in reducing the likelihood or severity of an undesirable event to meet organizational needs.
The element of the BPCS or SIS that implements one or more logic functions. A source of potential harm or damage, or a situation with potential for harm or damage. LICENSOR or PROCESS LICENSOR means each of the Companies which have granted (or will grant) to QP a Process License and have provided (or will provide) the corresponding Licensor Basic Engineering Package (BEP) during the FEED project. Probability that the exposed area is occupied at the time of the hazardous event .Determined by calculating the fraction of time the area is occupied at the time of the hazardous event. The probability that exposed persons is able to avoid the hazardous situation which exists if the SIF fails on demand. The probability that a system fail to perform a specified function on demand.
Occupancy (F)
Page 6 of 31
Custodian Dept: ST
Rev1
All technical, operational and organizational measures that limit the chain of consequences arising from a top event and assist return to normal operation. Defined as a relative level of risk-reduction provided by a safety function, or to specify a target level of risk reduction. In simple terms, SIL is a measurement of performance required for a Safety Instrumented Function (SIF).Four level of SILs are defined, SIL 4 has the highest level of safety integrity and SIL 1 has the lowest. It is a safety function with a specified safety integrity level which is necessary to achieve functional safety. A safety instrumented function can be either a safety instrumented protection function or a safety instrumented control function. Instrumented system used to implement one or more safety instrumented functions. A Safety Instrumented System is composed of any combination of sensor (s), logic solver (s), and final elements(s). It performs specified safety instrumented functions to achieve or maintain a safe state of the process when unacceptable or dangerous process conditions are detected. Safety instrumented systems are separate and independent from regular control systems but are composed of similar elements, including sensors, logic solvers, and final elements.
5.2
ABBREVIATIONS
CoFD EPIC ESD FEED F&G HAZOP LOPA LP P&ID PFD PSD QP SIL
Consequence of Failure on Demand Engineering, Procurement, Installation and Commissioning Emergency Shut Down Front End Engineering Design Fire & Gas System Hazard and Operability Study Layer of Protection Analysis Loss Prevention Piping & Instrumentation Diagram Process Flow Diagram Process Shut Down Qatar Petroleum. Safety Integrity Level
Page 7 of 31 Custodian Dept: ST
Rev1
6.0
REFERENCE STANDARDS
IEC-61508 Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems Part 1: General requirements; Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems; Part 3: Software requirements; Part 4: Definitions and abbreviations; Part 5: Examples of methods for the determination of safety integrity levels (supporting Information); Part 6: Guidelines for the application of IEC 61508-2 and IEC 61508-3; Part 7: Overview of techniques and measures. IEC-61511 Functional safety Safety instrumented systems for the process industry sector Part 1: Framework, definitions, system, hardware and software requirements; Part 2: Guidelines for the application of IEC 61511-1; Part 3: Guidelines for the determination of the required safety integrity levels.
7.0
METHODOLOGY/ APPROACH
The technical standard IEC 61511 sets out a good practice for engineering of safety instrumented systems that ensure the safety of process industries. This standard defines the functional safety requirements established by IEC 61508 in process industry sector terminology. It also focuses attention on one type of instrumented safety system used within the process sector, the safety instrumented system (SIS). IEC 61511 covers the design and management requirements for SISs. Its scope includes initial concept, design, implementation, operation, and maintenance through decommissioning. The standard starts in the earliest phase of a project and continues through start up. It contains sections that cover modifications that come along later, along with maintenance activities and the eventual decommissioning activities. The standard consists of three parts as detailed under Clause 6.0. The SIL review session is a guided team brainstorming activity that benefits from a structured method and from the broad experience of a multidisciplinary team led by a SIL facilitator. The methodology that will be employed for the SIL determination is a technique uses a semi qualitative method: calibrated risk graph, as defined in IEC 61511-3 Annex D.
Page 8 of 31
Custodian Dept: ST
Rev1
Essentially the SIL derived rating is a measure of risk reduction that is required to be achieved by the safety instrumented system in order that the residual risk is acceptable or is as low as reasonably acceptable (ALARP) There are four levels of Safety Integrity for Safety Instrumented Functions, SIL1 to SIL 4. SIL 4 has the highest level of safety integrity and SIL 1 has the lowest. For SIF which are assigned SIL 1 or SIL 2 no further studies or action shall be required. However, for SIF which are assigned SIL 3 or 4, the SIL classification shall be considered in detail using a Quantitative method: Layer of Protection Analysis (LOPA) as defined in IEC 61511-3 Annex F. SIL classification study shall be carried out for all the elements of SIS; i.e. PSD, ESD and F&G as identified in the Cause & Effect matrix. The outcome of the SIL assessment is followed by a SIL verification study, where the reliability of the SIS is verified. Dedicated computer spreadsheet or dedicated SIL software shall be used for recording SIL proceedings. The software tool used for determining SIL shall be in accordance with IEC 61508/61511 and shall have a provision to calibrate the Risk Graph based on QP SIL review guideline. Note: Contractor shall develop project specific SIL procedure and terms of reference consistent with QP SIL guideline and shall submit to QP for prior approval.
8.0
8.1
Rev1
d) Contractor
Additional specialists of other disciplines may be called to participate upon request according to the needs identified by the other permanent members of the team.
8.2
8.2.1 Chairman The Chairman shall require a high level of technical and managerial skills. He shall require expertise and experience in conducting SIL reviews and SIL verification studies. He needs to remain independent of the discussion and shall not associate with the project. The Chairmans resume shall be reviewed and approved by QP prior to a SIL session. The role of the Chairman is critical to the success of the meeting. He shall: Prepare, and make a presentation prior to the review on SIL techniques, rules and assumptions to be used by the team during the review, Lead the team through the SIL Determination technique, Prompt the brainstorming effort, and manage the discussion, Identify the key issues as they are raised by the team, Facilitate the evaluation of demand rates and consequences and ensure consistency of rating, Manage the recording of the findings by the scribe, Ensure that the minutes fully reflect the points identified, Generate the report of the review.
Doc File No.: GDL-S-030 R1 Page 10 of 31 Custodian Dept: ST
Rev1
The role of scribe shall be skilled to record accurately outcome of the discussions. Without being highly experienced the scribe needs to be familiar with engineering terminology. He / She shall: Be familiar with the computer software used to record the review findings before the start of the review, Follow the Chairmans instruction in recording the team findings. 8.2.3 Instrumentation/ LP Engineer ( Contractor) Prior to the review, the instrumentation engineer/specialist is in charge to complete the following elements for each SIF, based on the Cause & Effect Matrix /P&ID/ HAZOP/Safe Charts. For each SIF to be reviewed, SIL review work sheet to be provided with: Listing the initiators, Listing the final elements, Defining the success criteria for initiators and final elements, and Indicating the associated actions. An example of SIL Review Worksheet is provided in Appendix I. 8.2.4 Process Engineer( Contractor) Prior to the review, the process engineer is in charge of the description of the Design intent of the SIF and to provide this information to Instrumentation Engineer for implementation in the SIL review worksheet. An example of how this is documented is provided in Appendix I (1 st column on left of the table).
9.0
9.1
REQUIREMENTS
PREPARATION OF THE REVIEW
Prior to the review, the chairman shall collect the SIF description (SIF name, initiator(s), final elements, success criteria, associated actions and design Intent from the instrumentation specialist/ LP engineer The chairman shall make a presentation to the team about the purpose and scope of the SIL review and to focus the efforts of the team members. The chairman shall make a presentation to the team about the methodology to be used in the SIL review. This establishes a common starting basis for the team that is necessary to conduct an effective SIL review. The parameters of the Project Risk Matrix shall be presented to the team for subsequent use in the evaluation of SIL assessment (Ref Appendix VII). The process engineer shall present an overall explanation of the plants process so that all team members have a clear understanding of the basic operations of the plant. This also acquaints the team members with typical scenarios that may lead to a hazardous condition.
Page 11 of 31 Custodian Dept: ST
Rev1
Dedicated SIL software or spreadsheets shall be introduced to the team to log the SIL review session (Contractor shall specify the software /spreadsheet proposed while submitting SIL methodology document for QP approval prior to a SIL review session).
9.2
SIL REVIEW
The SIL review sequence process shall be divided into steps as follows: Select the Safety Instrumented Function, Validation of the SIF description (already documented in the SIL review worksheet by instrumentation/ LP engineer), Validation of the design intent (already documented in the SIL review worksheet by process engineer, Determine (by brainstorming) all the potential causes/ demand scenario which trigger the SIF action, Agree the credibility of each cause, Identify potential hazard in terms of: i. Consequences of SIS failure on Demand (C ) - Personnel Safety (S) - Environmental Effect (E) - Economic loss (A) ii. Occupancy (F) iii. Probability of avoiding the hazardous situation (P) iv. Demand Rate (W) Assess the preventive, protective and mitigation safety features, Assign SIL based on C,F,P&W parameters, Agree a recommendation for action or further consideration of the problem (if applicable), Apply the next cause (relevant to the selected SIF), Move onto the next SIF of the system until the whole study has been examined. Figure 1 given below is a pictorial description of the review procedure.
Page 12 of 31
Custodian Dept: ST
Rev1
ASSESS CLASSIFICATION
9.3
VALIDATION OF SIF
Instrumentation or LP engineer shall present each SIF to the review team to have the same understanding of its purpose (design intend) among the team members.
9.4
Page 13 of 31
Custodian Dept: ST
Rev1
The team shall identify all the consequences of the identified demand scenario(s). The location of the plant and of the relative positions of installations can have a significant influence in the consequences. The correct appreciation of these consequences is critical to the appropriate classification of the SIF.
9.6
INDEPENDENT SAFEGUARDS
Where applicable, the team may list of Independent safeguards (independent from SIF) which can reduce the event probability.
9.7
9.7.1 Consequence (Parameters S, E and A) The consequences of the hazardous situation for personnel safety, environment and economic/ asset loss (parameters S, E and A respectively) are further defined for various risk levels. These definitions are consistent with QP Risk Assessment Matrix.
Table 1 - Consequence Risk Parameter for Personnel Safety(S) Consequence Risk Parameter S1(CA) S2 (CB) S3 (CC) S4(CD) Definition Minor injury or health effects Major injury or health effects Single fatality or Permanent total disability Multiple fatalities
Notes: The classification system has been developed to deal with injury and death to people. For the interpretation of S1, S2, S3 and S4 parameters, the consequences of the accident and normal healing shall be taken into account.
Page 14 of 31
Custodian Dept: ST
Rev1
Definition
E1(CA)
Minor effect: Contamination; damage sufficiently large to impact the environment; single exceeding of statutory or prescribed limits; single complaint; no permanent effect on the environment.
E2(CB)
Localized effect: Limited loss of discharges of unknown toxicity; repeated exceeding of statutory or prescribed limits and beyond fence/ neighborhood. Major effect: Severe environmental damage; the company is required to take extensive measures to restore the contaminated environment to its original state. Extended exceeding of statutory or prescribed limits. Massive effect: Persistent severe environmental damage or severe nuisance extending over a large area. In terms of commercial or recreational use or nature conservancy, a major economic loss for the company. Constant high exceeding of statutory or prescribed limits.
E3(CC)
E4(CD)
Table 3- Economic/Asset Consequence Parameter (A) Level of Economic Consequences A1(CA) Definition Minor damage: Brief disruption to operation with estimated costs less than QR 350,000.
A2(CB)
Local Damage: Partial shutdown of operation; can be restarted but with estimated costs up to QR 3,500,000. Major Damage: Partial loss of operation; 2 weeks shutdown with estimated costs up to QR 35,000,000. Extensive Damage: Substantial or total loss of operation; with estimated costs in excess of QR 35,000,000.
A3(CC)
A4(CD)
Page 15 of 31
Custodian Dept: ST
Rev1
The exposure time of an individual in a hazardous situation are further defined for two occupancy conditions. Table 4- Occupancy Exposure Time Parameter (F) Exposure time in the hazardous zone Definition Rare to more often exposure in the hazardous zone (normally unmanned operation of the relevant part of the plant). Occupancy less than 10%. Frequent to permanent exposure in the hazardous zone (relevant part of plant is attended locally on a regular basis, e.g. every shift, or during the specific time of demand, e.g. start-up or shut-down, or relevant part of the plant is located near a continuously occupied road)
F1
F2
9.7.3 Probability of avoiding the Hazard (Parameter P) This parameter represents the probability of avoiding the hazardous event if the protection system fails. Two scenarios are defined for SIL review.
Table 5- Probability of avoiding the Hazard Parameter (P) Probability of avoiding the hazardous event
Definition Possible under certain conditions some warning available. (Operator is capable of getting away from the hazard or hazard is mitigated by other measures). Almost impossible No warning available. (Operator may not be aware of hazard or may not be able to get away sufficiently quick).
P1
P2
Notes: This parameter takes into account: Operation of a process (supervised i.e. operated by skilled or unskilled persons or unsupervised). Rate of development of the hazardous event (suddenly, quickly and slowly). Ease of recognition of danger (seen immediately, detected by technical measures or detected without technical measures).
Page 16 of 31 Custodian Dept: ST
Rev1
Avoidance of hazardous event (escape possible, not possible or possible under certain conditions; independent facilities are provided to shutdown). Facilities are provided to alert the operator that the SIS has failed. The time between the operator being alerted and a hazardous event occurring exceeds 15 minutes or is definitely sufficient for the necessary actions. Actual safety experience (such experience may exist with an identical unit or a similar unit or may not exist).
9.7.4 Demand Rate (W) The purpose of the demand rate (W factor) is to estimate the frequency of the unwanted occurrence in the absence of the SIF under consideration. This can be determined by considering all failures which can lead to the hazardous event and estimating the overall rate of occurrence. Other protection layers should be included in the consideration. Three conditions are defined for SIL review.
Table 6- Demand Rate Parameter (W) Likelihood of the unwanted occurrence Definition A very slight probability that the unwanted occurrences will happen and only a few unwanted occurrences are likely: Once in every 30 to 100 years. A slight probability that the unwanted occurrences will happen and few unwanted occurrences are likely: Once in every three to 30 years. A relatively high probability that the unwanted occurrences will happen and frequent unwanted occurrences are likely: more than once in every one to three years.
W1
W2
W3
9.7.5 Risk Graph Personnel Safety, (Ref. IEC 61511-3 fig D.1)
Risk graph as referred in Figure 2 shall be used to determine SIL for personnel safety. The consequences of the hazardous situation for personnel safety are determined as SIL levels using risk graph.
Page 17 of 31
Custodian Dept: ST
Rev1
Fig 2- Risk Graph: Personnel Safety 9.7.6 Risk Graph Environmental Loss, (Ref. IEC 61511-3 fig D.2)
Risk graph as referred in Figure 3 shall be used to determine SIL for environmental loss. The consequences of the hazardous situation for environmental loss are determined as SIL levels using risk graph.
Rev1
The risk graph approach may also be used to determine the integrity level requirements where the consequences of failure include asset loss. Asset loss is the total economic loss associated with failure to function on demand. A similar risk graph to that used for environmental protection can be used for asset loss. It should be noted that the F parameter should not be used the concept of occupancy does not apply. Other parameter P and W apply and definitions can be identical to those applied above to safety consequences.
Fig 4- Risk graph: Economic loss For each SIF operating in demand mode, the required SIL shall be specified in accordance with either Figs 2, 3 or 4. SIL assigned against various probability of failure demand is given in table 7 for reference. .
Table 7 - Safety Integrity Levels: Demand mode of operation Safety Integrity Level 4 3 2 1 Target average probability of failure on demand 10-5 to < 10-4 10-4 to < 10-3 10-3 to < 10-2 10-2 to < 10-1
Page 19 of 31
Custodian Dept: ST
Rev1
The selected SIL level for a safety interlock function is the highest of the three individual SILs (Safety, Economical and Environmental) and defines a minimum SIL. It is always possible to select a higher SIL level than the required SIL, if the project team thinks this is preferred.
10.0 PLANNING
10.1 PREPARATION OF THE REVIEW
Once the dates and duration of the review(s) are known necessary logistical arrangement shall be made. Appendix IV provides a checklist of the SIL review preparation items.
10.2
TIMING OF THE REVIEW The SIL review of Project shall take place after associated HAZOP review. Dedicated session shall be performed for each unit.
11.2
RECORDING
The findings of the application of the methodology presented above shall be recorded during the session by the scribe with the computer spreadsheet or dedicated SIL software. The scribe records the results of this identification activity in a table type file (see appendix I) using a computer and a video projector. Use of a video projector shall allow the team to visualise the record. A SIL review worksheet used for the report of the findings is presented in appendix I.
Page 20 of 31
Custodian Dept: ST
Rev1
Upon completion of the review the chairman will produce a report, which discusses the findings of the review and details the critical findings.
11.3
Recommendation (Action /query items) shall be recorded and the corresponding SIL ACTION SHEET (see Appendix II) shall be generated for subsequent follow-up by the project. The Project Engineer shall have the responsibility to ensure appropriate project followup of the action recommendations generated during the review are implemented (see Appendix II). A Formal SIL Close out Report with SIL verification study shall be submitted to QP for approval.
Page 21 of 31
Custodian Dept: ST
Rev1
12.0 APPENDICES
12.1 APPENDIX I: TYPICAL SIL REVIEW WORKSHEET USING RISK GRAPH METHOD
Project Name /No : SIF No: SIF: Reference / name of the selected SIF Initiators: Final Elements: Initiator Success Criteria: Final Element Success Criteria: Associated Operating Actions: Drawings and Documents: Documents used : DESIGN INTENT CAUSE / DEMAND SCENARIO CONSEQUENCES of FAILURE on DEMAND (CoFD) List here all the consequences that will occur in case of Failure on demand of the SIF INDEPENDENT SAFEGUARDS RECOMMENDA TIONS Date Reviewed: DD MMM YYYY
Consequence Parameter
Occupancy Parameter
SIL Level
Required SIL level SIF Action Number: Assigned to: Name of person
Page 22 of 31
Custodian Dept: ST
DOC. No. QP-GDL-S-030 12.2 APPENDIX II: TYPICAL SIL ACTION SHEET
SIF STUDY ACTION AND RESPONSE SHEET
Rev1
SIF ACTION ON: SIF ACTION NO: MEETING DATES: DD MMM YYYY
RESPOND BY:
DRAWINGS AND DOCUMENTS: documents used (from the front page list of documents studied) SIF : Reference / name of the selected SIF DESIGN INTENT: purpose of the SIF CAUSE / DEMAND SCENARIO: list here causes that will trigger the SIF to operate CONSEQUENCES of FAILURE on DEMAND (CoFD): list here all the consequences that will occur in case of Failure on demand of the SIF . INDEPENDENT SAFEGUARDS: list here all the independent safeguards RECOMMENDATIONS: recommendation of the team (if any) RESPONSE: (Action ) DATED: (SIF Table 1)
SIGNED: ENTER YOUR RESPONSE IN THE BOX ABOVE, THEN SIGN AND RETURN TO:
Page 23 of 31
Custodian Dept: ST
DOC. No. QP-GDL-S-030 12.3 APPENDIX III: TYPICAL SIL REVIEW REPORT TABLE OF CONTENT
Rev1
TABLE OF CONTENT
1.0 SUMMARY 2.0 INTRODUCTION 3.0 SCOPE 4.0 TEAM COMPOSITION 5.0 DOCUMENTS REFERENCES (Including to the present procedure) 6.0 GENERAL DESCRIPTION 7.0 FINDINGS OF THE REVIEW (if any) 8.0 CONCLUSION (as required) In attachment: 9.0 COPY OF REFERENCE DOCUMENTS MARQUED DURING REVIEW 10.0 SIF CLASSIFICATION RISK MATRIX 11.0 SIL WORKSHEET TABLES 12.0 SIF CLASSIFICATION REVIEW ACTION SHEETS (if any)
Page 24 of 31
Custodian Dept: ST
DOC. No. QP-GDL-S-030 12.4 APPENDIX IV: SIL REVIEW PREPARATION ITEMS CHECKLIST Check-list up-dated by: Name: _ _ _ _ _ _ _ _ _ _ Logistics: Dates defined: start date: _ _/ _ _/ _ _ Chairman selected: Scribe selected: End date: _ _/ _ _/ _ _ Date: _ _/ _ _/ _ _
Rev1
Name: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Name: _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Room booked for the period: Yes/No Room # _ _ _ _ _ _ _ _ _ _ Computer booked for the period: Yes/No Data Projector booked for the period: Yes/No Coffee/biscuits ordered for the period: Yes/No Documents available: Methodology, SIL Procedure: Yes/No PFD: PID: Yes/No Yes/No
Cause & Effect Matrix: Yes/No Safe Charts: Yes/No Process description, balance, layout, etc Yes/No Previous hazard analysis Yes/No Participants: List of participants identified: Yes/No Participants have been informed of review session dates: Yes/No when ? Date: _ _/ _ _/ _ _
Page 25 of 31
Custodian Dept: ST
DOC. No. QP-GDL-S-030 12.5 APPENDIX V: DESCRIPTION OF PROCESS INDUSTRY RISK GRAPH PARAMETERS
Rev1
Parameter
Description Number of fatalities and/or serious injuries likely to result from the occurrence of the hazardous event. Determined by calculating the numbers in the exposed area when the area is occupied taking in to account the vulnerability to the hazardous event. Probability that the exposed area is occupied at the time of the hazardous event. Determined by calculating the fraction of time the area is occupied at the time of the hazardous event. This should take in to account the possibility of an increased likelihood of persons being in the exposed area in order to investigate abnormal situations which may exist during the build-up to the hazardous event ( consider also if this changes the C parameter) The probability that exposed persons are able to avoid the hazardous situation which exists if the safety instrumented function fails on demand. This depends on there being independent methods of alerting the exposed persons to the hazard prior to the hazard occurring and there being methods of escape. The number of times per year that the hazardous event would occur in the absence of the safety instrumented function under consideration. This can be determined by considering all failures which can lead to the hazardous event and estimating the overall rate of occurrence. Other protection layers should be included in the consideration.
Consequence
Occupancy
Demand rate
Page 26 of 31
Custodian Dept: ST
Rev1
The demand rate will be determined using the teams collective experience, along with reference from data bases from OREDA or USRMP or other accepted data bases. QP data base for failure rates shall be primarily considered when available. Failure rates for typical equipment items, as shown below for example.
Typical Failure Rate Date (from OREDA Offshore Reliability Database) Item: Mean Failure Rate per 106 hours
5.3 2.8 9.6 11 10 to 16 (1 to 20) 19 to 24 (1 to 10) 22 25.94 24 to 44 (1 to 10) 4.1 6.5 0.27 11.46 36.5
Pressure Switch (Pneumatic) Level Switch (Pneumatic) Level Switch (Electric) Level Transducer PCV / LCV (Ball) PCV / LCV (Globe) PSV XSDV (Globe Valve) XBDV (Ball Valve) Electric Relay (logic solver) Pilot Valve (in SDP) Fusible Plug H2S Gas Detector IR HC Gas Detector
Item Leak Frequency (Offshore Hydrocarbon Release Statistics and Analysis, 2002, HID Statistics Report HSR 2002 002, UK Health and Safety Executive, February 2003.) Item:
Flange Valve Instrument Connections Pressure Vessel Centrifugal pump Shell & Tube Heat Exchanger Launcher / Receiver Centrifugal Compressor Reciprocating Compressor
Overall Leak Frequencies for a Platform: Large Integrated Offshore Platform approx 1 leak per year Minimum facilities wellhead platform approx 1 leak per 10 years Riser Failure frequency approx. 1 x 10-3 per year or 1 in 1000 riser years
Page 27 of 31
Custodian Dept: ST
Rev1
People
Asset/ Production
Environment Reputation
E Occurres Has Occurres Never Has several Occurred several heard in Occurred times a in times a Industry in QP year this Industry year in QP site No Risk
No injury
No damage
No Effect
No Impact
Slight injury Slight damage or health No disruption Slight Effect effect to operation Minor injury Minor damage or health Minor effect ( < QR 350,000) effect Major injury Local damage or health ( < QR effect 3,500,000) Single Fatality or permanent total disability Multiple fatalities Localised Effect
Slight Impact
Low Risk
Limited Impact
National Impact
Medium Risk
Regional Impact
High Risk
Massive Effect
Internation al impact
Page 28 of 31
Custodian Dept: ST
DOC. No. QP-GDL-S-030 12.7 APPENDIX VII Cont., QP CORPORATE RISK MATRIX
Rev1
or
an
Rev1
Major effect: Severe environmental damage; the company is required to take extensive measures to restore the contaminated environment to its original state; Extended exceeding of statutory or prescribed limits. Massive effect: Persistent severe environmental damage or severe nuisance extending over a large area; In terms of commercial or recreational use or nature conservancy, a major economic loss for the company; Constant high exceeding of statutory or prescribed limits. 3.0 ASSET DAMAGE/ LOSS OF PRODUCTION Asset damage and loss of production is further explained for: Slight damage: No disruption to operation with estimated cost less than QR 25,000. Minor damage: Brief disruption to operation with estimated cost less than QR 350,000. Local damage: Partial shutdown of operation; can be restarted with estimated cost up to QR 3,500,000. Major damage: Partial loss of operation; 2 weeks shutdown with estimated cost up to QR 35,000,000. Massive damage: Substantial or total loss of operation with estimated cost in excess of QR 35,000,000. 4.0 REPUTATION
Page 30 of 31
Custodian Dept: ST
Rev1
Revision: 1
Date: 24/03/2010
Reason for Change/Amendment Item Revised: Changes/Amendment: This new guideline is developed to cover requirements for safety integrity level review. the corporate
Note: The revision history log shall be updated with each revision of the document. It shall contain a written audit trail of the reason(s) why the changes/amendments have occurred, what the changes/amendments were and the date at which the changes/amendments were made.
Page 31 of 31
Custodian Dept: ST