PRISM Seminar 2003 4-5 Sept.

2003, Athens, Greece

Safety barriers

Louis Goossens (TUDelft, NL) David Hourtolou (INERIS, FR)

Chemical industries
Risks are regulated in Seveso II Directive Potential accidents occur as Loss of Containment (LOC) Loss of Physical Integrity (LPI) Modelling with Accident Scenarios Bow-tie Safety Barriers Risk: Probabilities & Consequences

Bow-tie & Barriers

SCENARIO
UE 1 UE 2
OR

And

ME IE IE SCE DP
OR

DP ME

UE 3
OR

IE CE

UE 4 UE 5
And

ME IE
OR

DP ME IE SCE ME DP ME

CU E UE 7
OR

IE

CU E

Prevention

Barriers

Protection

Fault Tree

Event tree

Approach
Safety function = technical, organisational or combined function that reduces probability or consequences via safety barriers Action verbs To prevent To limit (to protect) To mitigate

Barriers
Categories of barriers Passive barriers
vessel wall, dykes

Active barriers
interlock systems, relief valve

Procedural barriers
work permit

Functioning: permanent or activated Activated: detection - diagnosis action

Probability of LoC/LPI
Safety barriers decreases probability of technical component failures and human error rates by adding control functions (AND-gates) of conditional probabilities (in the consequence event trees)

Design & Redesign

Management strategies Inherently safer design Safety barriers SIL (safety integrity level) choice Independent Layers of Protection Safety management implications

Risk reduction process

Residual risk Tolerable risk Risk evaluated from an initiating event and a major effect

Necessary risk reduction Actual risk reduction Partial risk covered by a safety instrumented system Partial risk covered by hardware barriers Partial risk covered by procedural barriers

Increasing risk

Setting a risk reduction objective

W3 CA X1 W2 W1

---

---

PA FA PB Risk Assessment Start-Point CB PA FB FA CC PA FB FA CD FB PB PB PB

X2

---

X3

X4

X5 PA X6

Class of confidence per barrier

Active barriers Derived from SIL principles (IEC 61508-61511)
Safe Failure Fraction (SFF) ... 60 90 99 % 60 % 90 % 99 % ... Tolerant to : 0 failure SIL 1 SIL 2 SIL 3 SIL 3 1 failure SIL 2 SIL 3 SIL 4 SIL 4 2 failures SIL 3 SIL 4 SIL 4 SIL 4

Class of confidence per barrier

Passive barriers Derived from generic PFD values
Generic passive safety barrier Dike Underground drainage system Open vent (atmospheric vessel) Fire-proofed wall / blast wall / bunker Flame / detonation arrestors PFD from Literature and Industry (no dimension) 10-2 10-3 10-2 10-3 10-2 10-3 10-2 10-3 10-1 10-3 Level of Confidence in the barrier 2 2 2 2 1

Procedural barriers / human actions Derived from indicative PFD values

Important assumptions
A barrier performance is characterised by: its effectiveness, its response time, its class of confidence Definition of barrier independence Assuring a barrier contextual performance: Safety organisation should assure barriers are managed and maintained in time Link to the organisational model