The aim of this case study is to show the relevant risk management system procedure depending on the risk assessment results, and how to develop them beyond the purposes of this study. Table (4.1) below shows the symbols used in this case study.
This is a sub-system in gas plant process which involves a synthesis of non-ionic tensioactive from poly-addition of ethylene oxide (gas phase) with phenol (liquid phase). The reactor mixes both phase and the thermal exchange is done by an external recirculation system. The reaction is exothermic and fast: the cooling system must keep the temperature between 120 and 180 °C. Under these process conditions, it is possible an uncontrollable course of the reaction can occur due to a possible accumulation of the reagents with ensuring polymerisation of ethylene oxide. This reaction is highly exothermic (18Kcal / mol) and fast can be subjected to a runaway course as shown in the temperature pattern (Fig 4. 1).
Figure 4.1 Reaction temperature pattern
In order to avoid the runaway polymerisation, both the temperature and the reagents proportions have to be kept under control. In particular, the control loop ''1'' (TDC1, FT1 and FAH1 ) as seen on (figure 4.2) is controlling the flow rate of ethylene oxide with respect to the alcohol flow rate and this connected to an alarm have a non automatic interlock system on both feeds.
Figure 4.2 Simplified plant layouts with control and safety devices.
The pressure and temperature inside the reactor are continuously monitored by the operator and an alarm signal is produced for both low temperature (reagents accumulation) and high temperature and pressure (runaway reaction). In case of high pressure there is a relief valve (RV) operates automatically. Moreover a bursting disk (RD) is installed to prevent the reactor collapse in case of runaway polymerisation.
4.2 Hazard identification and risk assessment:-
In the present case study, A Recursive Operability Analysis (ROA) and decision trees (Fault Tree and Event Tree) were performed to identify the possible accident sequences in the system plant. ROA is systematic and complete; the recursive mechanism makes sure to identify the primary causes for each process deviation and improve its consequences until the main ones are identified. In addition, it allows direct extraction of decision trees, (FT, ET) for subsequent quantification. This feature will permit to check the congruity of the ROA itself, which would be otherwise impossible. ROA forms are shown in Table (4.2). , while Fig. (4.3a and b) shows the Fault Tree (FT) directly drown from ROA table. Table (4.3) shows the failure data with a mission time of one year, and the testing program was automatic protection devices done every six months.
Table 4.2. Recursive operability analysis of the plant in Fig 4.2.
To Event
F
C
D
B
A
E
J
I
H
G
Fig.4.3 a & b Fault tree for the ''Reactor Collapse''
Table 4.3 Failure rates
4.3 Data Collection and Analysis:-
Quantitative analysis of Fault Tree Fig (4.3 a) shows the following results for the Top Event (TE) ''Reactor collapse''
Number of minimal cutest, MCS:
18
Unavailability of TOP event, Qtop:
2.56e-008
Expected Number of Failures of TOP event, WTOP:
2.56e-008
Mission time (hours):
8.76e+003
Truncation error:
3.30e-012
Where 18 Minimal Cut Sets (MCS) of the 5th, 6th and 7th order concur to the total unavailability as listed in table 4.4.
Summary of minimal cut sets VS order
Order
Number of MCS
QTOT
% of QTOP
WTOT
% of WTOP
5
8
2.55E-08
99.90
2.55E-08
99.90
6
8
2.26E-11
0.09
2.26E-11
0.09
7
2
3.01E-12
0.01
3.01E-12
0.01
Table 4.5
Quantitative analysis illustrates the relative weight of each primary event identified in the ROA on the TE expected number of occurrences in table 4.6 and Fig.4.4
Event
Importance
Description
E 9
1.0000E+00
PAH 70 failure
E 1
1.0000E+00
Bursting disk NI
EU4
1.0000E+00
Operator NI on PAH 70
EU1
8.7282E-01
Operator NI on TAH 2
E7
8.7247E-01
FT-1 failure
E13
6.1477E-01
Lack of cooling water (pump failure)
E11
5.7339E-01
TT Failure
E2
1.2717E-01
TAH2 NI
E4
8.8669E-01
TWV malfunction
EU3
6.7511E-04
Operator NI on FAHI
E8
4.7349E-04
Flow rate valve stuck open
E10
3.9569E-04
TDCI malfunction
E6
3.2850E-04
FAH-1 failure
E5
1.7922E-04
Thermostatic fluid pump failure
EU2
1.1770E-04
Operator NI on TAL2
NI-Non Intervention
Table 4.6 importance of primary events
Fig.4.4 Important of primary events
4.4 Accident scenario:-
In any gas plant the main objective is to prevent those events that may cause an initiating event for an accident. Practically, this means to perform a good maintenance, inspection and periodic test on all element, devices, equipments or instruments which are identified as critical by the hazard analysis, and on their control and protection system. Below (Table 4.7) are the events identified as critical for the gas plant of this study, Named as the major importance in the information of the Top Event;
E9
PAH 70 failure
E1
Bursting disk N1
E7
FT-1 failure
E13
Lack of cooling water (pump failure)
E11
TT Failure
E2
TAH2 NI
Table 4.7 shows the critical Top Events
So, the most effort and more concentration should put on those elements for reducing the failure frequency of occurrence. In this case study, in particular, the operator was missing two times within the primary events of major importance when the alarm appears. The first, he was missing when the flow rate was high and the alarm FT1 failure appear event E7 in the Top Event, the second event, when the reactor temperature was high and alarm TAH2 failure appears event E2 in the Top Event and these events causes the reactor collapse.
4.5 Lessons Learnt:-
For the risk management system, there must be a specific procedure and collection and analysis to carryout the maintenance. These procedures must be implemented by operation department as well as safety department and must include the following subjects;
All critical safety devices must be identified, and periodic functionality test must be carried out and there must be clearly defined their maintenance intervals.
The aim of these group procedures is to assuring of development, updating and use of maintenance practices and standards in order to perform an effective maintenance according to the main accident prevention regulation.
Assuring the preparation and periodical updating of equipment inspection planning.
All the test intervals which are assessed in the previous steps and assumed in the Fault Tree solution have brought to a rate of occurrence for the Top Event '' Reactor collapse'' of occ/year. This rate becomes a reference value in this plant for risk management system that must at least maintain it in the time. The assumption of this case has an effect in the risk management system '' Management of change'' section.
Added to that, if there is any new plant design, Change to existing or equipment. Before these changes to plant or services are done, the safety conditions should be considered and maintained both for installations and operators.
It is quite clear that, due to uncertainties affecting the frequency assessment, it is not meaningful to use as absolute of 2.56 x 10¯8 occ/year as a reference value, it is more like an order of magnitude.
System improvement:-
It will be more useful to make quantified comparisons between two possible alternative designs. Such an example, by reducing the importance of the flow rate transmitter failure (E7) on the frequency of the Top Event (TE), also it is possible to make the control loop independent from the alarm one, by installing a dedicated transmitter, or have a redundancy of the same component. By having a quantitative analysis on those two alternatives, in the first alternative shows, it's more effective since it reduces the Top Event unavailability QTOP by 14%. While, the second alternative reduces the unavailability only by 11%.
When all the hazards have been identified and quantified in terms of frequency of occurrence, the accident scenario characterisation requires the consequence assessment.
The area identified as the main possible damages in case of any accident is called '' Critical management area'' in which the risk management system must concentrate its attention. Both mitigation measures and emergency planning are developed based on the results of consequences evaluation. The risk management system must assure that those elements and conditions which have been used as reference for emergency response (internal and external) are at least preserved in time.
Internal Emergency response aims to assure a ready and correct emergency management with respect to any possible major accidents identified in earlier phase.
External communication aims to keep informed Local Authorities about all the risks in the plant in order to develop the external emergency plan.
It must be considered that, a complex control system with automatic protection does not mean the installation immune from human errors. Even if this can be also dependent on the conventional unavailability chosen, Plant operators are always a key element in process operation, maintenance, inspections and emergency response.
Thus, The company and HSE department results affecting all the phases of the possible accidents scenario,
