Page 183 - Offshore Electrical Engineering Manual
P. 183
170 CHAPTER 15 Process Control and Monitoring Systems
as low as is reasonably practicable. This philosophy should be followed from the ini-
tial design through manufacture, installation, commissioning, operation, maintenance,
decommissioning and removal of the installation, continually reviewing risk, hazard
and escape management to comply with the latest revisions of both PFEER and SCR.
All equipment used in the process control system should be suitable for the area it
is in, so as to minimise the possibility of a loss of process containment or an ignition
hazard. Detectors should be fitted throughout the plant to detect flammable and toxic
gas escapes and flammable liquid spillages. These detectors should be placed and set
to detect the presence of the hazardous substance in a timely fashion in order to allow
automatic action to mitigate the hazard to be taken before escalation. Detection sys-
tems should be reliable with high availability. The equipment monitoring the detec-
tors and initiating the automatic responses should be designed in accordance with the
appropriate safety standards to perform the required actions with alacrity.
EMERGENCY SHUTDOWN SYSTEM
The emergency shutdown system is responsible for initiating the automatic actions
needed following an emergency; these include taking action to mitigate the effects of
the emergency and ensuring as far as possible that the equipment installed to carry
out this duty remains operational for the duration of the emergency. This should
include alarm equipment, communications equipment, temporary refuge and passage
ways to the means of personnel evacuation. These provisions are included in both the
SCR and PFEER and in common with the overall safety philosophy; their provision
should be regularly reviewed and assessed for compliance.
All these regulations and standards are constructed to encourage engagement in
the safety regime by all involved with the design, construction, operation and main-
tenance of the installation. From the outset, representatives from all these life phases
should be intimately involved in all hazard and operability studies, risk assessments
and therefore the risk reduction performance required of the safety system, referred
to as the safety integrity level in IEC 61508 and associated standards, as they are the
ones most at risk. This approach to safety consisting of a group of people gathered
together to come to a common reasoned conclusion on the risks involved in the oper-
ation of an offshore oil and gas production facility and deciding on the level of risk
reduction to be provided by the safety system is not perfect. It relies on the expertise
and experience of those involved in the process being capable of identifying every
possible risk and their competence and confidence in their ability to put forward the
case for each in order to arrive at a reasoned consensus. But because it makes those
involved think about the possibilities and consequences of their decisions, it is infi-
nitely better than having a predefined safety device for a given plant item.
There have also been questions asked about the definitions and understanding
of what is meant by safety integrity level. ‘The concept of safety integrity levels
(SILs) is now prevalent in the field of safety-critical systems, and a number of stan-
dards advocate its use in the design and development of such systems. However, not
