ENG 264
HD/BAS Semester 2
Spring 2012
Project on Emergency Shutdown
System
Instructor's name: Hedley
Submitted by: Adel AlObaidli
ID#: H00154942
Due date: 6th Jun 2012
1.
Introduction to Emergency Shutdown System
Failure may result in expensive procedural and
downtime consequences. Thus, the reliability of safety and availability are
required to be tested frequently without interrupting the operation to
guarantee the system performance. For
that reason, the ESD or SIS has been introduced. Emergency Shutdown system, or
ESD, or Safety Instrumented System, or SIS, is a collection of safety
instrumented functions that can be defined as a safety function associated with
safety integrity level to achieve functional safety that is implemented by
either a safety instrumented protection function or a safety instrumented
control function, designed to process and handle a safe sequence of events
under any dangerous or unsafe detected conditions. In other words, ESD or SIS
is designed to respond to hazardous conditions in the plant or if no action has
been taken by generating correct outputs to prevent the hazards or reduce the
risky consequences. The ESD serves an additional layer of protection against
equipment damage, harmful environmental impact and human injury by operating a
regulatory control system. Regardless of the fact that DCS can handle emergent
situations an ESD system is highly required in the field for its fast response
to unsafe and hazardous situation in the plant compared to DCS. Due to the
critical nature of the ESD system, the manufacturing facility of ESD system is
equipped by sensors, logic solvers and control elements. The actuated shutdown
valve is expected to be static under normal processing conditions for a long period
of time and reliably operates only when an emergency situation arises which
affects the valve on the long run. In other words the operator needs to test
the ability of the valve to shutdown the plant through partial stroke test, ESD mainly scans and compares the input coming from the
plant to ensure that the plant operates is a safe condition. Otherwise, it
shuts down the plant through safe
sequence of actions. In detail, ESD scan can be divided into two categories
which are primary and secondary scans. Primary scan includes two main tasks
that are required to be completed within a specified period of time, full
cycle,. The primary tasks are application and housekeeping, in which
application updates the system with status of inputs coming from the field and
processes the input by comparing it with a cause and effect chart to decide
upon the given output. Housekeeping is related to regular checks of the
healthiness of the equipment in the field, CPUs, I/O cards and network. While
the secondary task is the communication in which ESD should communicate with
HIS or PLCs. Under some conditions the communication will be delayed because
the CPU is busy with processing other tasks, when the operator asked for updates.
This problem can be overcome by leaving empty slots for each node.
Communication between different ESDs and HIS (Human Interface Station) should
be time synchronized in order to update the operator with recent changes in the
plant. Time synchronization of different ESDs can be maintained by standard
Vnet or GPS.
2.
Some terms associated with ESD system
The following paragraphs show some definitions related
to ESD system:
1.
Intrinsic safe refers to protection technique for safe operation of
equipment in explosive atmospheres and under irregular operating conditions or
develops safe operation of process control instrumentation in hazardous areas.
2.
Hazard Operation study (HAZOP), is a structured and systematic
examination of a planned process or operation to identify and evaluate problems
that may cause risks to personnel or equipment.
3.
Near Miss refers to an unplanned event that did not result in injury,
illness, or damage but it may result in doing so.
4.
International standard IEC 61511 was published in 2003 to provide guidance to end-users
on the application of Safety Instrumented Systems in the process industries[1].
This standard is based on IEC 61508, a generic standard for design, construction, and
operation of electrical/electronic/programmable electronic systems. Other
industry sectors may also have standards that are based on IEC 61508, such as IEC 62061
(machinery systems), IEC 62425 (for
railway signaling systems), IEC 61513 (for nuclear systems), and ISO 26262 (for road vehicles, currently a draft international
standard).
3.
ESD hardware
The ESD hardware consists of cabinets that are
internally connected as well as externally. as the following:
·
Power Distribution Cabinet
This cabinet is responsible for receiving the
uninterrupted power supply from the unit and distributing it among all the
other cabinets and equipments in accordance to their power requirement.
·
System Cabinet
This cabinet consists of I/O cards, two CPUs and ESD
IO modules that connect each node to the other via ESB bus. Also, the cabinet
supports the communication, data exchange, between the equipments and ESD
system.
·
Marshalling Cabinet
The cabinet gathers all the wires coming from the
instrument room and connects them to system cabinet by means of a Pre
fabricated cable.
·
Networking Cabinet
The cabinet is responsible for the communication
between the HIS and ESD system. The communication is done through Vnet IP
network. The stations are connected in the network through Layer 2 switches.
4.
ESD software
Pro-safe RS is the latest Yokogawa program for
representing the ESD in the plant in which the I/O cards are inserted and
programmed. In addition, the program has a huge library
Conclusion
The following paragraph summarizes briefly the
mechanism of the communication between HIS ,ESD and DCS systems in the plant. In the plant, HIS has to communicate with ESD, alarm
server and FCS (Field Station Control). To organize the operation, token passing
software is used. The software chooses one HIS as master that will control the
token. The token is sent to FCS, ESD and alarm server in ordered sequence, to
give permission to send or receive data for a certain station and blocks the
others. The advantage of the token passing is to avoid the confusion of data.
Emergency condition cannot bypass the token because the token passes rapidly in
the station. For alarm server, there is alarm management system software that
responds to alarms in the plant.
5.
References
