BPCS vs. SIS - A HAZOP Crash Course

hey everybody today we will be taking a look at the basics of process control and safety systems and how they relate to a hazop specifically we will be looking at what a basic process control system is as well as what a safety instrumented system is and how they work together for process control let's join our operator bob at the facility giving a walk through to a new trainee this is the basic process control system or bpcs it is the main computing system for the site it receives information about the process including pressure temperature flow and

level from transmitters on the system and outputs signals to manipulate the position of controlled valves in the process to ensure the system continues to operate at the desired operating conditions so this computer is controlling everything in the facility pretty much let's take a look at this system as an example this two-phase feed of liquid and gas is supplied to v1 which separates the liquid and gas with the gas stream leaving out of the top of the vessel and liquids out of the bottom now let's look at the level control loop on v1 here the level

indicating transmitter lit1 is sensing the level of the vessel and then transmitting that signal to lc1 the level controlling function on the bpcs based on the signal received lc1 will send the signal to the level control valve lv1 to open or close as needed if the level increases and is higher than the desired set point of the controller then lc1 will send the signal which will cause lv1 to open more allowing more liquid to flow out of v1 if the level decreases and is lower than the desired setpoint of the controller then lc1 will send

a signal which will cause lv1 to close more to restrict liquid flow out of the vessel but what happens if the bpcs controls malfunction [Music] a safety instrumented system or sis is an independent computing system from the bpcs which monitors the system for potentially hazardous operating conditions if the sis senses a hazardous condition it will send a signal to a final element typically an actuated emergency shutdown valve or esdv to isolate or shut down the system this action is called a safety instrumented function or sif which may have an associated safety integrity level or sill

rating which quantifies how reliable the sif is the sis should be independent from the bpcs with separate transmitters final elements and an independent logic solver its job is to bring the process to a safe state in the event of a failure of the bpcs to do this effectively the sis cannot share any potential common cause failures with the bpcs that would jeopardize its ability to act an example of this would be using the same level bridle in a vessel for both the bpcs and sis transmitters if the bridle is plugged control of both systems would

fail the requirements for safety instrumented systems are further detailed in international standard iec 61511 this is the standard for safety instrumented systems for the process industry sector a majority of the process control operations are handled by the bpcs the sis acts as a second line of defense in the event of a failure on the bpcs or an upset condition that the bpcs cannot control on its own so most of the time the sis isn't doing anything not exactly the sis is constantly receiving signals from the process to ensure it is operating safely looking back at

the vessel the level transmitter lit 2 is sensing liquid level in the vessel and transmitting a signal to the level controller lc2 the level controlling function on the sis during normal operations the bpcs will be controlling the level and there is no need for the sis to act if the bpcs controls fail and level in the vessel begins to increase when the liquid level gets too high and reaches the set point of the level alarm high high or lah of lit 2 the controller lc2 will alarm and send the signal to close esdv1 this will

shut down the process by cutting v1 off from the upstream liquid source which will prevent the level in the vessel from increasing any further why are we so worried about the level that we need to shut down if it's a little higher than normal it is important to keep the level in v1 near the set point of lc1 if the level in the vessel gets too high there's a potential to carry liquids over to the compressor downstream on the gas system this could cause a catastrophic failure in the compressor the bpcs is the primary control

system for any modern process without it processes would rely on local controls and operators manually operating valves to manipulate and control the operating conditions a bpcs makes process control safer and more efficient however some processes are not inherently hazardous enough to justify having an sis or they were built before having an sis at a facility was common some processes can mitigate hazards by using other means including pressure safety valves locally controlled shutdowns or shutdowns wired through the bpcs the decision to have an sis at a new facility should be made early in the design process

as it can add significant cost the process hazard analysis typically a hazop and lopa would identify the specific sifts required for the process as well as what the associated sill rating required for each sif is let's jump in with our hazop team as they conduct a lopa to identify how they would determine the reliability of the sif required for the vessel v1 we have been looking at all right we have identified that the level control valve lv1 failing closed would cause liquid to carry over from the separator v1 to the compressor downstream this would result

in a potential catastrophic rod load failure of the compressor causing a significant loss of containment of vapor with the possibility of a vapor cloud explosion and potential fatality let's jump into the lopa based on center for chemical process safety guidelines the typical failure rate of a control valve is once in 10 years does this seem reasonable for this service i've dealt with similar separators at other sites i've seen a few level control valves stick closed in my time i think that sounds reasonable good how often do we expect personnel to be in the area this

will not be a highly trafficked area of the facility however i think that it's unlikely we could say that someone will be in the area less than 10 percent of the time just based on operator presence all right then we can't take credit for a conditional modifier there is a high level shutdown on the suction scrubber of the compressor wire to the compressor's logic silver if any liquids reach the scrubber it will trip the compressor before any damage can occur excellent we can say that safeguard is at least 90 percent reliable or that it has

a probability of failure on demand of less than 10 percent we also have the high high level shutdown lah 2 to close esd v1 we haven't completed the detailed design of that system yet however the facility sis will be capable of supporting sill 3 systems unless there's another layer of protection it will need to be at least 99 reliable or have a probability of failure on demand of less than 1 percent which means it will need to be a sill 2 rated system that will add some cost to the project luckily we identified it early

enough that it shouldn't be too much of a setback it is important to understand the process control systems involved in a design when taking credit for safeguards in a hazop these systems are used to maintain safe operating conditions by ensuring the process functions as designed making the process safer for operators working in the facility and preventing potential damage to equipment