(43b) IPL/CMS- Integrity Management of Non-SIS Independent Protection Layers after the LOPA | AIChE

(43b) IPL/CMS- Integrity Management of Non-SIS Independent Protection Layers after the LOPA

Process Safety Topic: IPL/CMS- Integrity Management of Non-SIS Independent Protection Layers after the LOPA

The use of the Layers of Protection Analysis (LOPA) in conjunction with the Process Hazard Analysis to evaluate existing risk versus a company’ risk tolerance targets is now common practice in the chemical and petroleum industry. LOPA is used to define the number and type of independent protection layers (IPLs) needed to manage the likelihood of an undesired consequence to an acceptable low frequency. 

IPLs must meet the following criteria to receive risk reduction credit as a safety function:

  • Specificity- this feature by itself can prevent the undesired consequence from occurring
  • Independence- it is independent from the cause or other IPLs so that common failures do not defeat the protection
  • Dependability- the IPL has a basis for its’ probability to prevent the undesired consequence
  • Auditability- the IPL can be routinely audited or tested at a frequency throughout its life necessary to maintain its’ dependability

These safety functions include preventative IPLs such as alarms, standard operating procedures, basic process control interlock functions, and safety instrumented functions (SIFs), as well as mitigative IPLs, often referred to as consequence mitigation systems (CMS); e.g.  Pressure relief devices, dikes, and fire protection systems.

ISA 84.00.01/IEC-61511 life cycle management of safety instrumented systems (SIS) is being implemented through industry.  However, all IPLs identified as necessary to meet a company’s risk targets, not just SIFs, must also be managed throughout the lifecycle of the process.  An integrated approach to life cycle management involves beginning with the end in mind for the process to document, validate and maintain the integrity of identified IPLs.  

The focus of this presentation is the IPL Validation for Non SIF IPLs which were identified as safety functions to manage high severity consequences to the company’s acceptable risk tolerance through the following steps:

IPL Documentation during Initial PHA/LOPA study

  • Developing protocol for documentation to capture key information in a format that can be efficiently referenced and updated through the IPL life cycle
  • Reference the basis for IPL values, either published literature or team development
  • Provide philosophy of priority for selecting IPLs, i.e.  Prevention versus Mitigation, Engineered response verse Operator response etc. 

IPL Validation

  • Perform consequence severity verification as needed
  • Confirm independence between cause and IPLs and between different IPLs
  • Confirm and document an IPL is capable of preventing the undesired  consequence
  • Confirm IPL dependability is supported by good design and testing program
  • Adhere to MOC  to update LOPA when the consequence severity is changed or IPLs are are added/removed

IPL Integrity Management (Auditing) through the process lifecycle

  • Implement periodic auditing/testing of IPLs to assure their performance supports the PFD assigned.

MOC

Provide flags and controls in the management systems to require the MOC health and safety review to update the LOPA and IPL when affected by the change

Checkout

This paper has an Extended Abstract file available; you must purchase the conference proceedings to access it.

Checkout

Do you already own this?

Pricing

Individuals

AIChE Pro Members $150.00
AIChE Graduate Student Members Free
AIChE Undergraduate Student Members Free
AIChE Explorer Members $225.00
Non-Members $225.00