The complete lifecycle of safety instrumented functions (SIFs) in the processing industry should be well managed to achieve the right level of risk reduction. The lifecycle phases, as prescribed by the International Electrotechnical Commission’s IEC 61511 standard, can be broadly divided in to analysis, realization, and operation. Normally, the focus is on the analysis phase, where safety integrity levels (SILs) are determined, probability of failure on demand (PFD) is calculated to arrive at the optimal design, and safety requirement specification is developed for detailed design. The rest of the phases in the lifecycle, however, are not addressed with the same vigor.
An incident at Petroleum Development Oman (PDO) resulted in an investigation that revealed that, even though required risk-reduction levels were achieved in design, the rest of the safety instrumentation life cycle phases were not rigorously adhered to. In this paper, the authors present various actions taken by PDO to make sure that what is designed is operated and maintained as intended, in the process fulfilling the SIF lifecycle requirements.
The Incident
The Fahud North Oman Crude Stabilization (NOCS) plant is part of Petroleum Development Oman’s north oil directorate assets. The station had tripped following a power dip on 9 February 2018. However, a failure of the emergency shutdown valves allowed crude to continue to flow to the station manifold, resulting in increased pressure in the inlet manifold. This resulted in lifting of the relief valve and filling of the flare knockout drum (KOD). The KOD filling resulted in carryover of liquid hydrocarbon to the flare system, which led to liquid being released from the flare stack in the form of fire balls. The situation was brought under control after operators manually isolated the incoming streams. The incident was classified as an asset integrity/process safety Tier 1 incident. No injury to people or asset damage was recorded; however, the incident did result in minor environment and reputation impact.
Recommendations
The investigation team advised some intermediate actions be taken to reinstate the NOCS facility as well as wider cooperative actions to enhance the functional safety in all other facilities. For instance, immediate actions were taken to confirm the integrity of the emergency shutdown systems including sensors, alarm rates to operator, and valve overhauling. Hazardous-operations (HAZOP) and SIF studies also were conducted to confirm the adequacy of the station design to the current operating conditions.
For other assets, a list of actions specific to the safety systems also were initiated following this investigation. This includes rewriting the whole maintenance procedure for conducting the testing of SIF functions, defining the requirement for overhaul testing, and conducting a partial stroke test and a valve seat leakage test.
The actions requested all assets to verify that their SIF functions are designed to meet the current safety standards and, if otherwise, conduct HAZOP/SIF studies to adhere to these standards.
Post Incident
After the incident, PDO undertook various measures to confirm compliance of its assets to the international safety standards. The four main key areas are standards, people, technology, and assurance activities.
The first element focuses on the update of standards and procedures in engineering and operations. PDO designs projects according to the IEC 61511 standard and has developed a guideline to describe the assessment and implementation process for SIF classification. This guideline was upgraded, and all “should” statements presenting recommendations were converted to “shall” statements indicating requirement. The maintenance activities for testing the SIF and recording the findings follow locally developed procedures. These underwent a substantial change after the incident.
People are the second element that PDO has always striven to improve. Competency levels of people working on design and commissioning, as well as operation, were enhanced by implementing special training programs related to SIF classification and maintenance.
The third element is technology, which aims to increase visibility of the current installed assets in the case of SIF tool upgrade, improving the reliability of the emergency shutdown valve through partial-stroke testing, and assuring healthiness of full SIF by implementing a SIF analyzer and emergency shutdown timers project.
The last focus area is enhancing assurance activities conducted through cooperative certification and accreditation to verify project and operation team adherence to engineering and operational performance standards. This includes audits of design work performed during the engineering phase, verification of installations before the introduction of hydrocarbon, and lifecycle management audits of various installations.