ArticlePDF Available

Design Optimization of ESD (Emergency ShutDown) System for Offshore Process Based on Reliability Analysis

Authors:
Jeong-hoon Bae
Jeong-hoon Bae
Jeong-hoon Bae
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Sungchul Shin at Pusan National University
Sungchul Shin
Byeong-cheol Park
Byeong-cheol Park
Byeong-cheol Park
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Soo-young Kim
Soo-young Kim
Soo-young Kim
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Download full-text PDF
Read full-text
Download citation

Abstract and Figures

Hydrocarbon leaks have a major accident potential and it could give significant damages to human, property and environment.To prevent these risks from the leak in design aspects, installation of ESD system is representative. Because the ESD system should be operated properly at any time, It needs high reliability and much cost. To make ESD system with high reliability and reasonable cost, it is a need to find specific design method.In this study, we proposed the multi-objective design optimization method and performed the optimization of the ESD system for 1st separation system to satisfy high reliability and cost-effective.‘NSGA-II (Non-dominated Sorting Genetic Algorithm-II)’ was applied and two objective functions of ‘Reliability’ and ‘Cost’ of system were defined. Six design variables were set to related variables for system configuration. To verify the result of the optimization, the results of existing design and optimum design were compared in aspects of reliability and cost. With the optimization method proposed from this study, it was possible to derive the reliable and economical design of the ESD system.
Figures - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Available via license: CC BY 4.0
Content may be subject to copyright.
Design Optimization of ESD (Emergency ShutDown) System
for Offshore Process Based on Reliability Analysis
Jeong-hoon Bae
1
, Sung-chul Shin
1,a
,Byeong-cheol Park
1
and Soo-young Kim
1
1
Department of Naval Architecture and Ocean Engineering, Pusan National University, Busan, South Korea
Abstract. Hydrocarbon leaks have a major accident potential and it could give significant
damages to human, property and environment.To prevent these risks from the leak in design
aspects, installation of ESD system is representative. Because the ESD system should be
operated properly at any time, It needs high reliability and much cost. To make ESD system
with high reliability and reasonable cost, it is a need to find specific design method.In this
study, we proposed the multi-objective design optimization method and performed the
optimization of the ESD system for 1st separation system to satisfy high reliability and cost-
effective.NSGA-II (Non-dominated Sorting Genetic Algorithm-II) was applied and two
objective functions of Reliability and Cost of system were defined. Six design variables
were set to related variables for system configuration. To verify the result of the optimization,
the results of existing design and optimum design were compared in aspects of reliability and
cost. With the optimization method proposed from this study, it was possible to derive the
reliable and economical design of the ESD system.
1 Introduction
1.1 Motivation
As more offshore plants are installed around the world, more accidents related to the offshore plant
areoccurring. Since 1995, the number of accidents related to the offshore plants for oil production has
reached several hundred a year and a lot of people have been also injured or lost their lives[1].
Especially, most of offshore plants which are designed to drilling, production, retrieve, refine the oil
are closely related to the flammable hydrocarbon gas in high temperature and high pressure.
Since the accident in Piper Alpha[2], the offshore plant industries recognized importance of safety
from accident of hydrocarbon and fire/explosion in offshore plant. So, to reduce the many accidents
and risks, various attempts have been made such as rule revision and creation of safety division. UK
put the onus on the operator to identify the major hazards and to reduce risks with The Offshore
Safety Case regulations[3]. The HSE (Health and Safety Executive) also created the Offshore Safety
Division and discussed the revision or verification of rules for safety. The NPD (Norwegian
Petroleum Directorate) founded Regulations relating to management in the petroleum activities in
2001 for safety [4].
a
Corresponding author : scshin@pusan.ac.kr
DOI: 10.1051/
C
Owned by the authors, published by EDP Sciences
/
(
201
)
conf
Web of Conferences
MATEC
atecm
,
6
6, 201
5
2
201
6
5
2
00
2
0
00
2
0
3
3
 
 
4
MATEC Web of Conferences
There are a lot of approaches to satisfy safety in offshore plant. One is to reduce the Probability
of accident from human and organizational factors, system failure, natural disaster, etc. The other is to
reduce Consequence severity of such an event when it occurs with visual alarms, fire suppression
system or a process shutdown [5]. From these aspects, the ESD system is very important to reduce
Consequence of accident as shutdown release of hazardous material. If the ESD system doesn't work
and fail to shutdown when there is release of hydrocarbon in offshore plant, this failure could cause of
fire/explosion disaster. So the ESD system is required to design with high reliability to avoid failure in
dangerous situation.
From reliability aspects, there are two international safety authorities governing SIL (Safety
Integrity Level), IEC (International Electrotechnical Commission) 61508 and IEC 61511. 61508
governs the functional safety of electrical, electronic and programmable electronic safety systems e.g.
Production Inflow Control Devices (ICDs). It is applied across all industries and IEC 61511 governs
the functional safety of safety instrumented systems and itis applied in the process industries. In 2000
year in Norway, OLF (The Norwegian oil industry association) tried to issue a guideline on the
application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry [6]. OLF also has
defined the procedure and requirements of the ESD for offshore plant in their "Technical Safety" of
NORSOK STANDARD S-001’ [7]. DNVestablish OFFSHORE STANDARD DNV-OS-E201: Oil
and Gas Processing Systems and to provide an internationally acceptable standard of safety for
hydrocarbon production plants and LNG processing plant by defining minimum requirements for the
design, materials, construction and commissioning of plant[8].
1.2 A literature review
For high reliability of the offshore system, reliability analysis is necessary in the early stage of design.
There are a lot of domestic and overseas studies related to the reliability analysis. As for the overseas
studies, there was a research that suggested the simplified technique of reliability analysis and applied
it to the offshore plant mooring system for the optimal [9]. There was also a study on the fatigue
reliability analysis in the structure based on the analysis of various scenarios related to the structural
fatigue for the extension of lifetime of the offshore plant [10]. But they are focused on structural or
fatigue reliability of system. It is differ from functional safety of electrical, electronic, programmable
electronic safety-related systems or safety instrumented systems for the process industry sector such
as the ESD system.
As the overseas study directly related to the reliability analysis of the ESD system, FTA (Fault
Tree Analysis) was used to define the failure rate of system component as the lower level and enhance
the reliability of the system based on the HAZOP (HAZard and OPerability)[11]. SINTEF
(Norwegian: Stiftelsen for industriell og teknisk forskning)
studied reliability of subsea BOP systems
for deepwater application[12]. Detailed failure statistics for the various BOP systems were analyzed
and presented in the US GOM OCS (Outer Continental Shelf).Ram K. et al studied impact of
reliability or the number of emergency shutdown devices on flare relief system and analyzed related
factors for sizing of individual relief valves protecting equipment or process or system [13].This paper
highlighted several concerns such as standards, reliability, safety and offers practical advice to those
facing relief system design decisions.A.C. Torres-Echeverrıa et al studied about multi-objective
optimization for safety instrumented systems of chemical reactor system with three objective
functions reliability, STR (Spurious Trip Rate) and cost[14].Theyappliedthe reliability
modelstooptimizationofdesignandtestingof safety instrumented systems. The models for optimization
have been integrated, together with a Life cycle Cost model, as objective functions in to a multi-
objective genetic algorithm.FaresInnal et al also studied safety and operational integrity evaluation
and design optimization of safety instrumented monitoring systems with two objective functions
reliability and STR [15].
In domestic studies, there was a study about design of the flight control system. Reliability of the
system was analyzed and the method of improving reliability through simulation was proposed
[16].There was also another research in the field of fire prevention. The design of the system can be
02003-p.2
ICDES 2016
verified whether it is proper to the SIL through the reliability analysis of fire/explosion safety device
of Ethyl Benzene process [17]. In offshore industry, Bae J. H. et al performed reliability analysis of
the ESD for supporting design of LNG bunkering [18].
This study was focused on not only method of design optimization for offshore process but also
practical design by selecting ESD products on the market.Totally 22 types of ESD components were
investigated from valve companies and online. In order to design closer to practical system, Existing
system Heidrun (TLP), has been operating in Norwegian Sea since 1995, was selected to optimize
design of ESD system and to compare its results.The multi-objective design optimization was
performed with two objective functions of Reliability and Cost. Reliabilityis based on PFD
(Probability of Failure rate on Demand)values from reliability analysis and Costis composed of
purchase cost, proof test cost, loss of production and etc. Design variables were set to six practical
variables for configuration of system.To verify improvement of the design, the results of Heidrun
design and optimum design was compared in aspects of reliability and cost.
2 The Emergency ShutDown system
In this thesis, the ESD system of 1st separation system in TLP at Heidrun oil field was selected for
target system because it could be applicable more practically for optimization.The 1
st
separation and
related line has high pressure and temperature conditions with hydrocarbon material. It could
havehigh risks of fire/explosion accident. So, these separation systems are required to controlled and
monitored in all process functions on the topsides as well as Fire & Gas and the ESD for the entire
FPSO. The P&ID (Piping & Instrument Diagram)of the ESD system is as shown in Figure 1[19].
Figure 1.1
st
separation system with the ESD system [19].
Rectangular with dot line in Figure 1 presents the component of ESD system such as PSV
(Pressure Safety Valve), ESD valve, PSD (Pressure ShutDown) valve, FO (Flow Orifice), PSI A
(Pressure Safety Indicator/Alarm) and PSE (Pressure safety sensor). Equipment is expressed in P&ID
with symbol and identification letters defined from American National Standard ‘Instrumentation
Symbols and Identification’ [20]. Control panel (CLU: Control Logic Unit) is connected all of the
ESD components.
S-FO
S-PSV
S-Compressor
S-HP
S-Sand
S-Drain
S-Crude
S-Jet
S-LP
02003-p.3
MATEC Web of Conferences
3 Reliability Analysis
Reliabilityis defined by IEC 50 (191) as‘the ability of an entity to perform a required function under gi
ven conditions for a given time interval’and it is usually expressed in failure rate, MTTF (Mean Time
To Failure), SIL (Safety Integrated Level) and etc. [21].
To perform reliability analysis for the ESD system, shutdown procedure is as follows;
1. If overpressure is detected by the sensors during separating operation, the main pump
related to the 1
st
separator is stopped immediately.
2. The PSD/ESD control logic send shutdown signal to final elements.
3. Final elements shutdown system to prevent further accidents from occurring.
3.1 PFD and Failure scenarios
Nine failure scenarios of overpressure were defined for reliability analysis (PFD calculation) as
referred to ‘Component structure’[22] and The Norwegian Oil Industry Association[6].The PFD of the
E/E/PE safety-related system is determined by calculating and combining the average probability of
failure on demand for all the subsystems which provide protection against a hazardous event [22].
The failure scenario ‘Flare FO’ is related to the failure of two flow orifices, two pressure safety
indicators installed in the line to flare header and CLU for control. If there is the overpressure in line,
CLU should order to open the flow orifice. Once one of two flow orifices operates normally in failure
situation, this scenario is success as shown in Figure 2. In similar way to define scenarios such as
‘Flare FO’, theother eight scenarios were defined as shown Figure 3to Figure 10.
Figure 2.
Scenario - Flare FO.
G
Figure
3.
Scenario - Flare PSV.
Figure
4.
Scenario
Compressor
Figure 5. Scenario HP (High Pressure) flare header
Figure 6.Scenario - Sand cleaning
Figure 7.Scenario - Drain header
Figure 8.Scenario - Crude heater Figure 9.Scenario - Jet water pump
Figure 10.Scenario LP (Low Pressure) compressor
02003-p.4
ICDES 2016
3.2 Calculations of PFD and SIL
For, reliability analysis, failure data and MTTR (Mean Time To Repair)were referred from ‘OREDA
(Offshore and Onshore Reliability Data) 2009’[23]. From nine failure scenarios with failure data of
components, PFD and SIL were calculated as shown in Table 1.
Table 1.The results of reliability analysis (PFD and SIL).
Scenario
Component
Type
Failure rate
(per10E+6hours)
MTTR
(hours)
SIL
RequiredSIL
S-FO
Sensor
PSI
4.20E-07
4
SIL 2
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
FO
4.23E-06
8
S-Flare PSV
Final element
PSV
8.47E-06
8
SIL 3
SIL 2
S-
Compressor
Sensor
PSI
4.20E-07
4
SIL 1
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
PSD
1.90E-05
17
Sensor
PSE
4.10E-07
4
Logic unit
CLU
2.85E-05
6
Final element
PSD
1.90E-05
17
S
-
HP flare header
Sensor
PSE
4.10E-07
4
SIL 2
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
ESD
2.58E-05
16
S
-
Sand cleaning
Sensor
PSE
4.10E-07
4
SIL 2
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
ESD
2.58E-05
16
S-Drain
Sensor
PSE
4.10E-07
4
SIL 2
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
PSD
1.90E-05
17
S-Crude
heater
Sensor
PSE
4.10E-07
4
SIL 2
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
ESD
2.58E-05
16
S
-
Jet water pump
Sensor
PSI
4.20E-07
4
SIL 2
SIL 2
Logic unit
CLU
2.85E-05
6
Final element
PSD
1.90E-05
17
S-LP compressor
Final element
PSV
8.47E-06
8
SIL 3
SIL 2
From, the results of reliability analysis, scenario ‘S-Compressor’ has lowest SIL 1 and scenarios
‘S-PSV’, ‘S-LP’ have high SIL 3. Except these 3 scenarios, allscenarios have SIL 2. Even if ‘S-FO’
has already SIL 2, it has more chance to reduce cost with higher PFD value in SIL 2 range.If the ESD
system for 1
st
separation system in offshore plant is required to minimum SIL 2 as referred from The
Norwegian Oil Industry Association[6], þS-Compressor’ is needed to improve design to meet SIL 2
from SIL 1, while S-PSV’ and ‘S-LP’ are needed to simplify design to make SIL 2 from SIL 3 for
reducing cost.
4 The design optimization of the ESD system
4.1 Definition of Optimization problem
The purpose of this design optimization is to find design variables that make minimum value of
objective function. It means optimized design has high reliability with reasonable cost for the ESD
system. NSGA-II is selected for optimization algorithm.
02003-p.5
MATEC Web of Conferences
4.1.1Objective function
ėObjective function ‘Reliability’
Objective function of ‘Reliability’ (
1
) is estimated from each scenarios’ as equation (1).

1
= (1)
ėObjective function ‘Cost’
Objective function of ‘Cost’(
2
) is calculated from ‘Product cost’, ‘Replace cost’, ‘Proof test cost’
and ‘Loss of production’ of the ESD systems on the following equation (2).

2
=

+

+
 
+

(2)
ė

is product price of sensors, logic unit and final element for installation at first
time.
ė

is cost of replacement during lifetime thatdepends on MTTF.
ė
 
is calculated based on times of proof test during lifetime, test cost of labor[24]
for one equipment and number of equipment.
ė

is loss of production from downtime duringproof test[25]. It estimated with
WTI crude oil price $57 (April 17, 2015), production ‘65,000bbl/day’ at ‘Heidrun’
oilfield[26] and test time ‘1 hour’[27].
4.1.2 Design variables
From a reliability point of view, system is generally consist three parts; sensor, logic unit and final
element. As shown in Table 2, six design variables were set to the number of redundancy at each part,
type of sensor and final element, proof test interval.Database for design space was created including
information of products as MTTF and price. Eight types of sensors and fourteen types of final
elements were investigated from brochure of product[28] andonline market[29]. Failure data is
referred to ‘OREDA 2009’ data for sensors, logic unit and final elements.
Table 2. Design variables and space.
Design variable
Unit
Range
The number of redundancy - sensor
Number
0, 1, 2
The number of redundancy - logic unit
Number
0, 1, 2
The number of redundancy - final element
Number
0, 1, 2
Type of sensor
Type
1~8 (8 types of products)
Type of final
element
For blowdown
Type
1~2 (2types of products)
For shutdown
Type
1~12 (12 types of products)
Proof test interval
Year
1~3
4.1.3 Constraints
The topside process in offshore plant is not extremely dangerous such as nuclear plant or has not very
severecondition such as deepwater subsea well operation. Therefore generally SIL 2 is proper for
offshore topside process. The Norwegian Oil Industry Association[6] also suggested minimum SIL 2
for the ESD system related to separation system. Constraints were set to SIL 2 and it has range of
10
−3
PFD < 10
−2
by PFD value.
4.2 The results of the optimization
4.2.1 S-FO - Blowdown operation
02003-p.6
ICDES 2016
Population of NSGA-II was set to 40, generation was 1,000 andcalculation time was 9.4s for
optimization. Figure 11 is Pareto-frontier results from the optimization of scenario ‘S-FO’. In this
study, we focused on optimum design which has minimum cost in SIL 2. This means among the
alternatives which satisfied SIL 2(
10
−3
PFD < 10
−2
), lowest cost alternative ‘FO’could be chosen as
shown in Figure 11.For ‘S-FO’ - Blowdown operation in ‘To flare header’ line, It should have
equipment for blowdown system such as flow orifice. So, type of the final element in ‘S-FO’ was
fixed to flow orifice and optimization was performed with the other design variables type of sensor,
the numbers of redundancies and proof test interval.
G
Figure 11.Pareto-frontier of scenario ‘S-FO’ and optimum alternative
Details of alternative ‘FO’ (0.006348, 1.38e+6) are as shown in Table 3.
Table 3.Optimum alternative of ‘S-FO’
Design variable
Value
Details
Sensor
0
No redundancy
Logic unit
1
1 redundancy
Final element
0
No redundancy
Type of sensor
2
Pressure indicator ‘P Series’
Type of final element (blowdown)
2
Flow orifice
Proof test interval
3.000
3 years
4.2.2Summary of the results include other eight scenarios
The total results and comparisons of optimization results to Heidrun system are as shown in Table 4.
Table 4.The total results and Comparison of optimization results.
Heidrun
Optimum
Scenario
PFD
SIL
Cost($)
PFD
SIL
Cost ($)
S-FO
0.0012
SIL 2
4,220,513
0.0063480
SIL 2
1,379,840
S-Flare PSV
0.0001
SIL 3
4,035,682
0.0048284
SIL 2
1,384,680
S-Compressor
0.0173
SIL 1
4,220,463
0.0098441
SIL 2
1,452,460
S-HP flare header
0.0099
SIL 2
4,047,008
0.0065769
SIL 2
1,383,100
S-Sand cleaning
0.0099
SIL 2
4,047,008
0.0065769
SIL 2
1,383,100
S-Drain
0.0087
SIL 2
4,047,008
0.0065769
SIL 2
1,383,100
S-Crude heater
0.0099
SIL 2
4,047,008
0.0065769
SIL 2
1,383,100
S-Jet water pump
0.0087
SIL 2
4,047,008
0.0065769
SIL 2
1,383,100
S-LP compressor
0.0001
SIL 3
3,975,550
0.0044857
SIL 2
1,353,610
Total cost
36,687,248
12,486,090
02003-p.7
MATEC Web of Conferences
Every scenario is optimized to meet the minimum SIL 2 and total cost of final design also
decreased $24,191,186 from origin design.
4.3Discussion
As shown in Figure 12, all PFD values of scenarios are in the range of SIL 2 and this means they
satisfied the required reliability through the optimization.Although SIL of the scenario ‘S-FO’ is the
same as SIL 2 before the optimization, PFD is increased up to about 0.005 for reducing cost by design
modification. In case of the scenario ‘S-FO’, redundancy was removed and another element among
the database that has lower PFD was selected to reduce the cost of system in SIL 2.PFD of‘S-PSV’
and ‘S-LP’ scenarios were also increased and their SIL was degraded to SIL 2 from SIL 3 to reduce
the cost. To design system with higher reliabilityneeds more cost because they need generally high
quality products and complex system.But from the results PFD and cost as shown Figure 12, it was
possible to improve reliability andreduce cost simultaneously.
PFD values of eight scenarios except ‘S-Compressor’ could not reached close to boundary of SIL
2 and SIL 1 as shown in Figure 12. It means they could have still more possibilities of improvement
with reduction of cost. Despite convergence of optimization in this study, to reach near the ideal
optimum point ‘boundary of SIL 2 and SIL 3’ was difficultbecause there were discrete design
variables such as type of element and the number of redundancy. One of the methods of improve the
result of optimization is to adding various elements for increasing database in order to make design
space almost continuous.
G
G
Figure12.PFD and cost comparison of the results.
As comparison of design variables of Heidrun and optimum as shown in Table 5, all of test
intervalsare increased and all structures of S-L-F (Sensor-Logic unit-Final element) are changed.
Number in S-L-F column of Table 5 means the number of element in each scenario. The number of
sensor and final element are modified to the same as one except ‘S-PSV’ and ‘S-LP’. It seems they
tried to decrease the number of redundancy for reducing cost of each scenario.From the results of
‘Type (sensor)’ in Table 5,‘1: Pressure safety indicator’ and ‘2: Pressure safety Sensor’are considered
suitable for the ESD system in this study.
Table 5.Comparison of design variables of Heidrun and optimum.
Operation
mode
Scenario
Heidrun
Optimum
S-L-
F
(structure)
Type
(sensor)
Type
(final
element)
Proof test
interval
S-L
-F
(structure)
Type
(sensor)
Type
(final
element)
Proof
t
est
interval
Blowdown
S-FO
2
2
2
1
2
1.000
1
2
1
2
2
3.000
S-PSV
0
0
2
-
1
1.000
0
0
1
-
1
3.000
Shutdown
S-Comp.
1
1
1
1
3
1.000
1
2
1
2
3
2.999
5+.
5+.
02003-p.8
ICDES 2016
1
1
1
1
2
1
S-HP
1
1
1
2
8
1.000
1
2
1
1
2
3.000
S-Sand
1
1
1
2
12
1.000
1
2
1
2
2
3.000
S-Drain
1
1
1
2
8
1.000
1
2
1
2
2
3.000
S-Crude
1
1
1
2
8
1.000
1
2
1
2
2
3.000
S-Jet
1
1
1
2
12
1.000
1
2
1
2
2
3.000
Blowdown
S-LP
0
0
2
-
1
1.000
0
0
1
-
1
3.000
From Table 5, the number of logic unitforsix scenarios ‘S-Comp.’, S-HP’, ‘S-Sand’, ‘S-Drain’, ‘S-
Crude’, ‘S-Jet’ are increased to two from one. We can estimate that this reason from graph of PFD
comparison as shown in Figure 12. All of six scenarios’ PFD values are decreased and this means
redundancy of logic unit was be used for reduction of PFD.
5 Conclusions
In this study, following were carried out in order to attain final goals.
ėReliability analysis of the existing ESD system foroffshore process was performed with
defined scenarios and failure data.
ėThe multi-objective design optimization was performed with defined two objective
functions of Reliability and Cost. Six design variables and SIL 2 constraints were
defined. Optimum design was selected from Pareto-frontier and it satisfied both reliability
SIL 2 and cost reduction.
ėIn order to designcloser to practical system, existing system was selected to optimize
design of ESD system. Database for design space was also created including information
of product on the market.
With these results, more practical method of design optimization was proposed for the ESD
system of offshore process and it could be applied to other similar process.One of the methods of
improve the result of optimization is to adding various ESD elements for increasing database and
makes design space almost to be a continuous.
Acknowledgements
This work was supported by the National Research Foundation of Korea (NRF) grant funded by the
Korean government (MEST) through GCRC-SOP (No. 2011-0030671).
References
1. HSE, OFFSHORE INJURY, ILL HEALTH AND INCIDENT STATISTICS 2010/2011 (2011)
2. M. Elisabeth Pate-Cornell, Risk Analysis, 13, 2 (1993)
3. HSE, A Guide to the Offshore Installations (Safety Case) Regulations (1992).
4. NPD,Regulations relating to management in the petroleum activities(2001)
5. CahillJ., Differences in Fire & Gas Systems and Emergency Shutdown Systems (2011)
6. OLF, APPLICATION OF IEC 61508 AND IEC 61511 IN THE NORWEGIAN PETROLEUM
INDUSTRY(OLF 070, 2004)
7. OLF, NORSOK STANDARD S-001 Technical safety (OLF, 2008)
8. DNV, OFFSHORE STANDARD DNV-OS-E201: Oil and Gas Processing Systems(DNV, 2013)
9. Emad MousaviM., GardoniP., Marine Structures, 36 (2014)
10. GholizadaA., GolafshaniA. A., AkramiV., Ocean Engineering, 46 (2012)
11. DragffyG., RESS, 61 (1998)
02003-p.9
MATEC Web of Conferences
12. SINTEF, Reliability of Subsea BOP Systems for Deepwater Application, Phase II DW
Unrestricted version(SINTEF, 1999)
13. Ram K. Goyal, Essa G. Al-Ansari, JLP, 22, 35 (2009)
14. Torres-EcheverriaA.C., MartorellS., ThompsonH. A.,RESS, 106 (2012)
15. Innal F., Dutuit Y., Chebila, M., RESS, 134 (2015)
16. Kim, S.S., Ph. d thesis of INHA Univ., (2011)
17. Ko, J.S., Kim, H., Lee, S. K., Fire Science and Engineering, 20, 3 (2006)
18. Bae, J. H., Shin, S. C., Kim, S. Y., Proceedings of Naval Architects of Korea, pp.965-970 (2014)
19. ConocoPhillips, Safety Shutdown Systems, additional technical requirements (ConocoPhillips,
2007)
20. ANSI/ISA, Instrumentation Symbols and Identification(ISA, 1992)
21. IEC, International Vocabulary, Chapter 191: Dependability and Quality of Service(IEC 50 (191),
1991)
22. IEC, IEC 61508-6, Part 6: Guidelines on the application of parts 2 and 3 (IEC, 1997)
23. SINTEF, OREDA Offshore Reliability Data 5th Edition(SINTEF, 2009)
24. GrossR. E., HarrisS. P., RAMS 2008, pp.312-316 (2008)
25. DavidDr., SmithJ., RELIABILITY MAINTAINABILITY AND RISK Practical methods for
engineers 8th edition(Butterworth-Heinemann, 2011)
26. Wikipedia, Heidrun oil field(Wikipeida, 2015)
27. Rausand M., Reliability of Safety-Critical Systems: Theory and Applications (WILEY, 2014)
28. Metso Automation, ESD VALVE SELECTION GUIDE GENERAL ESD VALVE
DEFINITION(Metso Automation, 2005)
29. OMEGA Engineering inc., http://kr.omega.com/products.html (2015)
02003-p.10
... This process entails various risks, including natural, environmental, and safety factors. Therefore, offshore drilling is considered a significant challenge that demands attention and expertise [6], [7]. Additionally, controlling the well's pressure is of utmost importance to ensure the successful completion of offshore drilling operations [8]. ...
Enhancing Offshore Drilling Efficiency through Multilevel Flow Modeling of MPD Operations
Article
Full-text available
  • Jun 2024
Exploiting all forms of energy must be coupled with the preservation of human safety and the environment. Despite the energy reserves beneath the ocean depths, challenging obstacles confront offshore drilling operations, notably the high pressure beneath the well. To comprehend this process better, we turned to modeling the managed pressure drilling (MPD) using multilevel flow modeling (MFM). These models provide a robust framework enabling us to understand and analyze the intricacies of this complex process. Our use of these models allows us to examine the causes and effects associated with various aspects of this process. All of this enables us to drill safely for the well, achieving our primary goal in this context.
View
... As a result, SIL1 has the lowest level of safety while SIL4 has the highest level of safety (International Electrotechnical Commission (IEC) 2010;Faller 2004;Smith and Simpson 2020). Typically, ESD systems are classified as either SIL2 or SIL3 (Bae et al. 2016). ESD's SIL may be determined by the criticality of the incident. ...
Review of the role of safety engineers in the prevention and mitigation of fires during oil and gas plant design
Article
  • Apr 2023
There are several hazards associated with oil and gas plants, but fire and explosion are the most destructive events. To minimize the possibility and consequences of negative events and hazards, a variety of industries, such as oil and gas, require a substantial amount of health, safety, and environmental engineering expertise. Fire safety engineers play a very significant role in developing fire safety designs and analyses during the design stage. As part of this process, other departments, such as process, instrumentation, and piping, are consulted. While there has been a considerable amount of research conducted on safety-related issues in the past, including safety culture, management, risk assessment, safety instrumented systems (SIS), and inherent safety implementation, no study has addressed the role of safety engineers in preventing and mitigating fires. This review examines the roles and responsibilities of safety engineers during the design process of oil and gas plants in a comprehensive and general manner with the objective of preventing and mitigating fire hazards. Keywords Fire science · Fire tetrahedrons · Piper alpha oil platform · Emergency shut down (ESD) system · Plot plan · Fire water network · Fire and gas system (FGS) · Hazardous area classification · Passive and active fire protection · Risk assessment
View
... The spurious activation rate or spurious trip rate is defined as the average number of spurious activations of a safety function per unit of time [6]. ...
Multiobjective Optimization of the Performance of Safety Systems †
Article
Full-text available
  • Jan 2023
Citation: Eddine, B.H.; Riad, B.; Youcef, Z.; El-Arkam, M. Multiobjective Optimization of the Performance of Safety Systems. Eng. Abstract: The activation of the safety-instrumented systems in industrial processes is carried out after the occurrence of specific deviations (dangerous situations) from normal operation (normal situations), but in some cases, the safety-instrumented systems are activated in the absence of deviations or requests; these are the unwanted activations. The system chosen in this study is a system with high-pressure gas and inflammable gas, and it is protected by a firefighting system that prevents any kind of accident in order to protect humans, systems, and the environment. The activation of the emergency shutdown system causes stoppage of the whole system by closing the input and output valves. This paper presents the optimization of the voting redundancies of safety-instrumented systems by a multiobjective genetic algorithm. The objectives to optimize are the average probability of dangerous failure on demand, which represents the system safety integrity, and the spurious trip rate, which presents the activation of a safety function without the presence of a demand.
View
... When assessing the reliability and safety of subsea Christmas tree, Pang et al. [9] converted the failure rate of hydraulic and electronic components which obey an exponential distribution and mechanical components with Weibull distribution into a constant. Bae et al. [10] referred to the CFR of equipment in offshore and onshore reliability data (OREDA), and used the multi-objective design optimization method to optimize the ESD system to ensure its high reliability and reasonable cost. Signorini et al. [11] collected 106 subsea control module (SCM) field data sets and compared them with OREDA for quantitative and qualitative reliability study of SCM. ...
Reliability Study of Parameter Uncertainty Based on Time-Varying Failure Rates with an Application to Subsea Oil and Gas Production Emergency Shutdown Systems
Article
Full-text available
  • Dec 2021
The failure rate of equipment during long-term operation in severe environment is time-varying. Most studies regard the failure rate as a constant, ignoring the reliability evaluation error caused by the constant. While studying failure data that are few and easily missing, it is common to focus only on the uncertainty of reliability index rather than parameter of failure rate. In this study, a new time-varying failure rate model containing time-varying scale factor is established, and a statistical-fuzzy model of failure rate cumulated parameter is established by using statistical and fuzzy knowledge, which is used to modify the time-varying failure rate model. Subsequently, the theorem of the upper boundary existence for the failure rate region is proposed and proved to provide the failure rate cumulated parameter when the failure rate changes the fastest. The proposed model and theorem are applied to analyze the reliability of subsea emergency shutdown system in the marine environment for a long time. The comparison of system reliability under time-varying failure rate and constant failure rate shows that the time-varying failure rate model can eliminate the evaluation error and is consistent with engineering. The reliability intervals based on the failure rate model before and after modification are compared to analyze differences in uncertainty, which confirm that the modified model is more accurate and more practical for engineering.
View
Reliability of Subsea BOP systems
Article
  • Sep 1987
  • RELIAB ENG SYST SAFE
A comprehensive study of Subsea Blowout Preventer (BOP) performance in the North Sea between 1978 and 1986 has been carried out to identify BOP reliability problems. Reliability of the BOP as a barrier against blowouts has been assessed together with rig downtime caused by BOP failures and malfunctions. An overall conclusion from the study is that the BOP reliability has improved significantly during the last few years.
View
Safety and operational integrity evaluation and design optimization of safety instrumented systems
Article
  • Feb 2015
  • RELIAB ENG SYST SAFE
The control of risks generated by modern industrial facilities could not be guaranteed without the use of safety instrumented systems (SIS). The failure of SIS to achieve their assigned functions could result in huge consequences with respect to both (i) the safety of the monitored system (relating to the SIS safety integrity) as well as (ii) its production availability due to false trips (relating to the SIS operational integrity). Furthermore, these two aspects are usually antagonistic. Therefore, the assurance of this double performance comes first by a thoughtful design of SIS. In that case, the aim of this paper is twofold. First, it focuses on the establishment of generic analytical formulations allowing the assessment of the SIS performance regarding safety integrity and operational integrity. Second, it deals with SIS architecture design optimization. The optimization problem is firstly addressed by a preliminary search for a balance between the above two quantities relying on the analysis of the structure of KooN architectures. Then, a more general and suitable approach based on genetic algorithms is proposed, where several performance indicators and the costs of purchase and maintenance are expected to be considered simultaneously. This general approach is illustrated through an application example.
View
Reliability of Safety-Critical Systems: Theory and Applications
Article
  • Mar 2014
This book provides an introduction to reliability assessment of safety-critical systems with a focus on safety-related systems that are based on electrical, electronic, and/or programmable electronic (E/E/PE) technology. Several international standards give requirements for the reliability, or safety integrity, of such systems. The most important of these standards is IEC 61508: Functional safety of electrical/electronic/programmable electronic safety-related systems. This standard introduces several new features, the most noticeable being (i) the life cycle approach with requirements for each phase of the life cycle, and (ii) the classification of requirements into four distinct safety integrity levels (SILs). The standard has seven parts, is very comprehensive, and may be difficult to fully understand. As a performance-based standard, methods and formulas are just suggested and explanations and justifications are lacking. An objective of this book is therefore to introduce, describe, and extend these methods and formulas, explain how they can be used, and highlight their limitations.
View
A simplified method for reliability- and integrity-based design of engineering systems and its application to offshore mooring systems
Article
  • Apr 2014
  • MAR STRUCT
This paper presents a simplified method for the reliability- and the integrity-based optimal design of engineering systems and its application to offshore mooring systems. The design of structural systems is transitioning from the conventional methods, which are based on factors of safety, to more advanced methods, which require calculation of the failure probability of the designed system for each project. Using factors of safety to account for the uncertainties in the capacity (strength) or demands can lead to systems with different reliabilities. This is because the number and arrangement of components in each system and the correlation of their responses could be different, which could affect the system reliability. The generic factors of safety that are specified at the component level do not account for such differences. Still, using factors of safety, as a measure of system safety, is preferred by many engineers because of the simplicity in their application. The aim of this paper is to provide a simplified method for design of engineering systems that directly involves the system annual failure probability as a measure of system safety, concerning system strength limit state. In this method, using results of conventional deterministic analysis, the optimality factors for an integrity-based optimal design are used instead of generic safety factors to assure the system safety. The optimality factors, which estimate the necessary change in average component capacities, are computed especially for each component and a target system annual probability of system failure using regression models that estimate the effect of short and long term extreme events on structural response. Because in practice, it is convenient to use the return period as a measure to quantify the likelihood of extreme events, the regression model in this paper is a relationship between the component demands and the annual probability density function corresponding to every return period. This method accounts for the uncertainties in the environmental loads and structural capacities, and identifies the target mean capacity of each component for maximizing its integrity and meeting the reliability requirement. In addition, because various failure modes in a structural system can lead to different consequences (including damage costs), a method is introduced to compute optimality factors for designated failure modes. By calculating the probability of system failure, this method can be used for risk-based decision-making that considers the failure costs and consequences. The proposed method can also be used on existing structures to identify the riskiest components as part of inspection and improvement planning. The proposed method is discussed and illustrated considering offshore mooring systems. However, the method is general and applicable also to other engineering systems. In the case study of this paper, the method is first used to quantify the reliability of a mooring system, then this design is revised to meet the DNV recommended annual probability of failure and for maximizing system integrity as well as for a designated failure mode in which the anchor chains are the first components to fail in the system.
View
Multi-objective optimization of design and testing of safety instrumented systems with MooN voting architectures using a genetic algorithm
Article
  • Oct 2012
  • RELIAB ENG SYST SAFE
This paper presents the optimization of design and test policies of safety instrumented systems using MooN voting redundancies by a multi-objective genetic algorithm. The objectives to optimize are the Average Probability of Dangerous Failure on Demand, which represents the system safety integrity, the Spurious Trip Rate and the Lifecycle Cost. In this way safety, reliability and cost are included. This is done by using novel models of time-dependent probability of failure on demand and spurious trip rate, recently published by the authors. These models are capable of delivering the level of modeling detail required by the standard IEC 61508. Modeling includes common cause failure and diagnostic coverage. The Probability of Failure on Demand model also permits to quantify results with changing testing strategies. The optimization is performed using the multi-objective Genetic Algorithm NSGA-II. This allows weighting of the trade-offs between the three objectives and, thus, implementation of safety systems that keep a good balance between safety, reliability and cost. The complete methodology is applied to two separate case studies, one for optimization of system design with redundancy allocation and component selection and another for optimization of testing policies. Both optimization cases are performed for both systems with MooN redundancies and systems with only parallel redundancies. Their results are compared, demonstrating how introducing MooN architectures presents a significant improvement for the optimization process.
View
Structural reliability of offshore platforms considering fatigue damage and different failure scenarios
Article
  • Jun 2012
  • OCEAN ENG
Structural systems will normally fail as a consequence of a chain of different components failure es. In this paper, fatigue reliability of fixed offshore platforms is investigated by analyzing different failure scenarios. In order to evaluate the occurrence probability of a special scenario, it is divided into a finite number of sub-scenarios. All combinations of time sequences are generated for a given sequence of failures, using a specially developed program. In order to calculate the occurrence probability of each scenario, a massive reliability analysis should be done for each of corresponding sub-scenarios. A large number of sub-scenarios should be analyzed, therefore implementing time consuming traditional methods for evaluating fatigue reliability may be unrealistic, and a simplified and accurate method is required. Herein, an ‘‘Artificial transfer function’’ is used to calculate the cumulative fatigue degradation in components. The preciseness of the proposed method is evaluated using a numerical model, and then, it is used to calculate the occurrence probability of each sub-scenario. Based on the calculated values, probability of occurrence is obtained for each scenario, and finally, the failure probability of entire system is calculated. The proposed method can be used in inspection planning and evaluating the life extension of existing offshore platforms.
View
The design of a highly reliable safety critical emergency shutdown system
Article
  • Sep 1998
  • RELIAB ENG SYST SAFE
An emergency shutdown system (ESD) by its nature should be fail-safe. That is, in case of failure in any of its operations, in order to safeguard human life, property and the environment, it should shut down the plant that it controls. However, a complete shutdown, for example, of a petrochemical or nuclear plant is extremely costly. Therefore, as an alternative, the design of highly reliable emergency shutdown systems should be investigated.The major difference between a shutdown system and other control systems is the degree of tolerable operational integrity. A malfunction in the latter is immediately visible and the system can be replaced by a fully operational one. A shutdown system on the other hand is usually, sometimes for years and hopefully forever, `dormant'. When, however, a true emergency situation arises and real demand is placed on it, it must be fully functional. Reliability is of paramount importance. Therefore, besides applying structured design techniques and improved testability other design methods will also need to be incorporated in the final system in order to increase its reliability.
View
RELIABILITY MAINTAINABILITY AND RISK Practical methods for engineers 8th edition
  • Jan 2011
  • Daviddr
  • Smithj
DavidDr., SmithJ., RELIABILITY MAINTAINABILITY AND RISK Practical methods for engineers 8th edition(Butterworth-Heinemann, 2011)
  • Jan 2006
  • J S Ko
  • H Kim
  • S K Lee
Ko, J.S., Kim, H., Lee, S. K., Fire Science and Engineering, 20, 3 (2006)
  • Jan 1993
  • RISK ANAL
  • M Elisabeth Pate-Cornell
M. Elisabeth Pate-Cornell, Risk Analysis, 13, 2 (1993)