24/2/2014
NEBOSH International Technical Certificate in Oil and Gas Operational Safety
Element 3 Hydrocarbon Process Safety 2 • Failure Failure Modes Modes • Other Type of of Failures Failures • Safety Critical Critical Equipme Equipment nt Controls • Safe Storage Storage of Hydro Hydrocarbo carbons ns • Fire Hazard Hazards, s, Risks and Controls Controls • Furnace and Boiler Boiler Operati Operations ons
© RRC Training
© RRC Training
Failure Modes Failure Modes
© RRC Training
Creep
© RRC Training
1
24/2/2014
Stress-Strain Curves for Tensile Tensile Loading of a wire
Failure Modes Measured in Units of Pa Stiff brittle material
Dimensionless quantity
c (ultimate tensile strength)
d (breaking point) a (elastic limit)
Stress
d Ductile material
Or, more generally b (Yield point)
c
a
a/b
d
Elastic material 0 © RRC Training
Strain
© RRC Training
Failure Modes
In the ELASTIC region, Hooke’s law:
Failure Modes Stress can arise from, for example: • • • • •
Periodic Periodic fluctuations fluctuations in operati operating ng pressure pressure Temperature emperature cycling cycling Vibra ibrati tion on Wate Waterr hamm hammer er Periodic Periodic fluctuations fluctuations of external external loads loads
Leading to various types of failure. failure.
© RRC Training
© RRC Training
2
24/2/2014
Failure Modes Failure Modes Stress Corrosion Cracking Needs: • a susceptible material • a corrosive environment (specific to the material) • enough tensile stress to induce the condition
Thermal Shock • Rapid and extreme temperature changes.
Material
Cracks on simultaneous exposure to str ess and:
• Thermal differences – uneven expansion.
Aluminium alloys
chloride
Mild steel
nitrates
• Stress generated overcomes material strength – cracking and failure
Copper and its alloys
ammonia
• e.g. failure of weld
Al so - Cor ro si on Fat ig ue (fr om c yc li c st res ses ) © RRC Training
© RRC Training
Failure Modes
Failure Modes
Brittle Fracture • Very sudden – no warning. • Due to structure of the material or timescale of loading – material does not slip
Brittl e Fracture - Characteristics • No signs of deformation • Fracture surface:
• Cracks quickly spread through the material (may be audible) Some factors that promote brittle fracture: • • • •
Low temperature Impact or “ snatch” loading Residual tensile stresses Inherent material britt leness
© RRC Training
― ‘bright’ ― sometimes with ‘chevrons’ ― sometimes with lines and ridges
© RRC Training
3
24/2/2014
Failure Modes
Failure Modes
“ Safe Operating Envelope”
Failure of Annular Rim of stor age tank
the limits/boundaries of what is considered safe operation – specified at design stage
• Corrosion from within
Knowledge of Failure Modes is used to establish safe operating envelope in Initial Design, Process and Safe Operation: -
Maximum safe design loads for vessels, pipework, etc. Calculate required material thickness Material selection Component shape ( stress concentration) Etc.
© RRC Training
― Due to sea water content (leads to pitting) ― Due to high sulphur content (bacterial corrosion) • Tank settlement into/onto a foundation
― joints and protective finishes affected by the movement (corrosion).
© RRC Training
Other Types of Failures Weld Fail ures – the need for r egular inspecti on and NDT
Other Types of Failures Other Non-Destructi ve Testi ng
Visual Inspection s
― Naked eye ― A magnifying glass ― A microscope • Need good light source • Protective coatings and finishes removed
© RRC Training
Dye Penetrant • Uses a three-part spray-can system to clean the area and highlight defects. • Works on many non-porous materials but only detects surface flaws. • Often used before and with other methods.
© RRC Training
4
24/2/2014
Other Types of Failures Other Types of Failures Eddy Current
Magnetic Particle • Magnetises the component
•
Uses principle of electromagnetic induction.
•
When high frequency AC current passed through conductor (e.g. copper coil), fluctuating m agnetic field develops.
•
If brought close to another electrical conductor, induces current in it.
•
Defects, e.g. cracks cause variation in eddy current.
•
Having second coil enables detection of changes in induced eddies (used to determine depth of crack, etc.)
• Applies magnetic particles or ink • Defects show as magnetic field is distorted • Defect tends to cause a concentration of the magnetic field which attracts more particles than surrounding materials
© RRC Training
© RRC Training
Other Types of Failures
Other Types of Failures
Ultrasonic
Radiograph y (X-ray or Gamma)
Uses generator transmitting pulses of high-frequency sound (ultrasound).
Rays transmitted through material onto strip of photographic film.
Transmitted in a probe head – in contact with material surface (some contact liquid used).
Image produced on film (radiograph) – indicates locations of defects as intensity differences:
Detects sound reflected from within the material - output displayed on oscilloscope. With calibration – can indicate location and depth of defect within the material (not just surface), so access to only one side of material needed.
© RRC Training
• Locates internal defects. • Provides permanent record. • Expensive, radiation hazard, requires expertise.
© RRC Training
5
24/2/2014
Other Types of Failures Pressure Testi ng • Finished pressure system subjected to pressure test (typically 1.5 x normal working pressure)
Other Types of Failures Use of Strain Gauge (electr ical sensiti vity) • A ‘strain gauge’ is attached to the item and its electrical sensitivity is measured.
• Liquid used rather than gas • Must be cleaned afterwards
© RRC Training
• Can be left in place to monitor – recording changing stress levels
© RRC Training
Other Types of Failures
Safety Critical Equipment Controls We’ll cover:
Thermal Imaging Camera • Emergency shut-down (ESD) equipment and systems • Small variations in heat can be shown on a colour screen • This can detect the existence of faults in an object or part
• Safety integrity levels (SIL) for instrumentation • Procedures for by-passing ESD • Blow-down facilities • Closed and open drain headers, sewers, interceptors.
© RRC Training
© RRC Training
6
24/2/2014
Safety Critical Equipment Controls
Safety Critical Equipment Controls
The Fire & Gas systems:
Emergency Shut-Down Equipment and Systems
• Can detect hazardous events (flame, smoke etc.)
• Monitor and detect f aults in process and service systems
• Set off alarms to alert control personnel
• When detected, will shut-down to prevent escalation of hazardous event
• Set off the ESDs to minimise consequences • They operate through a number of fire and gas detectors
© RRC Training
• Will protect people and property on the installation from damage
© RRC Training
Safety Critical Equipment Controls ESD equipment and s ystems • Should be independent from normal production controls • Control valves should be independent within ESD systems – not used for dual-control or shut-down • Shut-down and blowdown valves should fail to safety • Pipework isolator valves should fail closed
Safety Critical Equipment Controls • Blowdown valves should fail open if power supply or control signal is lost • Safety case will need to justify where fail-safe is not integral to ESD system • Where by-pass is provided around shutdown valves (for maintenance) they should be locked closed and handwheels removed • Hydraulic return line valves should be locked open
© RRC Training
© RRC Training
7
24/2/2014
Safety Critical Equipment Controls Safety Critical Equipment Controls
Procedures for Bypassing ESD
Safety Integrit y Levels (SIL) for Instr umentation Increasing probability of failure to perform (its safety functions) on demand (PFD) SIL4 SIL3 SIL2
• Operate under permit conditions, authorised by competent person with justification • Adequate risk assessment needed
SIL1
SIL is an index of tolerability of f ailure to perform SIL needed depends on estimated risk reduction needed for acceptability/tolerability SIL4 has highest integrity (highest probability that will perform when needed, e.g. where major accident potential)
• Minimise bypass time • Continued application to be monitored and controlled • Critical controls needed at shift hand-over • Bypasses to be tested or correct functioning; Full testing after reversal • Bypasses to be entered in bypass log
© RRC Training
© RRC Training
Safety Critical Equipment Controls Blowdown Facilit ies and Flare Types
Safety Critical Equipment Controls • Liquid blowdown should not go to flares designed for gases (flare flame-out; wide discharge spread)
Blowdown • removal of liquid from process vessels and equipment (through flares or to tanks) to reduce likelihood of fires or explosions
© RRC Training
• Route liquid blowdown to facilities to handle large quantities of liquids e.g. storage tank Beware - gases from liquids can be released (pressure may rupture tank)
© RRC Training
8
24/2/2014
Safety Critical Equipment Controls
Safety Critical Equipment Controls
Flaring
Steam-assist ed fl ares (common in refi neries)
Can act as a safety device that will protect vessels and pipework from overpressure.
• Single burner tips
Many different types – fixed, portable, self-supporting, some just for gas, others liquid and gas, etc.
© RRC Training
• Elevated above ground to burn vented gas in a diffusion flame • Steam injected into combustion zone promotes turbulence for good mixing introduces air into the flame
© RRC Training
Safety Critical Equipment Controls
Safety Critical Equipment Controls
Ai r- ass is ted fl ares
Non-assisted flares
• Use forced air (from fan) for combustion and mixing
• Simple flare tip (no steam or air mixing)
• Give a relatively smoke-free flame
• Have limited gas streams with a low heat content
• The burner has many small gas orifices in a spidershaped pattern inside the top of a steel cylinder
• Have a low ratio of hydrogen/carbon th at will burn well without producing lots of smoke
• Fan speed can vary to alter the amount of combustion air
© RRC Training
• They manage with less air to give complete combustion and have lower combustion temperatures
© RRC Training
9
24/2/2014
Safety Critical Equipment Controls Pressure-assisted flares • Uses vent steam pressure to assist with mixing the combustible fuels at the burner tip • With enough vent steam pressure they can be used on flare tips that would have used steam or air to give a smokeless discharge • They have a number of burner heads that operate depending on the amount of gas discharged • Normally have burner at ground level – so need safe location
© RRC Training
Safety Critical Equipment Controls Enclosed ground flares • Burner heads enclosed in internally insulated shell • Helps cut down smoke, noise, luminosity, heat radiation and protect from the wind • Adequate mixing is achieved by a high nozzle pressuredrop so air or steam not needed • Flare tip height must be adequate to create enough draught to give enough air for smokeless combustion and to disperse thermal plume © RRC Training
Safety Critical Equipment Controls
Safety Critical Equipment Controls
Flare monitoring
• Clean flame, where possibly only gas is being burned.
• To ensure integrity of the emission and the flame • Monitoring equipment, e.g. thermocouple sensors, UV flame sensors, remote flame sensors and flue analysers • Placed in the flame for continuous monitoring
© RRC Training
© RRC Training
10
24/2/2014
Safety Critical Equipment Controls • Dirty flare • Steam is often injected into the flame at the tip of the stack to reduce the black smoke (but makes them noisier)
Safety Critical Equipment Controls Drains • Open drains – for non/low-hazardous (e.g. rain water) • Closed drains – hazardous, e.g. Offshore, drains • Closed drains should not be interconnected with any open drain • Sampling and monitoring needed
© RRC Training
© RRC Training
Safety Critical Equipment Controls
Safety Critical Equipment Controls
Sewers
Interceptors (oil/water separators)
• Collects sewage (and organic food waste from galleys), directed through a treatment plant
• Used to collect and separate oil from contaminated water (e.g. rainwater from hazardous areas)
• Often involves maceration and chlorination of the waste
• Have a series of settling bays Water flows through Oil stays on the top and accumulates Oil sucked out and disposed of
• Treated sewage mixed with sea water and untreated ‘domestic’ water and discharged through a sewage caisson
© RRC Training
• ‘Cleaned’ water must meet legal limits before discharged to sea/rivers (monitoring)
© RRC Training
11
24/2/2014
Safe Storage of Hydrocarbons
Safe Storage of Hydrocarbons
Hazards and Risks Effects of pressure and vacuum
Overfilling Failure of operator to monitor filling (when filling manually)
Over-pressurisation can cause stress on joints and seals in sealed tanks
Failure of pumping system to shut off
Floating roof tanks can have roofs lifted or torn
Failure/absence of sensors and alarms
Vacuum can cause implosion of vessel
Blockage or lack of adequate tank venting or r elief systems
e.g. Buncefield fire and explosion © RRC Training
© RRC Training
Safe Storage of Hydrocarbons
External Floating Roof Tank
Safe Storage of Hydrocarbons
Failure of Tank Shells Explosion (ignition of flammable contents) Wind loading and earthquakes Corrosion (annular rim etc) Poor construction (materials, welding) and installation Operational errors (over-pressurisation or vacuum when filling or emptying) Deformation of the structure can cause failure Settlement can affect foundations and tank bases © RRC Training
© RRC Training
12
24/2/2014
Fixed Roof storage Tank Internal Floating Roof Tank
© RRC Training
© RRC Training
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons
Bunding of Storage Tanks- some considerations: 110% of the capacity of the largest tank in the bund
Tank filling:
Impervious to liquid being stored
‘Top’ filling – splashing, aeration, electrostatic charge
Drainage (e.g. rain water, spills) via locked valve and interceptor
‘Bottom filling’ – pressure may cause tank failure
Maintained (vegetation, etc.) Electrical equipment (pumps, etc.) explosion protected Crash barriers or bollards (collision protection)
Overfilling!
Escape, fire, explosion, environmental damage (Buncefield!)
Use level sensors/alarms, shut-down, bunds, spill kits, etc.
Wall height to take account of ventilation, access, etc. © RRC Training
© RRC Training
13
24/2/2014
Safe Storage of Hydrocarbons Pressurised/Refrigerated Vessels for LPG/LNG
Safe Storage of Hydrocarbons Loss of Containment and Consequences Jet (spray) fires
Fire-resistant Walls up to 15mm thick. Pressure relief (on top)
Fuels - Gas, 2-phase, flashing liquids and pure liquids Characteristics depend on fuel, release rate, etc. Water content may render fire more unstable Directed onto structures can cause, e.g. vessel failure Confined vs. Unconfined
© RRC Training
© RRC Training
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons Pool Fires Outdoor fires will be well ventilated (combustion controlled by the fuel)
Hydrocarbon Vapour Clouds – generation and potential effects
1. Vaporisation of HC (e.g. LNG vessel leak) 2. Concentration build up (above LEL)
Enclosed fires may become un der-ventilated (combustion controlled by the ventilation)
3. Ignition (source with > MIE)
‘static’ or ‘running’ fires
4. Explosion - over-pressure, blast wave, thermal radiation, fire, debris as airborne missiles Explosion types: Detonation vs. Deflagration
© RRC Training
© RRC Training
14
24/2/2014
Safe Storage of Hydrocarbons
Safe Storage of Hydrocarbons
Unconfined Vapour Cloud Explosions (UVCE)
Confined Vapour Cloud Explosions (CVCE)
Large quantity of flammable gas/vapour released into atmosphere
Vapour cloud contained (e.g. vessel or building) Ignition
Cloud ignited before it can be dispersed below LEL Explosion (u sually a deflagration) - Shock waves and thermal radiation, damage, e.g. Flixborough
Explosion pressure wave may ruptur e vessel/building walls Requires only small quantity of vapour Considerable damage – but usually localised
© RRC Training
© RRC Training
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons
Boiling Liquid Expanding Vapour Explosion (BLEVE) Typical sequence of events: Fire heats vessel containing flammable liquid (e.g. LPG) Internal pressure rises – Relief valve operates Vapour escape reduces vessel liquid level Fire rapidly heats vapours above the liquid surface Vessel wall above liquid level weakens and fails < 20 mins – sudden uncontrolled vapour release
Pipeline Monitoring Supervisory Control And Data Acquisition (SCADA) systems– industrial computer systems – that monitor and control (in this case) oil and gas transportation in pipelines. Detection systems can detect change in flow at leak or tapping point (theft/damage) Simplest pipeline inspection method – ‘walk the line’ CCTV
Vapour cloud explodes – thermal radiation, blast wave, flying debris © RRC Training
© RRC Training
15
24/2/2014
Safe Storage of Hydrocarbons Decommissioning of Plant (an Overview) Decontamination – using water/air, steam, detergents etc Dismantling Disposal (if no longer needed) – including of contaminants Site clearance/remediation (e.g. contaminated land) and verification Factors to consider in decommissioning plan: Health and safety, Environmental impact, Technical f easibility, Cost effectiveness © RRC Training
Safe Storage of Hydrocarbons Decommissioning Old Oil and Gas Wells Obtain all relevant site information (for possible re-use of the installation) Effect on marine environment? Costs? (plugging and abandoning) Select optimal disposal method and disposal contractors
© RRC Training
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons Decommissioning of Topside Production Equipment Removal of deck support structures, drilling decks and plant Processing and transportation of oil and gas pipelines Services, welfare and accommodation facilities Re-use should be a first choice rather than disposal
Removal and Disposal of Deck and sea-bed support (Jacket) Structures Cost of removal vs. leave wh ere it is (may present sh ipping hazard, may contaminate fish stocks etc) Deck packages can often be removed in modules Require use of lifting vessels to load onto transporters Possible use of explosives on pilings and legs (but consider effect on marine life) Jacket now supports marine eco-system (‘artificial reef’), so some can be left (sea-bed removal may be difficult)
© RRC Training
© RRC Training
16
24/2/2014
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons
Management of Simultaneous Operations (SIMOPS)
Pipeline & Power Cable Decommissioning SIMOPs can occur due to: There are environmental as well as technical issues Best method depends on location of pipeline, depth buried and/or depth of water
Contractor/Maintenance activities same location/time Emergencies (f ire/explosion)
Consider other nearby pipelines, sea-bed structures and the marine environment
Platform and vessel operations
Consider removal of onshore-offshore power cables
Weather or environmental impacts
© RRC Training
© RRC Training
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons
Managing SIMOPS Stakeholder meeting - draw up plan of operation
Managing SIMOPS cont’d Each work file will include, for example:
Appoint overall responsible person (e.g. OIM ) Assign other specific responsibilities; how liaison is achieved; duration f or each operation Risk assess the project Each party assembles own work file (covering work in their area) Project Review meeting © RRC Training
Method statement Drawings/schematics (if applicable) Asset lists for the work The constraints identified for each activity An organisation chart identifying key personnel Main hazards and control measures Communications MoC procedures (for any deviations from plan) Emergency response Etc.
© RRC Training
17
24/2/2014
Safe Storage of Hydrocarbons Safe Storage of Hydrocarbons Managing SIMOPS cont’d The Project review meeting: Hazard identification and risk assessment (HIRA) Consider any clashes of activity Determine hierarchy of controls Determine roles and responsibilities for all in the operations; lines of reporting and control
© RRC Training
Managing SIMOPS cont’d Next steps: Create Interface documents Conduct pre-operations briefing Daily meetings during the work Operated under single permit-to-work system Close out process (including review of ‘lessons learned’)
© RRC Training
Fire Hazards, Risks and Controls
Fire Hazards, Risks and Controls
Consider:
Lightning
Lightning
Major static electrical discharge
The fire triangle
Superheats surrounding air – bright flash
Static electricity Identification of ignition sources Hazardous area classification ‘zones’
Audible shock wave ( thunder) Protection – grounded lightning rods
Electrical equipment and tools for use in hazardous areas © RRC Training
© RRC Training
18
24/2/2014
Fire Hazards, Risks and Controls The Fire Triangle
Fire Hazards, Risks and Controls Classification of Fires
Potential Consequences: explosion, thermal radiation, shock wave (as discussed earlier- CVCEs, etc.), fires © RRC Training
© RRC Training
Fire Hazards, Risks and Controls Stages of Fire (Combustion)
Fire Hazards, Risks and Controls Electrostatic charges Static accumulates, e.g. from fuel flowing inside a transfer pipe Static discharges Ignition of fuel/air mixture in vicinity (if discharge energy is high enough) Precautions, typically: good earthing/bonding, use of conductive materials for pipes/vessels; additives in fuels
© RRC Training
© RRC Training
19
24/2/2014
Fire Hazards, Risks and Controls Fire Hazards, Risks and Controls Control and Mitigation of Vapour Phase Explosions:
Identifying Ignition Sources, e.g. Open flames Sparks (electrical switches, grinding tools, internal combustion engines)
Building design (Structural protection for personnel; blast panels) Plant and process design (keep conc. below LEL; eliminate ignition sources; blast resistant equipment; explosion relief/venting devices; spillage containment) Isolation, Inerting and suppression
Static
Segregation of flamm ables (storage) and minimi se inventory
Friction
Procedures (mop up spills)
Etc.
Monitoring (to detect vapour concentrations in flamm range)
© RRC Training
© RRC Training
Fire Hazards, Risks and Controls Fire Hazards, Risks and Controls
Zoning and Hazard Area Classification for gas, vapour, mist Z on e
Des c ri p ti on : a place in which an explosive atmosphere consisting of a mixture of air with dangerous substances in the form of gas, vapour, mist is
0
present continuously, or for long periods of time, or frequently
1
likely to occur in normal operation occasionally
2
not likely to occur in normal operation but, if it does occur, will persist for short period only
Zoning and Hazard Area Classification Zone 0 – a place in which an explosive atmosphere consisting of a mixture of air with dangerous substances in the form of gas, vapour, mist is present continuously, or for long periods of time, or frequently (Zone 20 for dust)
For DUSTS, equivalent zones are 20, 21 and 22, respectively
© RRC Training
© RRC Training
20
24/2/2014
Fire Hazards, Risks and Controls
Fire Hazards, Risks and Controls Intrinsically Safe Equipment ( Type ‘i’)
Selection of equipment to be used in the hazardous area:
Zone 0 or zone 20 – category 1 equipment Zone 1 or zone 21 – category 1 or 2 equipment Zone 2 or zone 22 – category 1, 2 or 3 equipment
Energy level insufficient to produce incendiary spark. Two categories: ‘ia’ - allows for two simultaneous faults (more stringent) ‘ib’ - allows for only one fault Only ‘ia’ equipment can be used (exceptionally) in Zone 0 if sparking contacts are not part of the equipment. Examples: instrumentation and low energy equipment.
© RRC Training
© RRC Training
Fire Hazards, Risks and Controls Flameproof Equipment (Type ‘d’) Totally enclosed Casing can withstand internal explosions without igniting surrounding flammable atmosphere. Suitable for Zones 1 & 2(Not Zone 0) Heavy and expensive; requires regular maintenance. Examples: motors, lighting, switchgear and portable handlamps. © RRC Training
Furnace and Boiler Operations Furnace and Boiler Operations Boilers and furnaces are widely used to generate and distribute steam and hot water There are hazards and risks associated with operating boilers and furnaces, including those arising from the loss of pilot supply, over-firing and flame impingement Further problems arise from over pressurisation of the firebox, low tube flow and the control of the tube-metal temperature (TMT)
© RRC Training
21
24/2/2014
Furnace and Boiler Operations
Furnace and Boiler Operations
Fire-tube boiler
Water-tube boiler
© RRC Training
© RRC Training
Furnace and Boiler Operations Furnace and Boiler Operations
Hazards and Risks of Boiler Operations Loss of pilot gas supply – Building up an explosive atmosphere. Flame detectors are used to ‘watch’ the pilot flame.
Boiler explosions: BLEVE – very high steam pressures
Low tube flow – Low flow (hot water or heated air) causes temperature & pressure rise - potential explosions
Fire box explosions: Occur after flame out when firebox is hot. Damages internal boiler tubes - structural failure, steam leakage.
Control of tube-metal temperature (TMT) – Otherwise excessive stresses placed on boiler tubes Need to manage water level in the boiler. Low water level can lead to explosions
Flame impingement: Heating flame directly touches boiler surfaces (heating coils, pipework) Causes erosion, corrosion, cracking, failure. Prevention: proper adjustment of flame
© RRC Training
© RRC Training
22
