Can you describe an issue? LOPA, SIS, HIPPS, SIL, CAPEX, HAZOP, HAZID and all those modern abbreviations are interesting but tells nothing about a problem behind. Your concerns are clear, but can you describe what problem you are trying to prevent? Knock-out drum will be overfilled - and what? Overfilling is not a catastrophe itself. Know-out drum is not able to withstand high liquid level? Droplets will get into vent stack - and what? A worker will be unable to drain stack? Vent header will be filled - and what? PVs are unable to withstand backpressure?
Please correct me - you have a feeling you (namely you) have a chance to be put into an unknown situation and you are trying to avoid this situation instead of finding out what will happen exactly.
For info - ExxonMobil's std. XVC
3 DEFINITIONS
...
Design Contingency
An abnormal condition including maloperation, equipment malfunction, or other event which is not planned, but is foreseen to the extent that the situations involved are considered in establishing equipment design conditions.
Remote Contingency
An abnormal condition which could result in exceeding design pressure at the coincident temperature, but whose probability of occurrence is so low it is not considered as a design contingency.
...
4 SUMMARY OF SPECIFIC REQUIREMENTS
...
10. Liquid overfilling of vessels as a source of overpressure shall be considered a design contingency unless both of the following conditions are satisfied:
a. Vessel is equipped with a safety critical, independent high-level alarm.
b. The liquid hold-up above the high level alarm is sufficient to provide a minimum of 30 minutes operator response time after activation of the alarm before an overpressure condition develops. The hold-up time is calculated assuming liquid continues to enter at its maximum expected flow rate with no liquid outflow.
When both of these conditions are satisfied, liquid overfill is considered a remote contingency.
If in addition to satisfying the above conditions, the vessel is equipped with a safety critical, independent high-level cut-out that will shut down all the liquid feeds into the vessel, then liquid overfill need not be considered as a potential source of overpressure (principle of not designing for double contingencies takes precedence over principle of not relying upon instrumentation to prevent overpressure). For this criterion to apply, it is necessary that the high-level cut-out be independent of both the process control level instrumentation and the safety critical, independent highlevel alarm and that there be no common cause failure mode that could lead to the simultaneous loss of both the safety critical high-level alarm and the safety critical high-level cutout. In addition, the Safety Integrity Level (SIL) of the system as a whole must be 3 or higher.
...
6.6 LIQUID OVERFILL AS A CAUSE OF OVERPRESSURE
PR valves are often located in the vapor space of partially liquid filled vessels such as towers, distillate drums, refrigeration flash drums, etc., which could overfill during a plant upset. In all cases, if overfill can result in a pressure above the design pressure of the vessel, the PR valve must be sized to prevent overpressure due to liquid overfill. In analyzing liquid overfill, two general scenarios must be considered:
a. Liquid outflows stop while liquid inflows continue at design flow rates.
b. Liquid inflows increase above design flow rate (for example, due to a control valve failing open) while liquid outflows continue at the nominal turndown rates (typically,50% of design). For this case, the extent of overfill possible may be limited by the upstream vessel inventory.
In determining the required relief capacity of the PR valve, credit may be taken for flow through normally open process channels that are not likely to become partially or totally blocked as a consequence of the overfill. For example, if a steam drum is balanced directly on a steam collection header without any intervening control valves, a failure of the level control valve in the full open position will eventually cause the drum to overfill, but credit may be taken up to the capacity of the steam piping to handle the combined flow of incoming water plus the design steam generation rate. If the steam piping cannot handle the resulting flow rate without exceeding the drum MAWP, then the PR valve should be sized for the difference between the incoming flow and the flow rate that can be handled by the steam piping when the drum is at its accumulated pressure. On the other hand, if there is a control valve between the steam drum and the steam collection header, the capacity credit that may be taken will depend on the response of the control valve to the upset and its capacity under these conditions. Unless the minimum relief capacity available through the control valve can be predicted with confidence, no credit should be taken for it.
CAUTION: The flow from the safety valve because of the overfill contingency may be two phase flow, especially if the inlet flow normally contains vapor. In the event of two phase flow, the PR valve must be designed to relieve the vapor plus liquid, minus the flow available through remaining normally open outlets, unless a dedicated PR valve is installed to specifically handle the liquid.
The overfill must be considered as a design contingency for PR valve sizing purposes UNLESS BOTH of the following are provided:
1. The vessel has a safety critical, independent high level alarm (LHA), and
2. The vessel vapor space above the independent LHA is equivalent to a 30 minute (or larger) holdup based on design liquid inlet rate and a stoppage of the liquid outflow.
If the above are provided, the overfill contingency may be considered a remote contingency to which the “1.5 Times Design Pressure Rule" is applied It is recognized that situations may arise where protection against overpressure caused by liquid overfill by the use of a pressure relief device may not be practical, and/or may be insufficient to ensure the integrity of the facility. For example, an existing disposal system may lack the capacity to absorb the relief load, or the vessel support structure may not be capable of supporting the weight of a liquid filled vessel without risk of structural failure. In such cases, the use of a High Integrity Protective System (HIPS) to protect against liquid overfill may be considered as an alternative (or in addition) to a pressure relief device. The intent of such a system is to render liquid overfill a double contingency, which need not be evaluated in the overpressure protection analysis. Two alternative architectures for such a system are suggested:
1. Provide a safety critical, independent high-level alarm (LHA) located such that the vapor space above the LHA is equivalent to at least 30 minutes holdup based on design liquid inlet flow rate with zero liquid outflow (this makes liquid overfill a remote contingency) PLUS provide a safety critical, independent high-level cut-out (LHCO) on all incoming feeds including start up oil (this makes liquid overfill a double contingency), OR
2. Provide a high-integrity, safety critical, independent high-level cut-out (LHCO) on all incoming feeds including start up oil.
Regardless of the architecture chosen, the overall availability of the protective system must be equivalent to Safety Integrity Level (SIL) 3 or better (99.9% or better) for the protective system to qualify as a HIPS. The selected system shall be designed, evaluated and installed in accordance with the criteria in EE.137E.95. These criteria include the need for redundancy, the need to consider the possibility of 10% leakage across the individual isolation valves and the need to confirm that simultaneous failure of the control system and the safety critical instrumentation cannot occur as a result of a common cause failure mode by including suitable safeguards as described under double or multiple contingencies. In addition, the dynamics of the HIPS must be evaluated to ensure that the set pressure of the PR device will not be exceeded and that surge pressures associated with the rapid closure of the isolation valves are considered in the design of upstream and downstream piping systems.
The use of a HIPS to eliminate the liquid overfill contingency (as described above) does not eliminate the need for a pressure relief device to protect the vessel against other potential overpressure contingencies such as fire, utility failure or operating failure. In addition, the possibility of leakage across the HIPS isolation valves must be considered in determining the required relief capacity of the PR valve protecting the vessel. To account for possible isolation valve leakage, the PR valve should have sufficient capacity to handle at least 10% of the relief load that would arise from liquid overfill without exceeding the allowable accumulation. For exceptional cases where the structural supports for a vessel are not designed for the weight of the vessel full of liquid and leakage cannot be tolerated, the use of double isolation valves with an intervening bleeder discharging to the flare (all actuated by the HIPS), should be considered.
The provision of a safety critical LHA and/or LH(CO) as described in the preceding paragraphs is not necessary if either of the following conditions is met:
1. The pressure relief valve protecting the vessel has sufficient capacity to handle a liquid overfill without exceeding the Code allowable accumulation (i.e. liquid overfill has been deemed a design contingency.) AND the pressure relief valve discharges to a closed system, OR
2. There is no credible scenario that could lead to liquid overfill. For example, the maximum pressure that can be developed by the feed system is lower than the set pressure of the pressure relief valve protecting the vessel (plus static head, if applicable).
Forums
Blogs
Articles
File Library
FAQ
Search
FB
0
