Upgrading Safety Systems in the Petrochemical Industry: Basic Guidelines

Related Vendors

DÜPERTHAL Sicherheitstechnik GmbH & Co. KG

Italvacuum, Srl

Donadon SDD Srl

Rockwell Automation GesmbH

• Fully verify the Human Machine Interface (HMI) functionality for the new system.

• The outputs of the safety system can now be migrated from the legacy to the new system (see figure 4). At this stage, the new system will assume control. This also is where the major difference between the migration of an F&G and ESD system occurs. F&G outputs tend to be normally de-energized, or ‘energize to action,’ whereas ESD outputs tend to be normally energized, and therefore ‘de-energize to action.’ This is considered to be a fail-safe design philosophy.

Transferring the outputs from one system to another without inadvertently tripping the plant or falsely setting off your fire and gas protection system can be challenging for system migrations of this nature. Migrating a normally de-energized output is relatively straightforward and is normally done in under a minute per output. During this time, there is no protection for that output.

Safety System Migration

Migration off-normally energized outputs present a different challenge that can be addressed by either electrically ‘holding up’ the output using a temporary supply or locking off the output device. This takes more planning and operational permits and is consequently more time consuming, taking typically one to two hours per output. Figure 5 shows schematically how a critical output circuit may need to be configured during an ESD system output migration.

Once all safety system outputs have been migrated, full control of the safety functions will have passed from the legacy system to the new system. The new system will now be subjected to full system tests. Since the facility is still live, the tests carried out may be an agreed-upon subset of the full functionality and are often guided by the requirements of the operators and the certifying authority. Any tests that cannot be carried out while the plant is live will need to be delayed until the next facility shutdown when full system tests can be carried out.

Once the upgraded system is fully operational, the legacy system can then be deconstructed. The final system, which has redundancy and fault tolerance built into its design, is shown in figure 6.

Finding the Best Approach

Significant cost savings and productivity benefits can be gained from an intelligently designed and properly implemented safety system upgrade strategy. It is important to remember that not all safety systems are created equal and each project has different performance, risks and cost goals.

Striking the right balance requires careful consideration of the implementation approach and the specific capabilities, limitations and advantages of available technology options. Live migration of safety systems during plant operations is possible with careful analysis of the system design and operational requirements, and a thorough and detailed approach to the engineering and migration strategies. In addition, the need for detailed and comprehensive planning and preparation cannot be overemphasized.

However, the preparatory work can pay off in the long run for the plant operator, and one of the best resources you have available is your system’s vendor. Many safety system providers can provide guidance, design recommendations and on-site assistance to help ease the migration, minimize downtime and optimize your system’s performance. For example, the strategy outlined in this article is based on an actual safety system upgrade of over 3,000 I/O on an operational production platform project managed by Rockwell Automation. The upgrade caused the end user minimal disruption to their operational requirements while providing the upgraded system needed to meet their functional safety requirements.

* The author is EPC operations manager at Rockwell Automation.

* Tel.: 91 (120) 4217928 / 29

(ID:29767870)