Overview of Control System Design

1
Overview of Control System Design

• Safety. It is imperative that industrial plants
  operate safely so as to promote the well-being of
  people and equipment within the plant and in the
  nearby communities. Thus, plant safety is always
  the most important control objective and is the
  subject of Section 10.5.
• Environmental Regulations. Industrial plants
  must comply with environmental regulations
  concerning the discharge of gases, liquids, and
  solids beyond the plant boundaries.
• Product Specifications and Production Rate. In
  order to be profitable, a plant must make
  products that meet specifications concerning
  product quality and production rate.

Chapter 10
2

• Economic Plant Operation. It is an economic
  reality that the plant operation over long
  periods of time must be profitable. Thus, the
  control objectives must be consistent with the
  economic objectives.
• Stable Plant Operation. The control system should
  facilitate smooth, stable plant operation without
  excessive oscillation in key process variables.
  Thus, it is desirable to have smooth, rapid
  set-point changes and rapid recovery from plant
  disturbances such as changes in feed composition.

Chapter 10
3
Operators View of Process Control
A Day in the Life of a Plant Operator
4
Operators View of Process Control

• Pump A pumping oil has tripped - Cause Unknown
• You switch to Pump B. That also trips - Cause
  Unknown
• Soon hundreds of alarms are going off Cause(s)
  Unknown
• With in minutes you have an explosion and a fire.
  Two people are killed and a few hurt at this
  point.
• It is 1000 in the night
• The plant manager is in Aberdeen, Scotland, and
  not available
• You are on top of an off-shore oil platform in
  the middle of the North Sea

You are the Shift Supervisor What do you do?
5
Process Safety is a Major Concern The BIG Ones

• Piper Alpha Disaster, Occidental Petroleum
  Scotland, 1988
• Off-shore oil platform explosion
• 164 people killed
• 2 Billion in losses

• Union Carbide, Bhopal, India, 1984
• MIC release into atmosphere
• 3000-10,000 people killed
• 100,000 injured
• 0.5-1.0 Billion in losses

6
The BIG Ones More recently.

• Mina Al-Ahmedhi Refinery,KPCL,Kuwait, June 2000
• Leak led to flammable vapor release and explosion
• 7 people killed, 50 injured
• 400 Million in losses
• Petrobras, Brazil, March 2001
• Off-shore oil platform explosion
• 10 people killed, 5 Billion in losses
• Platform sank into the Atlantic Ocean

7
The BIG Ones More recently.

• Ammonium Nitrate Explosion in Toulouse - France
• 21 September 2001
• 31 People Killed
• 2442 Injured
• Losses in Hundreds of
• millions dollars

8
Relatively Minor Incidents happen more often

• Mobil, Torrance, CA explosion fire, 10/94
• Conoco Lake Charles, LA, cat cracker fire, 10/94
• Miles chemical plant, Baytown, TX, acid leak,
  11/94
• Koch, Corpus Christi, TX, separator explosion,
  11/94
• Mobil, Paulsboro, NJ, chemical releases, 11/94
• Terra Industries, Sioux City, IA, explosion,
  12/94
• Chevron, El Segundo, CA, furnace fire, 1/95
• Mobil, Torrance, CA, gasoline spill, 2/95
• Unocal, San Francisco, acid overflow/leak, 3/95
• Amoco, Cartere, NJ, depot leak/fire, 3/95
• Clark, Blue Island, IL, refinery fire/extended
  closure, 3/95
• Ultramar, Wilmington, CA, tank leak/fire, 3/95
• Conoco, Ponca City, OK, crude topping unit fire,
  3/95
• Sun Oil, Philadelphia, gas leak, 4/95
• Napp Technologies, Lodi, NJ, explosion fire,
  4/95
• Rhone-Poulenc, Philadelphia, granulator explosion
  and fire, 5/95
• Reichhold Chemicals, Grundy Co, IL,
  rupture/fire/spill, 5/95
• BP, Lima and Toledo, OH refinery fires, 5/95
• Ultramar, Wilmington, CA, crude unit fire, 6/95

24 incidents 12 deaths, hundreds hurt, 1B
losses, 10B impact Source Honeywell ASM
Consortium
9
AEM Problem Important and Challenging

• 20B impact on U.S. economy 10B impact on
  petrochemical companies
• A billion here a billion there
• pretty soon you are
  talking real money
• Petrochemical companies have rated AEM their 1
  problem
• Modern plants are more difficult to control,
  diagnose and manage
• Complex configurations, very large scale
• Running process at its limit reduces margin for
  error
• Plant-wide integration makes reasoning difficult
• Advanced control puts process in states which
  operators have difficulty managing in the event
  of an upset
• Fewer experienced operating personnel due to
  downsizing
• Lack of adequate training of operators

10
Typical Complaints from Operators

• Inadequate precision of temporal information
  (e.g. lack of true alarm order)
• Excessive nuisance alarms due to weak conditional
  alarming capabilities.
• Inadequate anticipation of process disturbances
• lack of real-time, root-cause analysis
  (symptom-based alarming)
• Lack of distinctions between instrument failures
  and true process deviations

• Poor integration of multiple information and
  control system components.
• Limited capabilities to view interrelated process
  data.
• Lack of adequate tools to measure, track, and
  access past records of abnormal situations.
• Limited or time-consuming access to procedures or
  operating instructions.
• Cumbersome and un-integrated communications
  between and within plant units.

Need Intelligent Control
11
Process Safety and Process Control

• Primary concern of the process industries.
• Increased public awareness of potential risks,
  stricter legal requirements, and the increased
  complexity of modern industrial plants.

Chapter 10
Overview of Process Safety
Process safety is considered at various stages in
the lifetime of a process

• Preliminary process design.

12

• At the final stage of the design stage hazard and
  operability (HAZOP) studies, failure mode, and
  fault tree analysis are used.
• After plant operation begins, HAZOP studies are
  conducted on a periodic basis in order to
  identify and eliminate potential hazards.
• Proposed plant or operating conditions changes
  require formal approval. This considers the
  potential impact of the change on the safety,
  environment, and health of the workers and the
  nearby communities (may require governmental
  approval, e.g., pharmaceutical industry).
• After a serious accident or plant incident, a
  thorough review is conducted to determine its
  cause and to assess responsibility.

Chapter 10
13
Multiple Protection Layers

• In modern plants, process safety relies on the
  principle of multiple protection layers see
  Figure 10.11.
• Each layer of protection consists of a grouping
  of equipment and/or human actions, shown in the
  order of activation.

Chapter 10
14
Figure 10.11. Typical layers of protection in a
modern chemical plant (CCPS 1993).
Chapter 10
15

• Basic process control system (BPCS) is augmented
  with two levels of alarms and operator
  supervision or intervention.
• An alarm indicates that a measurement has
  exceeded its specified limits and may require
  operator action.
• Safety interlock system (SIS) is also referred to
  as a safety instrumented system or as an
  emergency shutdown (ESD) system.
• The SIS automatically takes corrective action
  when the process and BPCS layers are unable to
  handle an emergency, e.g., the SIS could
  automatically turn off the reactant pumps after a
  high temperature alarm occurs for a chemical
  reactor.
• Rupture discs and relief valves provide physical
  protection by venting a gas or vapor if
  over-pressurization occurs (also flares for
  combustibles).

Chapter 10
16
Types of Alarms
Type 1 Alarm Equipment status alarm. Pump is on
or off, or motor is running or stopped.
Type 2 Alarm Abnormal measurement alarm.
Measurement is outside of specified limits. Type
3 Alarm An alarm switch without its own sensor.
When it is not necessary to know the actual value
of the process variable, only whether it is above
(or below) a specified limit.
Chapter 10
Type 4 Alarm An alarm switch with its own
sensor. This serves as a backup in case the
regular sensor fails. Type 5 Alarm Automatic
Shutdown or Startup System.
17
Chapter 10
Fig. 10.12 A general block diagram for an alarm
system.
18
Chapter 10
Fig. 10.13 Two flow alarm configurations.
19
Fig. 10.14 Two interlock configurations.
Chapter 10
20

• Safety Interlock System (SIS)
• The SIS in Figure 10.11 serves as an emergency
  back-up system for the BPCS.
• The SIS automatically starts when a critical
  process variable exceeds specified alarm limits
  that define the allowable operating region
  (starting or stopping a pump or shutting down a
  process unit).
• Only used as a last resort to prevent injury to
  people or equipment.
• SIS must function independently of the BPCS
  (e.g., due to a malfunction or power failure in
  BPCS). Thus, the SIS should be physically
  separated from the BPCS and have its own sensors
  and actuators.

Chapter 10
21
A Final Thought
As Rinard (1990) has poignantly noted, The
regulatory control system affects the size of
your paycheck the safety control system affects
whether or not you will be around to collect it.
Chapter 10
22
Chapter 10
Previous chapter
Next chapter