Latest News

AOPS protects process plants from overfill conditions

SIS-TECH announces the Automated Overfill Protection System (AOPS), a safety instrumented system (SIS) that can prevent dangerous overfill conditions in terminals, tank farms and process vessels.

The AOPS incorporates a non-programmable Logic Solver (suitable up to SIL-3) that receives signals from switches or transmitters, determines if an abnormal process condition is present, and provides outputs to close isolation valves, shut down transfer pumps, or open diversion valves. The system operates independently of the plant’s process control system with the capability to communicate to the control system via hardwire, Modbus, Ethernet or wireless communications.

The AOPS prevents overfill conditions that can result in vessel damage and release of hazardous chemicals to the environment. It can also be configured to prevent underfill conditions. Underfill conditions can cause loss of suction to transfer pumps with the potential for pump damage, or cause significant hazards when a floating roof tank is used and level is too low.

Level seems simple to monitor, but it’s often just one of many process variables on an HMI display. Compounding the problem, incorrect level often doesn’t affect unit operation or cause any other significant process variable disturbance until the safe fill level is exceeded.

In many processes, level doesn’t have direct significance to plant production or product quality, and absolute level often varies over a large range around what is considered normal. In tank farms, the operating level is simply inventory to be managed and normally varies across a large range.

High level is often an indirect hazard, with the direct hazard being too much mass or volume. Some overfills challenge the tank or vessel, causing it to overpressure or to collapse when the retained mass exceeds the equipment structural design limits. Many overfills occur because of loss of containment when liquid passes to downstream equipment that is not designed to receive it.

The key problem is that, even though a tank may be approaching a dangerous overfill condition, the steadily increasing level does not cause any process upsets or other alarm conditions. This makes it very difficult for an operator to be aware of the dangerously approaching condition and, more importantly, the operator may not immediately know what to do to correct the situation.

For example, hazards may occur when operators take manual actions in response to high level, such as draining knock-out drums. Planned operator procedures must provide sufficient time for the operator to take action and provide a means to verify the process response.

Further, there should be time to evacuate the area if the action doesn’t work as expected. In some cases, if the operator does not respond quickly enough or isn’t completely familiar with the manual procedures, a disaster can occur.

Loss of level control has been a contributing cause in three significant industrial incidents:
• The Esso Longford explosion (September 25, 1998) in Australia resulted in 2 fatalities, 8 injuries, and A$1.3 billion in losses.
• The BP Texas City explosion (March 23, 2005) in the US caused 15 fatalities and more than 170 injuries. Facility production was profoundly affected for months after the incident. Losses to BP were in excess of US$1.6 billion.
• The Buncefield explosion (December 11, 2005) in the UK injured 43 people and devastated the Hertfordshire Oil Storage Terminal, The economic impact on regional businesses was estimated to be in the range of ₤130–170 million, and estimated total losses were ₤1 billion.

These incidents involve three different industries located in three different countries. Each incident propagated uniquely, arriving at its final outcome through different mechanisms. Yet, all suffered the same process deviation of high level, and all resulted in devastating consequences.

Automated trips ensure protection even when the operator is focused on other duties. A SIS, such as the AOPS, can detect high level and prevent filling beyond the safe fill limit. The system uses independent sensors such as a switch or transmitter to detect high level, and independent final elements such as a motor control circuit or block valve to divert or terminate feed.

The SIS trip action is automatically initiated at a setpoint that allows sufficient time for the action to be completed safely. Risk analysis determines the safety integrity level (SIL), typically SIL-1 or SIL-2, required to ensure that the overfill risk is adequately addressed.

The AOPS is a stand-alone, independent, non-PE logic solver suitable for use up to SIL 3. Rated for –30C to +75C and constructed using Class I Div 2 components, the AOPS can be installed in the harshest process units near the tank. Further, the number of inputs and voting architecture (1oo1, 1oo2, 2oo2 or 2oo3), can be adjusted for each process variable to meet any SIL or reliability requirement.

The AOPS is flexible and can be customized for any specific level application. For the ultimate in remote, stand-alone installation—solar power provides SIL protection without the need for utilities, while wireless communication sends system status to centralised control rooms. As compared to safety PLCs, total lifecycle costs are 50% less.

Send this to a friend