Documente Academic
Documente Profesional
Documente Cultură
ESD PROJECT
DOCUMENTATION REQUIREMENTS
Note: The source of the technical material in this volume is the Professional
Engineering Development Program (PEDP) of Engineering Services.
Warning: The material contained in this document was developed for Saudi
Aramco and is intended for the exclusive use of Saudi Aramcos employees.
Any material contained in this document which is not already in the public
domain may not be copied, reproduced, sold, given, or disclosed to third
parties, or otherwise used in whole, or in part, without the written permission
of the Vice President, Engineering Services, Saudi Aramco.
CONTENT PAGE
INTRODUCTION........................................................................................................... 3
P&ID ................................................................................................................... 9
Cause-and-Effect Matrix..................................................................................... 14
GLOSSARY .................................................................................................................. 53
LIST OF FIGURES
Figure 6. Binary Logic Diagram For Vacuum Pump System (Figure 2)......................... 19
Figure 24. Using Sequential Function Chart Actions In Binary Logic Diagrams ........... 52
INTRODUCTION
Obtain New
and/or Updated
P&IDs
Perform HAZOP
Study
Create Cause-
and-Effect
Matrix
Add ESD System
Components to
P&IDs
Write Written
Description
Develop
Annotated Logic
Diagrams
Cause-and-Effect Matrix
Written Description
P&ID
PIC
307
PZV PI
301 308
N2
FO
PT PCV
307 307 PI
T 309
303
From
Reactor LI To Vent
304 System
LAH LSH
305 305
Vacuum
Pump
Knockout
Pot
K-304
NOTE: Some piping details (e.g., line sizes) and instrumentation details (e.g., block valves on pressure gauge
are not shown to simplify the drawing.
A P&ID also shows each control loop and each manual valve in
a plant system. Varying levels of detail may be used to show
control loops and other instrumentation on P&IDs. For example,
each loop may be shown in its entirety on a P&ID, including the
measurement element, the transmitter, the control function and
location of controller, and the control valve or other final control
element. This loop representation adds much detail to a P&ID
and requires the process to be shown on numerous drawings
for clarity of presentation. Alternatively, a simpler method of
indicating a control loop is sometimes chosen. In this simpler
method, the measurement element and transmitter are not
shown. The control element symbol that identifies the control
loop function is connected to the measured stream with a
connecting line.
P&IDs are used as the basis for the ESD design process
because P&IDs simplify the understanding of the process and
the relationship of the process to the associated piping,
equipment, and instrumentation.
HAZOP Study
The same questions are applied to reverse flow, and the team
moves on to the next guide word for this part of the process.
This method is used to determine the deviations from normal
design intent, the causes of these deviations, and the
consequences if no action is taken.
The need for action, or changes, is determined based on the
severity of the consequences and the likelihood of occurrence of
the deviations. Potentially hazardous events should be
evaluated as these potentially hazardous events are identified.
A decision should be reached on whether these potentially
hazardous events merit further consideration or action. If the
consequence of any deviation is considered hazardous and
likely to occur, the consequence is documented on the HAZOP
worksheet along with any means to detect and/or prevent this
deviation.
To establish the requirements for the design of the ESD system,
the HAZOP team should develop a comprehensive list of
deviations, and it should identify possible initiating causes for
each deviation. These potentially hazardous deviations and
possible initiating causes are systematically reviewed to identify
the layers of protection that are provided in the process design,
equipment, BPCS, and procedures. If the risk level is low and
the hazard is adequately controlled, no further action is needed.
If the risk level does not meet desired criteria, the HAZOP team
explores possibilities for incorporating additional layers of
protection within the process design/BPCS framework. When
such practical possibilities are exhausted, the HAZOP team may
require further risk control by addition of an emergency
shutdown (ESD) system interlock.
As a result of this work, the HAZOP study team should generate
the following results:
Cause-and-Effect Matrix
CAUSE (IF)
T-303 high level LSHH S
High level reset pushbutton R
K-304 high disch. press. PSHH [34.5 kPa S C
(5 psig)]
High disch. press. reset pushbutton R O
K-304 disch. valve closed S
Written Description
When the level in T-303 vacuum pump knockout pot reaches the set point
of the high level shutdown switch, the high level shutdown switch will
open. This switch action stops K-304 vacuum pump, and it actuates a
visual and audible high level shutdown alarm. When the high level
condition has been corrected, the operator can push the high level
shutdown reset pushbutton. This reset action will clear the T-303 knockout
pot high level shutdown alarm, and it provides a run permissive signal to
K-304 vacuum pump.
When K-304 vacuum pump discharge block valve closes, the closed limit
switch will close, and K-304 vacuum pump will stop.
T-303 High
Engineering Encyclopedia
K-304 Disch.
Block Valve ZV
(Closes when 301
K-304 High output = 0)
PB Disch. Reset = 1 OR
302 Press.
Shutdown
Reset K-304 High
Disch. Press.
K-304 High Shutdown PAHH
High Pressure = 0 A Alarm Signal 310
PSHH Disch.
310 Press. (Alarm on when
Shutdown output = 0)
Input Symbol
19
ESD Systems
NOT Function The NOT function has only one input and
one output. The output assumes the 1-state if and only if
the input assumes the 0-state. The output assumes the 0-
state if and only if the input assumes the 1-state.
S represents set memory, and R If tank pressure becomes high, vent the tank
represents reset memory. and continue venting, regardless of
pressure, until venting is stopped by manual
Logic output C exists as soon actuation of hand switch HS-1, provided that
as logic input A exists, the pressure is not high. If the venting is
regardless of the subsequent stopped, a compressor may be started.
state of A, until the memory
is reset by logic input B
existing. Logic output C will
not exist again until the Tank Pressure S
presence of logic input A High Vent Tank
causes the memory to be set. Permit
HS-1 R Compressor
Logic output D, if used, Start
exists when C does not exist,
S and D does not exist when C
A C exists.
MEMORY Output D should not be shown
Flip-Flop if it is not used.
B R D
If inputs A and B exist
simultaneously, and if it is
desired to have A override B,
then S should be encircled,
e.g., S .
If B is to override A, then R
should be encircled, e.g., R .
Storage OR
tank B
feed
pump
The existence of
logic input A If system pressure exceeds a high limit
causes logic (input = 1), start the vacuum pump (output =
DELAY output B to 1) at once. Stop the vacuum pump (output =
TERMINATION DT exist 0) when the system pressure is below the low
A B
(DELAY TO t immediately. B limit (input = 0) continuously for 1 minute.
OFF) terminates when
A has terminated System DT Vacuum
and has not pressure 1m pump
again existed
for time t.
Ladder Diagrams
H N
24 vDC
Circuit #21
Panel 16
Line
Number
LSHH-306
PB301 Contact opens
on high level
301 302 CR T-303 High
1 301 Level Shutdown
(2, 6, 7)
CR301
2 Relay Contact
Wire Numbers Reference
PSHH-310
PB302 Contact opens
on high level
303 304 CR K-304 High Disch.
3 302 Press. Shutdown
(4, 5, 6, 8)
CR302
4
All the logic elements are shown between the two vertical lines.
These vertical lines represent the source of electrical power.
Input devices such as pushbuttons and relay contacts are
shown starting at the left-hand vertical line the hot line (H).
Device tag numbers and descriptive labels are placed above the
device. The descriptive labels should clarify, where necessary,
the operation of the device (e.g., limit switch opens when valve
is open). Relay coils, timer coils, solenoid valves, and other
output devices are shown next to the right-hand vertical line
the neutral line (N). The power source is identified at the top of
the drawing.
If the shutdown levels for the ESD system interlocks have not
been defined, the other columns must be used as the basis for
determining the shutdown level classification for each interlock.
For example, assume that the process consists of a reactor that
is used to polymerize vinyl chloride monomer into polyvinyl
chloride. The consequence of a particular deviation is a potential
reactor rupture. The reaction material in this example is vinyl
chloride monomer, and it is flammable, has toxic combustion
products, and is a known carcinogen. A Level 4 shutdown
(Equipment Protection) classification for the ESD interlocks for
this deviation would not be sufficient because the potential
impact of a reactor rupture is greater than just the loss of the
reactor. The potential impact of a reactor rupture involves
significant environmental considerations. Therefore, a Level 3
(Equipment Isolation) classification is the minimum acceptable
classification.
Written Description
Logic Diagram
CAUSE (IF)
Cause K-304 high disch. press. PSHH [34.5 kPa S C Relationship
(5 psig)]
High disch. press. reset pushbutton R O
K-304 disch. valve closed S
FO
PV
307 PI
PSHH
309
To Vent
FC System
Vacuum ZV
Pump
K-304
P&ID
Written Description
This switch action stops K-304 vacuum pump, closes K-304 vacuum pump
discharge block valve, and actuates a visual and audible high discharge
pressure shutdown alarm.
When the high pressure condition has been corrected, the operator can
push the high discharge pressure shutdown reset pushbutton. This reset
action clears the high discharge pressure shutdown alarm, and it provides
a run permissive signal to K-304 vacuum pump.
The logic diagram uses the same inputs (causes) and outputs
(effects) that are used in the written description and the cause-
and-effect matrix. The logic diagram represents in graphical
form the cause-effect relationship that exists between the
causes and effects of the cause-and-effect matrix as described
by the written description. A separate logic diagram should be
developed for each written description.
CCR
Gasoline/Kero blending
Distribution operations
Demineralizers
R. O. plants
GRAPHIC
ELEMENT NAME
INITIAL
STEP
STEP
TRANSITION
DIRECTED
LINKS
DOUBLE
LINK
Initialize
1
Initialization Complete
Heat
Hold
Sample rejected by lab
Pumpout
Pumpout complete
4 Start agitator
EFFECT (THEN)
CAUSE (IF)
Repeat this action for the inputs and set points for
Level 2, Level 3, and Level 4 shutdowns.
OUTPUTS
LOGIC
INPUTS
T-303 High
PB Level Reset = 1 OR
Engineering Encyclopedia
Output Symbol
301 Shutdown
Reset
T-303 High
K-304 Disch.
Block Valve ZV
(Closes when 301
K-304 High output = 0)
PB Disch. Reset = 1 OR
302 Press.
Shutdown
Reset K-304 High
Disch. Press.
Shutdown PAHH
K-304 High High Pressure = 0
PSHH Disch. A Alarm Signal 310
310 Press. (Alarm on when
Shutdown output = 0)
Input Symbol
50
ESD Systems
T-501 Reactor
PB High Level Reset = 1 OR
501 Shutdown
Reset
T-501 Reactor
Engineering Encyclopedia
High Level
T-501 Reactor Shutdown LAHH
LSHH High Level = 0 A Alarm Signal
High Level 506
506 Shutdown (Alarm on when
output = 0)
T-501 Reactor
Batch Sequence In Step Active = 1 OR
ADD INGREDIENT A,
Step 2 T-501 Reactor
Ingredient A
T-501 Reactor A Block Valve ZV
Batch Sequence In 501
ADD INGREDIENT A, Step Active = 1 (Closes when
output = 0)
52
ESD Systems
GLOSSARY
0-state A state of input and output signals in binary logic that defines
the absence of energy.
1-state A state of input and output signals in binary logic that defines
the presence of energy.
AND function A logic function in which the output assumes the 1-state if
and only if all inputs assume the 1-state.
annotated logic A graphical method for showing ESD inputs, outputs, and
diagram internal logic using AND/OR, timer, or counter logic
elements with basic logic statements embedded in the
diagram.
basic process control A system that responds to input signals from the equipment
system (BPCS) under control and/or from an operator and generates output
signals, causing the equipment under control to operate in
the desired manner.
binary logic diagram A method of representing the logic in binary interlock and
sequencing systems using abstract logic functions such as
AND, OR, and NOT.
cause-and-effect matrix A form of state table that is used for showing the
relationship between a process input and an output device
in binary interlock and sequencing systems.
DELAY INITIATION A time delay function in which the time delay occurs when
(DELAY TO ON) logic the input changes from the 0-state to the 1-state.
function
DELAY TERMINATION A time delay function in which the time delay occurs when
(DELAY TO OFF) logic the input changes from the 1-state to the 0-state.
function
exclusive OR function A logic function in which the output assumes the 1-state if
one, and only one, input assumes the 1-state.
guide word Simple words that are used to qualify or quantify the design
intention and to guide and stimulate the brainstorming
process for identifying process hazards and/or operability
problems during a HAZOP.
NOT function A single input, single output logic function in which the output
state is the complement of the input state.
piping and instrument A graphical method for representing the physical equipment,
diagram (P&ID) piping, and instrumentation in a process.
time delay function A logic function in which the response of the output is
delayed following a change in the input.