Process plant shutdown systems

A process plant shutdown system is a functional safety countermeasure crucial in any hazardous process plant such as oil and gas production plants and oil refineries. The concept also applies to non-process facilities such as nuclear plants. These systems are used to protect people, assets, and the environment when process conditions get out of the safe design envelope the equipment was designed for.

As the name suggests, these systems are not intended for controlling the process itself but rather for protection. Process control is performed by means of an independent process control systems (PCS) and should not be relied upon to execute critical safety actions.

Although functionally separate, process control and shutdown systems are usually interfaced under one system, called an integrated control and safety system (ICSS). Shutdown systems typically use equipment that is SIL 2 certified as a minimum, whereas control systems can start with SIL 1. SIL applies to both hardware and software requirements such as cards, processors redundancy and voting functions.

Types
There are two main types of safety shutdown systems in process plants:
 * Process safety system (PSS) or process shutdown system (PSD).
 * Safety shutdown system (SSS) or emergency shutdown (ESD), which usually entails activation of an emergency depressurization (EDP) or emergency blowdown system.

Process shutdown (PSD)
An automatic PSD typically isolates the system by shutdown isolation valves, thus bringing it to a safe state before the process parameters, such as level, temperature or pressure, exit the system safe design envelope. Its inputs are critical process signals from the likes of pressure and temperature transmitters, which must be separate from those used for process control. This separation provides redundancy and reliability.

Emergency shutdown (ESD)
These systems may also be redefined in terms of ESD/EDP levels as: The safety shutdown system shall shut down the facilities to a safe state in case of an emergency situation, thus protecting personnel, the environment and the asset. The safety shutdown system shall manage all inputs and outputs relative to emergency shutdown (ESD) functions (environment and personnel protection). Inputs include for example manual activation and signals from the fire and gas system (FGS). Apart from the actuation of shutdown valves and blowdown valves, outputs include isolation of electrical sources, power shutdown, activation of fire pumps, etc. ESD is usually activated when a loss of containment and/or a fire is detected, although it may be activated at any time the plant operators feel it is necessary to preserve life, assets and the environment.
 * ESD level 1: In charge of general plant area shutdown, will also activate ESD level 2 if necessary. This level can only be activated from the main control room.
 * ESD level 2: This level shuts down and isolates individual ESD zones and may activate if necessary EDP.
 * ESD level 3: provides fluid containment by closing shutdown isolation valves or emergency shutdown valves (ESDVs).

Fire and gas system (FGS)
The main objectives of the fire and gas system are to:
 * Detect at an early stage the presence of flammable gas using gas detectors.
 * Detect at an early stage hazardous liquid spills.
 * Detect incipient fire and the presence of fire using fire detectors.
 * Provide automatic and/or facilities for manual activation of the fire protection system as required.
 * Transmitting input to the ESD system for it to initiate appropriate automatic actions.

Emergency depressurization (EDP)
Emergency depressurization, or blowdown, is an important system for safeguarding process plant in the event of an emergency. Equipment such as pressure vessels exposed to fire could undergo catastrophic failure leading to an uncontrolled loss of containment. Depressurization reduces potential failure by removing inventory from the plant thereby decreasing the internal mechanical stresses and extending the plant’s integrity at elevated temperatures. Its function is distinct from that of pressure relief valves, which are passive devices opening if pressure reaches a value above the process safety trip, but still below the design pressure of the equipment. Relief valves complement the PSD.

A process plant is typically divided into isolatable sections by emergency shutdown valves (ESDVs). Each section may be designated as belonging to a fire zone that is depressurized by a dedicated blowdown valve (BDV) or set of BDVs. During ESD conditions, the depressurization of only specific isolatable sections is undertaken. However, during more widespread emergency circumstances, the whole facility may be depressurized.

In a typical depressurization system, the goal is typically reduce the pressure in the plant to less than 50% of the design pressure or to 7 barg, whichever is lower, within 15 minutes.

Disposal of blowdown fluids is generally to flare systems or, if safe to do so, non-fired blowdown drums. Blowdown may be strategically delayed by fire zone to shave peak flow and allow the flare to deal with the incoming gas. This is generally referred to as a staggered blowdown. A depressurization system comprises an actuated valve and a restriction orifice. The BDV valve is normally held in the closed position but opens on demand or on failure of the actuator. A restriction orifice (RO) downstream of the BDV is sized to achieve the desired blowdown rate. A locked-open valve may be located downstream of the orifice. The valve, in the closed position, allows the functionality of the BDV to be tested without depressurizing that section of the plant.