SAFETY

1
SAFETY

• MIT 40

2
Safe state
-What is it? -For whom? Stop Train
Process Machines
Maintain (Alarm operator) Airplane
Exothermal reactor Drill-rig? Airbag?
3
Failure Modes

• Dangerous failure
• The system does not perform its function when
  activated
• Spurious Trip
• The system performs its function without beeing
  activated
• Also, many spurious trips are negative for the
  overall safety of the installation

4
Risk
Risk Consequence x Frequency Frequency
Demandrate x Probability of failure of the safety
function EXAMPLE Gas-leakage due to
overpressure Overpressure once a year SIS
failure every 10. demand
RESULT Gas-leakage due to overpressure every 10.
years
5
Risk based
Requires independence
6
1oo2 voting
Safe state off
Safe state on
Good safety Bad availability
7
2oo2 voting
Safe state on
Safe state off
Bad safety Good availability
8
Qualitative requirements
When a safety function does not work, it is
either broken or wrong. Wrong location of
detectors Software mistakes Operator
blunders/typos Systematic failures can not be
calculated.only minimized and corrected
9
Other requirements

• independent and in addition to other systems
• (PSA, API, IEC 61508-1 (ch. 7.5.2.6 b))
• not to be negatively influenced by failures in
  other systems
• Process safety to be done by two independent
  and different barriers
• (OD/API RP 14C)
• Primary barrier (instrumented)
• Secondary barrier (mechanical)

10
Rules/regulations/standards
IEC61511
IEC61508
PSA
API RP 14C
DnV
Company standards (Statoil, Hydro, Phillips,
Shell, BP etc.)
OLF 070
11
Maritime Black Box MBB .
12
The Maritime Black Box MBB system consists of the
units described below.

• Norcontrol Data Collection Unit (DCU)
• Interfaces sensors and equipment for data
  collection and storage in the PSU,
• Multi Serial Interface Module (MSI), Audio
  Recording Module (ARI),
• Distributed Process Modules (DPU) and a video
  frame grabber card.
• Operation and monitoring of the Maritime Black
  Box system (MBB)
• Norcontrol Protected Storage Unit (PSU)
• Storage of recorded data
• Optional Replay and Evaluation Unit (REU)
• Unit for replay and training using recorded data

13
Data Recorded 1

• Data and Time Date and Time is derived from a
  device external from the ship, normally a GPS.
• Ship's position Latitude and longitude, this is
  derived from an electronic position-fixing system
  (GPS).
• Ship Speed Ship speed is normally recorded from
  the ships Speed Log
• Ship Heading Ship heading is recorded as
  indicated by the ship's compass or gyro
• Bridge Audio Recorded through microphone panels
  located on the bridge. Four microphones are
  included in standard delivery

14
Data Recorded 2

• Communication Audio (VHF)
• In and outbound communication from the ships VHF,
  one VHF set included in standard delivery
• Radar Radar image as displayed to the operator,
  one radar included in standard delivery
• Echo sounder This includes depth under keel, the
  depth scale currently being displayed and other
  status information if available.
• Main alarms Including the status of all mandatory
  alarms on the bridge, more specifications in
  chapter 5.1.1

15
Data Recorded 3

• Rudder order and response Rudder order and
  response angle on rudder is recorded, including
  status and setting of autopilot if fitted.
• Engine order and response Including position of
  engine telegraphs, both ordered speed and
  propeller response. Bow and stern thrusters are
  also recorded if fitted
• Hull openings status Including all IMO mandatory
  status information of hull openings that's
  required to be displayed on the bridge.

16
Data Recorded 4

• Watertight and fire door status
• This includes all IMO mandatory status inforation
  that's required to be displayed on the bridge.
• Accelerations and hull stresses
• Where a ship is fitted with hull stress and
  response monitoring equipment all the data items
  that have been pre-selected within that equipment
  is recorded.
• Wind speed and direction The wind speed and
  direction is recorded from the navigation system.
  Both true and relative wind is recorded,
  including each direction

17
(No Transcript)
18
KONGSBERG MARITIME SAFETY SYSTEMS
19
AIM Safe

• The Kongsberg Maritime Safety System (AIM Safe)
  is a computerised system developed and designed
  specifically for the safe monitoring and
  automatic corrective actions on unacceptable
  hazardous situations.
• The AIM Safe system being a part of the AIM family

20
Basic Applications

• An acceptable risk level must be established and
  means to achieve this acceptable risk level must
  be found.
• The most common use of computerised safety
  systems is for Emergency and/or Process ShutDown
  (yellow) and Fire Gas detection and protection
  systems (red).
• Usually the systems are delivered with no
  interdependence, only information exchange
  between them takes place.
• This way the different safety barriers are kept
  independent

21
(No Transcript)
22
Typical topology for an offshore vessel

• Installations on rigs usually centralize the HMI
  for safety systems to a central control room.
• Non-explosion proof equipment such as fire
  central, computers and traditional IO cards are
  normally centralized in the non-hazardous areas.
  
• Remote IO units and field sensors are physically
  distributed.
• RIO units can be delivered for installation both
  in non-hazardous and hazardous areas

23
(No Transcript)
24
(No Transcript)
25
Typical topology for cruise vessels

• Installations on cruise vessels are usually
  physically distributed into the main fire zones.
  The solution reduces cabling cost and provides
  autonomous units to control the main fire zones.

26
(No Transcript)
27
Emergency ShutDown (ESD)

• The Emergency ShutDown System (ESD) shall
  minimise the consequences of emergency
  situations,
• uncontrolled flooding,
• escape of hydrocarbons,
• outbreak of fire in hydrocarbon carrying areas
  or areas which may otherwise be hazardous.
• Basically the system consist of field-mounted
  sensors, valves and trip relays, system logic
  for processing of incoming signals, alarm and
  HMI units.

28

• The system is able to process input signals and
  activating outputs in accordance with the Cause
  Effect charts defined for the installation
• ShutDown of part systems and equipment
• Isolate hydrocarbon inventories
• Isolate electrical equipment
• Prevent escalation of events
• Stop hydrocarbon flow
• Depressurise / Blowdown
• Emergency ventilation control
• Close watertight doors and fire doors

29
Process ShutDown (PSD)

• The Process ShutDown system ensures a rapid
  detection and safe handling of process upsets.
• the system consists of field-mounted sensors,
  valves and trip relays, a system logic unit for
  processing of incoming signals, alarm and HMI
  units.
• The system is able to process all input signals
  and activating outputs in accordance with the
  applicable Cause Effect charts.
• Typical actions from PSD systems are
• ShutDown the whole process
• ShutDown parts of the process
• Depressurise /Blowdown parts of the process

30
Fire / gas Detection and Protection (FDP)

• The Fire detection and protection system (FDP)
  shall provide early and reliable detection of
  fire or gas, wherever such events are likely to
  occur, alert personnel and initiate protective
  actions automatically or manually upon operator
  activation.

31
Typical actions from FDP systems are

• Alert personnel
• Release fire fighting systems
• Emergency ventilation control
• Stop flow of minor hydrocarbon sources such as
  diesel distribution to consumers.
• Isolate local electrical equipment
• Initiating ESD and PSD actions
• Isolate electrical equipment
• Close watertight doors and fire doors

32
Safety Management (SMS)

• The SMS combines information from multiple
  sources with decision support and lifeguarding
  actions.
• SMS is useful for crisis management especially on
  cruise ships and other complex installations, but
  will be useful even in other applications.
• The primary function of the SMS is to detect and
  announce the presence of a hazardous situation
  from multiple sources providing a homogenous HMI
  for all relevant subsystems.
• The system is able to display information about
  location of firewalls and passive fireprotection
  equipment, escape routes, ventilation status etc.

33
(No Transcript)
34
Functionality of the SMS

• Emergency procedures / Decision Support System
  (DSS)
• Automatic or manually initiated safety reports
  for incidents, routine checks and drills
• Identification of escape routes from the areas
• Location of manual fixed/portable fire
  extinguishing components
• Integration of CCTV functionality (AIM Video)
• Online -help
• Safety Condition Parameters (SCP)
• Integration of information from other control
  systems and subsystem

35
Emergency procedures / Decision Support system
(DSS)

• Decision support is a tool to concentrate
  information to the decision-makers during
  incidents and to guide them through the situation.