12/06/2020

Safe Operating Limits

Why, What, How ?

Michael Godfrey FIChemE

Presentation Overview
 Safety Moment

 Why we need SOL

 SOL Definitions

 Equipment and parameter identification

 Operator response and Process Safety Time

 Links to SCE, IOW and further

 References and further sources of information

1
 12/06/2020

SOL in the air

 17th January 2008 London Heathrow Airport
 Flight BA38 from Beijing. Loss of power to both engines on final
approach
 Crew retract flaps and manage to extend glide over A30
 Crash Lands just inside the airfield security
fence
 Investigation - the flight exceeded safe
operating limits.

BA38 : Investigation & SOL

 Fuel was in specification for water Air temperature
 Low air temperatures during the flight. recording
Fuel flow to engines also reduced at
times
 Analysis of 175,000 flights identified
that the accident flight was unique
among 35,000 Rolls-Royce powered
flights
 Low Temp and low Flow led to
formation of ice
Ice deposition on tube sheet
 Ice blocked the fuel oil heat exchanger during simulation
 Loss of power to engines . . . . . the
rest is history
 Initial recommendations
 Use of additive to prevent freezing
 Review design of the fuel delivery
system

2
 12/06/2020

Introduction
 Concept of defining safe operating limits is not new . . . . .
 OSHA clean Air Act Amendment, 1990 (Pre PSM)
o 6.Develop and implement written operating
procedures for the chemical processes,
including procedures for each operating
phase, operating limitations, and safety
and health considerations
 UK HSE: Pipeline Safety regs, 1996
o PSR Regulation 11 states the pipeline
operator shall ensure that no fluid is
conveyed in a pipeline unless the SOLs of Becoming
the pipeline have been established and this
that a pipeline is not operated beyond its
SOLs.
o Schedule 5 of PSR specifies as a notifiable
event, changes in the SOLs Stop this

 Intent of SOL ?
API754: PS Indicator pyramid

Safe Operating Limits: Definition

Industry Practice

 API RP 754 uses a 4 tier reporting system where Tier 1 & 2 process safety
events are Loss of Primary Containment (LoPC) events providing ‘lagging’
metrics. The reporting of these metrics is currently shared across the
industry.
 Reporting SOL and SDL excursion events (Tier 3 events) are an indication,
of the performance of the layers of protection, before an incident escalates
to a possible LOPC event. Hence a ‘leading’ indicator.

Definition - CCPS

 Safe Operating Limits - Limits established for critical process parameters,

such as temperature, pressure, level, flow, or concentration, based on a
combination of equipment design limits and the dynamics of the process.

https://www.aiche.org/ccps/resources/glossary/process-safety-glossary/safe-operating-limits
6

3
 12/06/2020

‘Normal’, ‘Safe’, ‘Design’

 NOL (Normal Operating Limit) is the high or low
value of a parameter which defines the Design margin /
known unsafe /
boundaries of the normal operating envelope. uncertain Upper safe
design limit
Troubleshooting actions are required when a Buffer
parameter reaches the normal operating limit zone Upper safe
operating limit
Trouble

Envelope
 SOL (Safe Operating Limit) is the high (or low) shooting
zone
value of an operating parameter that defines the

Safe Operating Envelope

Upper normal
operating limit
boundaries of the safe operating envelope. Normal
Operating

DesIgn
◦ SOLs should be set such that a trip set within Envelope
the safe operating envelope will trigger an Lower normal
operating limit
immediate, pre-determined action Trouble
shooting

Safe
zone
 SDL (Safe Design Limit) is the high or low value Lower safe
operating limit
of a parameter that if exceeded, may Buffer
zone
compromise equipment integrity. For example, Lower safe
design limit
Design margin /
the Maximum Allowable Working Pressure of a known unsafe /
uncertain
vessel is the upper Safe Design Limit.
7

SOL Example

Upper
NOL &
Alarm

Lower
NOL &
Alarm

Lower
SOL &
Trip

BP KOC template 8

4
 12/06/2020

Identifying Systems: Bow tie diagram

Generic hazard – release of flammable process fluid (HC gas/liquid).

HC: Fire or
explosion

Mechanical Harm to
Impact people

LOPC of
Exceeding flammable
Asset
SOL fluid damage

Environment
Corrosion / impact
Erosion

Focus is on control, alarm and safety instrumented systems preventing

SOL exceedance

‘Safe Operating Envelopes – Identification ’

 One approach bases parameter identification on severity i.e. 1 fatality +

 Refer to your HAZOP study (or HAZID)

Low Likelihood High

A B C D E F

High VI 10+ Fatalities

V 2 - 9 Fatalities
Severity

IV Single Fatality

III

II

Low
I

5
 12/06/2020

Parameter identification
 Using Bow Ties and HAZOP report it should be possible to develop
guidance for key parameters

 Company may have procedures – if not develop a philosophy or similar

Pressure vessel (generic) – key parameters

Scenarios Parameters SDL SOL
Overpressure leading Process Pressure Maximum design Set point of high high
to loss of containment pressure pressure trip
Overfill leading to loss Liquid Level If the span of the Set point of high high
of containment transmitter covers the full level trip
height of the vessel, SDL
is the height of the tank.
Otherwise, SDL is the
highest level measurable
by the transmitter.
High temperature Process Maximum design Set point of high high
leading to loss of Temperature Temperature temperature trip (2)
containment
Low temperature Process Minimum design Set point of low low
leading to brittle Temperature Temperature temperature trip, or PT
failure and loss of limits trip
containment

Process Safety Time (PST)

Process
Safety
time
Operator
Vessel Level

troubleshooting
time
Alarm: LAH Trip: LSHH

Blocked outlet
e.g. ESDV FC
Time

• Estimate Safety Instrumented Function response time (e.g. Loop

response, valve closure time) and compare to PST. SIF response time
should less than PST in order to bring the process to a safe state.
• Design set SIF response to 50% of PST
12

6
 12/06/2020

SOL – Suggested Approach for existing facilities

 Develop a philosophy

 Identify relevant systems / equipment

 Identify parameters

 Determine design limits

 Determine / verify PS time and trip settings i.e. safe operating limit(s)
 Determine / verify alarm settings and operator response time i.e. normal
operating limit

 Make recommendations

 Summarise results

SOE and SCE - linkage

Commonality
 Identification: Both can be based on the Bow-Tie and consequence
severity
◦ PSV on potable water isn’t necessarily SCE
 Process Safety Time
◦ Existing operations – SOE assessing effectiveness of alarm & trips
◦ Projects – Used to define SIF response time i.e. Performance Standards

 Key leading Process Safety

indicators
◦ SCE maintenance overdues;
SOE process excursions
Differences
 Identification: SCE can include
broader barriers

7
 12/06/2020

SOE – Broader Linkage

 Understanding of SOL enables or supports other PS practices and
activities.

Safe
Alarm & trip
operating
register
Procedures

Safe
Operating
Limits
Management
SCE
of Change
Performance
Standards

HAZOP &
LOPA study

Integrity Operating Windows (IOW)

 SOE: Focus is on parameters such as Pressure, Temperature, Level.
 Deviation can lead to LOPC, possibly within seconds or minutes
 What about other parameters e.g. pH, Chloride, Oxygen, Flow (Erosion) ?
◦ Deviations can also lead to LOPC, albeit over a longer time frame
 Integrity operating windows can be used to assess, define and track
◦ API standard 584

16

8
 12/06/2020

IOW, SOE and beyond

 Establishment, implementation and maintenance of IOW
 Effective transfer of knowledge to affected personnel
 An effective MoC program to identify changes
◦ ‘Creeping change very relevant here’

 SOE shouldn’t just be limited to

processing plant
 Upstream well and gathering systems
 Reservoir and downhole equipment

17

Summary – Know your limits

Understanding & implementing safe operating limits can lead to
 Safer and more reliable operations
 Enable deviations to be identified and hence investigated
 Reduce the number of Tier 1 and Tier 2 Process Safety Events
 Support other Process Safety requirements and programs
◦ HAZOP / LOPA studies, SCE performance standards, etc.

 Provide a foundation for broader or further application e.g. IOW

 Support a culture of continuous improvement

18

9
 12/06/2020

References & Sources of information

 API 754: Process Safety Indicators
 API 584: Integrity Operating Windows
 IOGP 456: PS Recommended practice on
Key Performance Indicators
 IChemE leading KPI’s
https://www.icheme.org/media/1092/safety-centre-
metrics.pdf
 BA38 incident – short
https://en.wikipedia.org/wiki/British_Airways_Flight_38
 BA38 incident – long
https://www.gov.uk/aaib-reports/1-2010-boeing-777-
236er-g-ymmm-17-january-2008

10