FEED FOR JARN YAPHOUR ACCELERATED DEPLETION DEVELOPMENT PROJECT

ADCO PROJECT No. P44010

ADCO CONTRACT No. 15417.01/EC 10826
TECHNIP PROJECT No. 030912C005

DOCUMENT / DRAWING COMMENTS RESOLUTION SHEET

Date: 08-12-2015
COMPANY Transmittal Reference Date- CONSULTANT Transmittal Reference Date
P44010-PMT-ADCO/TN-0333 06/12/2015 030912C005-000-A332-TN-0401 25/11/2015

Document / Drawing Title Document / Drawing Number , Revision

SIL CLASSIFICATION PROCEDURE 30-99-90-0681,REV_A

COMMENTS RESOLUTION SHEET

Page No./
Serial No. COMPANY COMMENTS CONSULTANT RESPONSE / JUSTIFICATION REMARKS
SHEET NO.

SIL 0 IS NOT DEFINED IN DEP-32.80.10.10 Comment noted & SIL 0 updated as < SIL 1 as per referred
1 14
Gen. From which standard it is originated SHELL-DEP.

Comment noted. As discussed & agreed with COMPANY the

ADD: SIL chairman shall be from third party &
2 15 sentence for the requirement of SIL chairman retained as per
shall have industry experience of similar Project
Rev_A
The list of SIF tags shall be updated as per Comment noted & updated as per the P&ID latest revision.
3 37 approved P&ID & HAZOP recommendations. Also Please note that this document will be updated further based
update all the tag numbers on the HAZOP P&ID as required.

Page 1 of 1
 TABLE OF CONTENTS

1. INTRODUCTION ........................................................................................ 4

2. FACILITY DESCRIPTION ........................................................................... 4

3. PURPOSE .................................................................................................. 6

4. TERMINOLOGY ......................................................................................... 6

4.1 DEFINITIONS.................................................................................. 6

4.2 ABBREVIATIONS ........................................................................... 7

5. CODES, STANDARDS AND REFERENCE DOCUMENTS ........................ 8

5.1 INTERNATIONAL CODES AND STANDARDS ............................... 8

5.2 CODES AND STANDARDS ............................................................ 8

5.3 ADNOC CODES OF PRACTICE ................................................... 10

6. PURPOSE OF SAFETY INTEGRITY LEVEL DETERMINATION .............. 12

6.1 GROUND RULES AND ASSUMPTIONS ...................................... 12

6.2 RISK REDUCTION REQUIREMENT ............................................. 13

6.3 REQUIREMENTS FOR SAFETY INSTRUMENTED SYSTEM ...... 14

6.4 INDUSTRY BEST PRACTICES FOR SAFETY INSTRUMENTED

SYSTEMS ..................................................................................... 14

7. SIL DETERMINATION TEAM COMPOSITION ......................................... 15

7.1 COMPANY/ PMC PERSONNEL.................................................... 15

7.2 CONTRACTOR PERSONNEL ...................................................... 15

8. DOCUMENTATION REQUIREMENTS ..................................................... 15

9. COMPANY TOLERABLE RISK DEFINITION ............................................ 16

10. SIL DETERMINATION USING LOPA ....................................................... 17

11. SIL DETERMINATION RESULTS DOCUMENTATION............................. 19

APPENDIX – 1 RISK MANAGEMENT AREAS CONSEQUENCE CATEGORIES 21

APPENDIX – 2 GUIDELINES FOR INITIATING EVENT LIKELIHOOD ................ 24

APPENDIX – 3 GUIDELINES FOR RISK REDUCTION FOR INDEPENDENT

PROTECTION LAYERS (IPL) ................................................................... 27

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 2 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 4 GUIDELINES FOR RISK REDUCTION FOR OPERATOR
RESPONSE AS AN IPL ............................................................................ 30

APPENDIX – 5 GUIDELINES FOR RISK REDUCTION FOR CONSEQUENCE

MITIGATION SYSTEMS (CMS) ................................................................ 32

APPENDIX – 6 DATA REQUIRED FROM COMPANY ......................................... 34

APPENDIX – 7 SIF TAGS LIST ............................................................................ 37

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 3 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 1. INTRODUCTION

Jarn Yaphour is an Oil & Gas field located around 50 Km from Rumaitha
field. Process facilities for JY were put on production from 1993 to 1999.
The well fluid from JY wells was sent to a manifold station by means of
flow lines. An 18” transfer line would then transport the JY production to
Abu Dhabi refinery (Umm Al Nar Refinery). In 1999, all producing 10
wells, processing facilities were mothballed and shut down and 18”
transfer line was removed.

A decision has been taken to initiate appropriate measures to accelerate

depletion and extract of the remaining reserves from the field before
abandonment by undertaking an accelerated depletion development. The
plan is to re-commission the Jarn Yaphour upstream facilities as well as
any downstream facilities on an accelerated basis without jeopardizing the
health and safety of general population in the area.

It is proposed to gather the well fluids from new wells by a single cluster,
processing facility and transfer the JY production to Rumaitha CPP. The
depletion of JY wells is expected to last 6 years.

Indicated production data is as follows:

 4000 BOPD – Field Sustainable Target rate (Associated Max. Gas

46.862 MMSCFD)

 7000 BOPD – Technical rate (Associated Max. Gas 70.75 MMSCFD)

 500 BOPD – Turndown rate (Field Minimum Production rate)

 Maximum GOR: 17,540 SCF/BBL

 Maximum WCT: 90 %.

 Minimum WHP: 350 PSIA.

 Minimum Reservoir Pressure: 2000 PSIA.

The number of wells is optimised to 8 wells with 4 spare slots.

2. FACILITY DESCRIPTION

The production from JY field will be achieved through 8 producer wells.

The producer wells will flow naturally to surface. Each flow-line is
connected to Multi Selector Manifold (MSM). MPFM is envisaged in JY to
test the each well on regular interval.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 4 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Fluid from MSM will be transferred to a two phase separator. Gas and
liquid is separated in the separator and sent to a Compressor and MOL
pump respectively, for boosting the pressure.

Pressurised gas from Compressor and liquid from MOL pump will then be
commingled and transferred through an approximately 72.5 Km pipeline to
Rumaitha Phase-III CPP for processing.

The development at JY field involves the following facilities as a minimum

At Jarn Yaphour

 One production cluster (pad) suitable for 8 producer wells and space
provision for 4 future. Design capacity shall only be for 8 wells, while
MSM shall have capacity for connection of minimum 12 slots.

 Multi Selector Manifold (2 Nos)

 MPFM for well testing

 Separator (Two Phase)

 Compressor System (Including Suction Scrubber and Discharge Air

Cooler)

 MOL Pump

 Pig Launcher with mechanical interlock system

 Export Pipeline (16”)

 Nitrogen Generation Package

 Instrument / Plant Air Package

 Potable Water System

 Diesel Tanks & Pumps

 Closed Drain System

 Flare System (including Flare KOD, Pumps & Enclosed Flare Stack)

 Open Drain System

 Chemical Injection Packages

 Fire Water System

 Emergency Diesel Generator

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 5 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Pipeline (JY – Rumaitha)

 Intermediate Block Valve Stations on Pipeline (Minimum 3 Nos)

At Rumaitha Phase-III

 Pig Receiver with mechanical interlock system

 Slug Catcher

 Custody Flow Meters( for both gas & liquid outlet lines)

 Closed Drain System

3. PURPOSE

This document provides the general as well as specific procedure

guidelines for conducting Safety Integrity Level (SIL) Determination study
of the Safety Instrumented Functions (SIF) under the Feed for Jarn
Yaphour Accelerated Depletion Development Project.

SIL Determination methodology for the Project shall be based on Layer of

Protection Analysis (LOPA) technique as described in International
Electro-technical Commission’s IEC 61511:2003 & IEC 61508:2010 and
American Institute of Chemical Engineers/ Centre for Chemical Process
Safety (AIChE/CCPS) Guidelines.

4. TERMINOLOGY

For the purpose of this document the words and expressions listed below
shall have the meanings assigned them as follows:

4.1 DEFINITIONS

FEED for Jarn Yaphour Accelerated Depletion

PROJECT :
Development Project
Abu Dhabi Company for Onshore Petroleum Operations
COMPANY :
Ltd. (ADCO)
CONSULTANT : TECHNIP FRANCE, ABU DHABI (TECHNIP)
Party who manufactures or supplies equipment and/or
VENDOR :
services including Sub-Suppliers or Sub-Vendors
A duly approved entity or company engaged by ADCO
CONTRACTOR :
company to perform the EPC works of the project.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 6 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 4.2 ABBREVIATIONS
ADCO Abu Dhabi Company for Onshore Petroleum Operations Ltd.
ADNOC Abu Dhabi National Oil Company
JY Jarn Yaphour
FEED Front End Engineering Design
API American Petroleum Institute
BS Alarm and Event
DCS Distributed Control System
ICSS Integrated Control and Safety System
ALARP As Low As Reasonably Practicable
BPCS Basic Process Control System
IEC International Electro-technical Commission
CMS Condition Monitoring System
ISO International Standards Organization
CR Control Room
DEP Design & Engineering Practices
F&G Fire and Gas
FGS Fire and Gas System
ESD Emergency Shutdown
FDS Functional Design Specification
HAZOP Hazard and Operability Study
HMI Human Machine Interface
HSSD High Sensitive Smoke Detection
HVAC Heating Ventilation and Air-Conditioning
GOR Gas-Oil-Ratio
GVF Gas Volume Fraction
HC Hydrocarbon
I/O Input/ Output
IS Intrinsically Safe
IPF Instrument Protective Function
IRP Interposing Relay Panel
LOPA Layer Of Protection Analysis
MOS Maintenance Over-ride Switch
PFD Probability of Failure on Demand
PFDavg Average Probability of Failure on Demand
PA/ GA Public Address & General Alarm

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 7 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 PLC Programmable Logic Controller
PSV Pressure Safety Valve
SCADA Supervisory Control And Data Acquisition
SCMS Substation Control and Monitoring System
SIL Safety Integrity Level
SIF Safety Instrumented Function
SIS Safety Instrumented System
UCP Unit Control Panel
UPS Uninterruptible Power Supply
MMS Machine Monitoring System
WHCP Well Head Control Panel (Hydraulic Panel)
Technischer Uberwachungs Verein – National Engineering
TUV NEL
Laboratory, Scotland, UK
CPP Central Processing Plant
WLR Water Liquid Ratio
SBPD Standard Barrels per day
MMSCFD Million standard cubic feet per day

5. CODES, STANDARDS AND REFERENCE DOCUMENTS

5.1 INTERNATIONAL CODES AND STANDARDS

The instrumentation design shall comply with the following codes and
standards:

5.2 CODES AND STANDARDS

The instrumentation design shall comply with the following codes and
standards:
American Petroleum Institute (API) Recommended Practices
API RP-14C Recommended Practice for Analysis, Design, Installation and
Testing of Basic Surface Safety Systems for Offshore
Production Platforms
API RP-14J Recommended Practice for Design and Hazard Analysis for
Offshore Production Facilities.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 8 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 IEC Regulations
IEC 61508 - 1 Functional safety of electrical/electronic/programmable
electronic safety-related systems Part 1 general
requirements
IEC 61508-2 Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 2: Requirements for
electrical/electronic/programmable electronic safety-related
systems
IEC 61508-3 Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 3: Software
requirement
IEC 61508-4 Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 4: Definitions and
abbreviations
IEC 61508-5 Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 5: Examples of
methods for the determination of safety integrity levels
IEC 61508-6 Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 6: Guidelines on the
application of IEC 61508-2 and IEC 61508-3
IEC 61508-7 Functional safety of electrical/electronic/programmable
electronic safety-related systems - Part 7: Overview of
techniques and measures
IEC 61511-1 Functional safety - safety instrumented systems for the
process industry sector - Part 1: Framework, definitions,
system, hardware and software requirements
IEC 61511-2 Functional safety - safety instrumented systems for the
process industry sector - Part 2: Guidelines for the
application of IEC 61511-1
IEC 61511-3 Functional safety - Safety instrumented systems for the
process industry sector - Part 3: Guidance for the
determination of the required safety integrity levels

Instrumentation, Systems and Automation Society

ISA S84.00.01 Functional Safety: Safety Instrumented Systems for the
(1 – 3 ) Process Industry.
ISA Book Safety Integrity Level Selection- with Layer of Protection
Analysis, ISA, Research Triangle Park, NC, 2002. [ISA 2002]

International Standard Organization

ISO 9001 Quality Management Systems – Requirements

Other standards
AIChE/CCPS Guidelines for Process Equipment Reliability Data- With
Guidelines Data Table: 1989 [CCPS 1]
AIChE/CCPS Layer of Protection Analysis: Simplified Process Risk
Guidelines Assessment: 2001 [CCPS 2]

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 9 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 OREDA 2002 Offshore Reliability Data Handbook, 4th Edition. SINTEF,
Norway. [OREDA-2002]
OREDA 2009 Offshore Reliability Data Handbook, 5th Edition. DNV,
Norway.
NRPD 1995 Non-electronic Parts Reliability Data 1995, Reliability
Analysis Center, Rome, NY. [NRPD-95]
HSE UK Reference PARLOC 2001: The update of loss of containment data
for offshore pipelines, HSE UK 2003 [HSE 2003]
HSE UK Reference Offshore hydrocarbon release statistics, HSE UK 2002
[HSE 2002]

5.3 ADNOC CODES OF PRACTICE

ADNOC Codes of Practice are considered as regulatory requirements for

ADNOC Operating Companies. Compliance to the Codes of Practice
shall be mandatory. ADNOC CoPs are developed under the following
broad categories and shall be complied by the contractor CONSULTANT
as relevant to the FEED phase, even if the requirements are not
specifically stated specifically in the FEED scope of workscope of work or
not.
Document Number Document Title
ADNOC-COPV5-06 Code of Practice on HSE Risk Management
(Version 02)

5.3.1 PROJECT DOCUMENTS

30-99-52-0601 Instrumentation Design Basis

30-99-91-0710 Control System Philosophy

30-99-91-0708 Fire & Gas System Philosophy

Overall Integrated Control and Safety System

30-99-42-0601
Architecture

30-99-39-0624 Specification for Wellhead Control Panel

53-21-42-0603 Block diagram for Condition Monitoring System

53-21-42-0602 Compressors Interface Block Diagram

Specification for Package equipment – Instruments &

30-99-39-0609
Control

30-99-39-0606 Specification for Marshaling cabinets

Specification for Integrated Control and Safety

30-99-39-0607
Systems

44-01-43-0601 ITR Room Equipment Layouts Rumaitha (New ITR)

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 10 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 30-99-97-0622 HAZOP Study Report

30-99-91-0705 HSE Philosophy

30-99-42-0609 Cause & Effect Diagrams

53-21-08-0641 P&ID - Typical JY Wellhead Details

53-21-08-0642 P&ID - Typical JY Wellhead Details

53-21-08-0643 P&ID - Multi Selector Manifold Sheet 1&2

53-21-08-0644 P&ID - Multi Phase Flow Meter

53-21-08-0645 P&ID - Separator

53-21-08-0646 P&ID - MOL Pumps

53-21-08-0647 P&ID - Compressor Suction Scrubber - Train 1

P&ID - Gas Compressor & Discharge Air Cooler -

53-21-08-0648
Train 1

53-21-08-0649 P&ID - Pig launcher at JY

53-21-08-0650 P&ID - Pipeline from JY to Rumaitha

44-01-08-0803 P&ID - Pig Receiver at Rumaitha

44-01-08-0804 P&ID - Slug catcher at Rumaitha

P&ID - Multi Phase Flow Metering Station at

44-01-08-0805
Rumaitha

30-99-91-0693 Process Shutdown & Safeguarding Philosophy

30-99-91-0697 ESD System Philosophy

30-99-91-0691 Flare, Relief & Blowdown Philosophy

5.3.2 SHELL DEP STANDARDS

All the relevant Shell DEP standards Latest Version (Currently 39)
including amendments, attachments and ADCO amendments shall be
applicable as follows but not limited to:

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 11 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Number Revision Title

DEP 32.80.10.10.-Gen Feb 2014 Instrumented Protective Function

6. PURPOSE OF SAFETY INTEGRITY LEVEL DETERMINATION

Establishing the necessary risk reduction requirement and the corresponding

Safety Integrity Level of Safety Instrumented Function is the purpose of SIL
Determination exercise.

SIL Determination study shall be carried out utilizing exSILentia during software
FEED Stage. However, during EPC stage, it is mandatory to use SIFPro
software as per SHELL DEP.

6.1 GROUND RULES AND ASSUMPTIONS

When predicting the consequences of the various scenarios, the SIL Review
Team will need to consider a number of associated factors. These will include
the material properties (density, toxicity, flammability, etc.), the amount of
material that is likely to be released and how much becomes airborne, the
layout and physical characteristics of the area where the loss of containment
occurs.

The following should be used as starting point:

 The probability of an incident must be assessed assuming all safety

provisions are absent.

 Operator action can be relied upon to mitigate the consequences of,

but not prevent, undesirable occurrences. Credit for operator action
will be taken only after independent and clear instruction/alarm with
sufficient action time is available to the operator.

 Proper operating, maintenance and inspection (also mechanical)

procedures are available and adhered to. This is also applicable to
the NRV’s which are considered when determining the demand rates.

 Critical spares (such as parts for or complete pot mounted-pumps,

spare rotor for compressors) are available on-site to ensure short
turn-around times.

 It is also assumed that proper mechanical maintenance and

inspection is carried out to ensure the mechanical integrity of
equipment and piping.

 After a fire or another incident that requires authorities to witness any

inspections, the representatives of the authorities are available locally
on short notice (within 24 hours). COMPANY has its own (in-house)
inspection department.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 12 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
  Refer to all other quality procedures etc. that ensure that the
assumptions are realized.

 PSV’s, if fully sized, are assumed to provide sufficient protection

against overpressure. Any SIS/IPF provided prevents relieving of the
PSV. If the PSV relieves, it is assumed that the PSV will need to be
removed and overhauled at the workshop for re-certification.

 PSV repairs following a spurious trip (revealed failure) would take an

average 6.5 hours. If a MOS is provided and helpful (initiator failure)
restart may be immediate. Otherwise a delay of eight (8) hours would
be incurred.

6.2 RISK REDUCTION REQUIREMENT

Although IEC 61508, and hence this procedure, is concerned primarily with
Electrical/Electronic/Programmable Electronic (E/E/PE) Safety Related
Systems, in most situations safety is achieved by a number of protective
systems. Therefore, when considering various risk reduction strategies, the
entire combination of safety related systems shall be included.

In such cases, the particular combination of safety provisions must meet the risk
reduction requirements applicable to the SIL determined for the scenario in
question. The risk reduction requirement for each SIL rating has been derived
from IEC 61508, and is tabulated in Table - 1. The probability of failure on
demand of the overall safety provisions must meet these values, regardless of
the method used. Refer to “Guideline for Initiating Event Likelihood” Table under
Appendix-2

Discrete SIL levels are defined in Table 3 of IEC-61511-1:2013. This Table is

reproduced below as Table-1 for ready reference:

Table 1- Safety Integrity Levels: Probability of Failure on Demand

Safety
Average Probability
Integrity Risk Reduction Factor Safety Availability
of Failure on Demand
Level (SIL)

1 10-1 to 10-2 10 to 100 90 to 99%

2 10-2 to 10-3 100 to 1,000 99 to 99.9%

3 10-3 to 10-4 1,000 to 10,000 99.9 to 99.99%

4 10-4 to 10-5 10,000to 100,000 99.99 to 99.999%

Although any form of safety provision may meet the same risk reduction
requirements as that for a certain SIL, there is still an order of preference
as to their use. Those most preferred are measures that make the
process inherently safe. Where inherent safety is not possible and other
safety provisions are necessary, then mechanical devices are generally
ADCO Project No.:- P44010
ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 13 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 preferred to safety instrumented systems, and the latter are preferred to
procedural safety provisions.

An exception may apply to installations that are safeguarded by

mechanical pressure-relieving devices, such as pressure safety valves
and rupture discs, which are designed according to standards that are
applicable to the installation and scenario in question and are generally
accepted by COMPANY.

In this context, it is worth noting that the activation of certain mechanical

pressure-relieving devices may lead to loss of containment, and these
relief scenarios need to be included in the classification exercise.

6.3 REQUIREMENTS FOR SAFETY INSTRUMENTED SYSTEM

For SIL 1, 2, and 3 it is required that safety instrument systems are not
self-resetting and are independent of process control circuits. In most
cases, this is accomplished by physical segregation of both circuits – for
example, process control performed by a DCS and safeguarding by a
dedicated safety-PLC.

6.4 INDUSTRY BEST PRACTICES FOR SAFETY INSTRUMENTED

SYSTEMS

The following industry best practices for the various safety integrity levels
will be used for this project:

< SIL1 : A DCS alarm without a certified logic solver informing the
operator that the process condition is not normal.

SIL1: A 1 out of 1 (voting) system, segregated from the process

control system, not self-resetting, with certified logic solver.

SIL2: Generally, a 1 out of 2 (voting) system, segregated from

the process control system, not self-resetting, with certified
logic solver.

SIL3: Generally, a 2 out of 3 (voting) system, segregated from

the process control system, not self-resetting, with certified
logic solver. Diversity shall be applied in order to reduce
common cause/mode failures.

SIL4: Generally, this class is to be avoided. Redesign is strongly

recommended.

To prevent nuisance trips it may be decided to implement 2oo3 voting

systems for SIL 1 and SIL 2 safeguarding initiators.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 14 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 The above to be re-visited during the SIL workshop and updated as
required.

7. SIL DETERMINATION TEAM COMPOSITION

The SIL determination is a multidisciplinary exercise, which is to be performed

by a team of suitable personnel drawn from COMPANY, PMC, CONTRACTOR
and VENDOR. It is recommended to engage the same personnel who are
involved in the HAZOP study. The following personnel are required to be
involved in the SIL determination study:

7.1 COMPANY/ PMC PERSONNEL

 COMPANY: Project Manager (Part Time).

 COMPANY: Process Engineer.
 COMPANY: Process Control/ Instrumentation Engineer.
 COMPANY: Safety/ Loss Prevention Engineer.
 COMPANY: Operations & Maintenance Representative.

7.2 CONTRACTOR PERSONNEL

 SIL Facilitator/Chairman (SIL Facilitator/ Chairman shall be CFSE

certified).
 SIL Secretary and Instrumentation & Control Engineer.
 Process Engineer.
 Safety/Loss Prevention Engineer.

8. DOCUMENTATION REQUIREMENTS

Following documentation is required for conducting SIL Determination session:

 HAZOP Reports.
 Process Operating & Control Philosophy, Safeguarding Philosophy.
 Process Flow Diagrams (PFDs), Piping & Instrumentation Diagrams
(P&IDs).
 Plot Plans.
 SIL Classification Procedure.
 Loss Prevention Philosophy, HSE Philosophy.
 Cause & Effect Diagrams.
 COMPANY Tolerable Risk definition for conducting SIL
Determination.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 15 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
  COMPANY’s Operations & Maintenance personnel manning details
for the facilities envisaged in the Project.
 Reliability Data for PFD evaluation of the Protection Layers identified
during LOPA assessment. Industry standard resources like OREDA,
AIChE/ CCPS’s LOPA book, or equal shall the utilized for this.
 Any other document that is deemed to be necessary for conducting
SIL determination.
All of the Project documents mentioned above should have been
sufficiently developed to reflect the necessary & correct information.

9. COMPANY TOLERABLE RISK DEFINITION

COMPANY is the part of ADNOC group of Companies, therefore, HSE Codes of

Practice/Guidelines of ADNOC are applicable here. Following is the Individual
Risk (IR) Tolerability Criteria defined in ADNOC document, ADNOC-COPV5-
06:2009 Version 2:

Table 2- ADNOC Quantitative Individual Risk Tolerability Criteria.

Facilities being built under JARN YAPHOUR Development Project shall be

design under ALARP as per HSE philosophy and therefore IR criteria for Public
is applicable for the project.

Full definition of Consequence categories as per ADNOC document, ADNOC-

COPV5-06:2009 Version 2, is provided in Appendix-1 of this document.

Based on the above mentioned ADNOC Tolerable Individual Risk Criteria,

ADNOC consequence categories definition for three Risk Management Areas
(refer previous paragraph of this document) and considering that Safety Integrity
Levels are defined in order-of-magnitude bands of Risk reduction measures, the
following risk frequency criteria as indicated in Table-3&4 shall be followed in
SIL Determination:

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 16 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Table 3- Quantitative Tolerable Risk-Frequency Criteria for LOPA/ SIL
Determination- For Existing Installations.

Table 4- Quantitative Tolerable Risk-Frequency Criteria for LOPA/ SIL

Determination- For New Installations.

10. SIL DETERMINATION USING LOPA

Layer of Protection Analysis (LOPA) is a simplified-quantitative risk analysis

technique. LOPA typically uses initiating event frequency, consequence severity
categories, and the likelihood of failure of the protection layers to approximate
the risk of a scenario.

Standard format for LOPA available in SIFPro or any equivalent software, which
is based on IEC 61511: 2013 shall be utilized for the Project.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 17 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Following are the Protection Layers generally employed in the Process industry
and therefore are considered in SIL determination study:
 BPCS.
 Other SIFs.
 Operator Response to an Alarm.
 Human Performance.
 Mechanical/ Structural/ Procedural Mitigation layers (like Pressure
relieving devices, Dikes, Restricted Access, Deluge systems for Fire
or Fume release, Evacuation procedures).
For all the applicable SIFs as identified by the SIL determination workshop team
the assessment will be done based on the Safety, Environmental and Asset
related losses.

Below is the flow diagram that describes the steps involved in conducting
LOPA. Note: Prior to the beginning of SIL Classification session the applicable
SIF’s will be identified along with the respective design intent in SIFPro or any
equivalent software.

Figure 1: Steps involved in LOPA

Evaluating further
Risk Reduction STEP 1
Measures Estimating
Consequence
and Severity

STEP 6 STEP 2
Making Developing
Risk Decisions Scenarios

STEP 5 STEP 3
Determining Identifying
Scenario Initiating Event
Frequency Frequency
STEP 4
Identifying
Related
Protection Layers

Step 1: Estimating Consequence & Severity- This involves identifying the

SIFs and the related consequence to screen scenarios. For this step Cause &
Effect Diagrams are referred for evaluating Consequences and along with its
magnitude.

Step 2: Developing Scenarios- This step involves developing accident

scenario for the selected Consequences (selected in Step 1). A Scenario
describes a single cause-consequence pair.

Step 3: Identifying Initiating Event Frequency- This step involves identifying

initiating event of the Scenario (identified in Step 2) and determining the
initiating event frequency. The frequency must account for background aspects
of the scenario, such as the frequency of the mode of operation for which
scenario is valid. Majority of the Initiating Events and their respective frequency
of occurrence have been described in appendices.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 18 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Step 4: Identifying Related Protection Layers- This step involves
identification of the Protection layers considering the selected Scenario and
Initiating Event. Protection Layers are devices, systems or actions which are
capable of preventing a scenario from proceeding to the undesired
consequence. Majority of the Protection Layers and their respective probability
of failure on demand (PFD) have been described in appendices.

Step 5: Determining Scenario Frequency- This step involves Risk estimation/

calculation by considering initiating event frequency (Step 3 activity), PFDs of
Protection Layers (Step 4 activity) along with the consequence involved.

Step 6: Making Risk Decisions- This step involve making Risk decisions
based comparison of the result of Risk estimation (Step 5 activity) with the
COMPANY’S Tolerable Risk criteria. If Tolerable Risk Criteria of the COMPANY
is not met then Risk Reduction Measures are considered to ensure that the Risk
involved in the scenario is less than the Tolerable Risk Criteria. Risk Reduction
Measures could be provided by introducing SIF’s or other Protection Layers.

Steps 1 to 6 are performed for all the applicable SIFs as identified by the SIL
determination team taking into reference the project Cause & Effect diagrams
and the FEED SIL study reports.

11. SIL DETERMINATION RESULTS DOCUMENTATION

Results of the Integrity Level determination shall be documented in the SIL

Classification Report and include the following information:

 Basis of the decision for all parameters. Reasons for which the team
selected specific parameters associated with a safety function shall
be documented.

 Data sources used to determine Initiating Event frequency.

 Revision level and history of the document used to record the

required Integrity Levels.

 Number and revision level of all source documents.

 Assumptions made and credit allowed for risk reduction from other
technology, external risk reduction, and control and alarm systems.

 Method used to determine Integrity Levels, together with descriptions

of all parameter ranges.

 References to manning assumptions and any consequence studies

used to evaluate parameters.

Records of the following should be compiled into a dossier:

 Outcome of each SIF Integrity Level determination.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 19 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
  Assumptions behind each value chosen in Integrity Level
determination for each SIF.

In addition, Safety Instrument System design (safety Requirement

specifications) and Lists & hierarchy of Critical safety system shall be included
as part of SIL Classification Study Report Dossier.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 20 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 1

RISK MANAGEMENT AREAS CONSEQUENCE CATEGORIES

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 21 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 ADCO Project No.:- P44010
ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 22 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 ADCO Project No.:- P44010
ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 23 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 2

GUIDELINES FOR INITIATING EVENT LIKELIHOOD

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 24 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 GUIDELINES FOR INITIATING EVENT LIKELIHOOD
Likelihood of Failure
Initiating Event
(Events per Year)
BPCS instrument loop failure, including sensor, controller, and final element.
Includes equipment failure as well as operational error. Failure in the direction
of the failure action. Source [CCPS 1 Table 5.1]. 10-1
Note: [IEC 61511] limits the likelihood of BPCS failure to no less than 9E-2/yr
(IEC, 2013).
BPCS instrument loop failure, including sensor, controller, and final element.
Includes equipment failure as well as operational error. Failure in the direction 10-2
of the failure action. Source [CCPS 1 Table 5.1].
Operator error to execute routine procedure, assuming well trained,
unstressed, not fatigued. Once per year opportunity. Source [CCPS 1 Table 10-2
5.1].
Operator error to execute routine procedure, assuming well trained,
unstressed, not fatigued. Once per month opportunity. Source [CCPS 1 Table 10-1
5.1].
Operator error to execute routine procedure, assuming well trained,
1
unstressed, not fatigued. Once per day. Source [CCPS 1 Table 5.1].
Failure of preparation for maintenance or return of plant from maintenance
LOTO (lock-out tag-out) procedure failure. Once per year opportunity. Source 10-3
[CCPS 1 Table 5.1].
Failure of preparation for maintenance or return of plant from maintenance
LOTO (lock-out tag-out) procedure failure. Once per month opportunity. 10-2
Source [CCPS 1 Table 5.1].
Failure of preparation for maintenance or return of plant from maintenance
LOTO (lock-out tag-out) procedure failure. Once per day opportunity. Source 10-1
[CCPS 1 Table 5.1].
10-1
Pump Failure (single pump normally running). Source [INPRD-95 Commercial,
(or higher based on
grounded].
site experience)
10-1
Compressor or blower failure. Source [NPRD-95 Averaged Summary]. (or higher based on
site experience)
Regulator (e.g., self-contained pressure regulator) failure. [OREDA-2002
10-2
Taxonomy 4.4.7].
Cooling water failure (redundant CW pumps, diverse drivers). Source [CCPS 1
10-1
Table 5.1].
Develop using
experience of Team
Loss of Power (redundant power supplies).
based on Historical
Experience
Fixed Equipment Failure (E.g. exchanger tube failure). Source [HSE 2002]. 2.92x10-3
Pressure vessel failure, Horizontal, Separator Source [HSE 2002], [HSE 2003]. 5.9x10-5
Pressure vessel failure, Vertical, Scrubber. Horizontal, Separator. Source [HSE
2.7x10-5
2002], [HSE 2003].

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 25 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 Likelihood of Failure
Initiating Event
(Events per Year)
Piping failure, D < 3”, Full Breach, Riser/Pipeline. Horizontal, Separator.
2x10-4
Source [HSE 2002], [HSE 2003].
Piping failure, D= 3->11”, Full Breach, Riser/Pipeline, Horizontal, Separator
1.5x10-5
[HSE 2002], [HSE 2003].
Piping failure, D= >11”, Full Breach, Riser/Pipeline, Horizontal, Separator.
1.4x10-5
Source [HSE 2002], [HSE 2003].
Piping failure, D= 3->11”, Full Breach, On Platform, Horizontal, Separator.
1.6x10-6
Source [HSE 2002], [HSE 2003].
Atmospheric tank failure. [CCPS 1 – Table 5.1]. 10-3
Gasket / packing blowout. [CCPS 1 – Table 5.1]. 10-2
Unloading / loading hose failure. Source [CCPS 1 – Table 5.1]. 10-1
Heater tube failure. Source ZADCO experience
10-2
(4 heaters, 25 years, no failures, Zirku SIL study team 7/2009).
Failure of hot oil system.
10-2
Source ZADCO (Zirku SIL study team 7/2009) experience.
Seal failure. Source [CCPS 1 Table 5.1]. 10-2
PSV spurious opening. Source [CCPS 1 Table 5.1]. 10-2
Develop using
Other Initiating Events.
experience of team
NOTES:
The facilitator in consultation with the team is provided considerable latitude in increasing the likelihood
of the initiating event from these standard assumptions based on a range of factors including: site-
specific experience with equipment, unique process service, environmental service conditions, high
demand conditions, etc. Significant decreases from these standard assumptions are discouraged.
Incident case histories may need to be reviewed during study meeting to support the data shown above.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 26 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 3

GUIDELINES FOR RISK REDUCTION FOR INDEPENDENT PROTECTION LAYERS

(IPL)

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 27 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 GUIDELINES FOR RISK REDUCTION FOR INDEPENDENT
PROTECTION LAYERS (IPL)
PFD
IPL Further Restrictions on Considering as IPL
(Typical)
The action should be independent from the initiating cause and any other
IPL. If an operator action is the initiating cause, no IPL should be assigned
Operator
to any operator action that solely relies on the same operator to recognize
Intervention
problem and quickly correct it. If the initiating cause is the BPCS, no IPL
using Operating
should be assigned to any operator action that solely relies on BPCS
Procedures
information display (e.g., process conditions, indications). Source: All figures
based on [CCPS 1 – Table 6.5]
Process Related Rounds and Inspections. Frequency of operator
rounds should be sufficient to detect potential incident. If
recognition of process variable is required, the operator should log
0.1
specific values from sensors or valves independent of the initiating
cause. Log should show unacceptable out-of-range values. SOP
should describe response to out-of-range values.
Observational. Frequency of operator rounds should be sufficient
to detect potential incident and mitigate ultimate scenario.
Impending incident should be obvious to operator through normal 0.1
visual or hearing range, i.e. loud noise, high vibration, serious
leaking, etc.
Review: Independent, supervisory review and sign-off that work is
complete and correct prior to start-up or returning component to 0.1
service.
Action: An operator action that uses a different operator, relying on
0.1
independent observation.
Corrective Action: An operator action taken based on a scenario
where the event propagation is sufficiently slow that the operator 0.1
has enough time to recognize the error and to correct it.
Alarm: The alarm with operator response should be examined to
ensure that it is independent from the initiating cause and any
other IPL. This includes not only independent field instrumentation
but also an independent channel in the BPCS and independence
of the operator (different operator). Only one BPCS-based alarm See
or BPCS function can be used as an IPL. Appen
dix - 4
The IPL credit associated with alarms with operator response is
based on the amount of time available for action and the location of
the response. See Operator Time Restrictions Table for more
information.
The BPCS should be independent of the initiating cause and any other IPL.
If the initiating cause is a BPCS control loop, another control loop within the
Basic Process
BPCS should not be designated as an IPL, unless a detailed study of the
Control System
BPCS is performed to ensure sufficient independence and redundancy in
(BPCS)
order to address common cause failure. The IPL credit associated with a
BPCS IPL is limited to 1 per IEC 61511.
Control loops normal action will mitigate the scenario. The BPCS
IPL should run in automatic mode during all operational phases
where the accident scenario exists. All sensors and final elements 0.1
of IPL control loop are independent of the initiating event control
loop, if applicable. Source [CCPS 1 Table 6.4].

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 28 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 PFD
IPL Further Restrictions on Considering as IPL
(Typical)
BPCS interlocks (interlocks NOT implemented in a separate,
dedicated logic solver) where all causes can be verified as
0.1
independent of failure of the BPCS logic solver. Source [CCPS 1
Table 6.4].
BPCS interlocks (interlocks NOT implemented in a separate,
dedicated logic solver) where all causes can NOT be verified as
1
independent of failure of the BPCS logic solver. Source [CCPS 1
Table 6.4].
The IPL should be independent of initiating cause and any other IPL. It
Other/Local
should be designed to mitigate the scenario.

Single check valve. Source [CCPS 2 Table 3.5.1.2]. 1

Check Valve
Dual check valves in series. Source [CCPS 2 Table 3.5.1.2 with 5
0.1
years test interval].
Dual Mechanical Dual Mechanical Seals including alarm indicating failure of the
0.1
Seal primary seal.
Should be designed to mitigate the scenario. Source [CCPS 1
Flame Arrester 0.01
Table 6.3].
Should be designed to mitigate the scenario. Frequency based on
Mechanical
operator error in setting/removing stop, once per year opportunity. 0.01
Minimum Stop
See operator errors in this table.
Pressure Should be designed to mitigate the scenario. Source [CCPS 1
0.1
Regulator Table 6.4. based on basic process control].
Special personnel protection equipment that is not normally worn
Special by operation or maintenance personnel, but is part of an
Personnel established procedure. This PPE would include wire mesh gloves,
0.1
Protection fire suits, respirators, self-contained breathing apparatus, etc. The
Equipment user of the equipment should be trained in the use of the PPE.
Source: based on [CCPS 1 – Table 6.5] for human response.
Safety
Should be independent of the BPCS. IPL credit is based on the SIL that is
Instrumented
achieved by the complete functional loop. Source [IEC 61511].
System

SIL 1 0.1

SIL 2 0.01

SIL 3 0.001

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 29 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 4

GUIDELINES FOR RISK REDUCTION FOR OPERATOR RESPONSE AS AN IPL

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 30 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 GUIDELINES FOR RISK REDUCTION FOR OPERATOR RESPONSE
AS AN IPL
For all listings in the table below. The alarm and operator response should be evaluated to
ensure that the components and actions are independent from the initiating cause. In all
cases, the alarm should not be operator re-settable. The operator response time should
consider the time it takes to recognize the alarm, to diagnose the problem, and to fully initiate
action. This is compared to the process time which considers how rapidly the process moves
from the alarm condition to the incident condition. Source [ISA 2002] for all figured listed below.

Time How PFD

Where Restrictions
(min) Many (Typical)
Operator should troubleshoot the alarm and
<10 Any Any (none)
determine appropriate response.
Drilled response, also known as a “never
exceed, never deviate” response. If the
alarm is received, the operator should
execute a specific action every time without
Control Single delay. Staffing should also be adequate so
2 to 10 0.1
Room Operator that there is an operator present at all times to
respond to the alarm. If the operator
response is to troubleshoot the alarm, less
than 10 minutes is not an adequate amount of
time and no IPL credit should be taken.
Operator action is complicated, i.e. large
Control Single number of alarms generated by initiating
>10 1
Room Operator cause and the response is not clear or
documented.
The operator is trained on alarm response,
Control Single
>10 has procedures available to examine and 0.1
Room Operator
practices the action periodically.
All operators listed should receive the same
information. Both operators can make
independent responses, which completely
Control Two mitigate the event. Alarm should not be
>10 0.01
Room Operators operator re-settable. The operators are
trained on alarm response, have procedures
available to examine and practices the action
periodically.
The operator is trained on alarm response,
Single
>30 Field has procedures available to examine and 0.1
Operator
practices the action periodically.
All operators listed should receive the same
information. Both operators can make
independent responses, which should
Two completely mitigate the event. Alarm should
>30 Field 0.01
Operators not be operator re-settable. The operator is
trained on alarm response, has procedures
available to examine and practices the action
periodically.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 31 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 5

GUIDELINES FOR RISK REDUCTION FOR CONSEQUENCE MITIGATION SYSTEMS

(CMS)

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 32 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 PFD
CMS Further Restrictions on Considering as IPL
(Typical)

Clean Service. PRV should be sized to completely mitigate the

0.01
scenario. Source [CCPS 1 Table 6.4].
More than one PRV is available to mitigate overpressure scenario.
Each PRV listed should be capable of independently relieving the
0.001
overpressure. Each PRV should be sized to completely mitigate
the scenario. Source based on [CCPS 1 Table 6.4].
More than one PRV is available, but more than one is required to
mitigate the full load. This includes staged release PRVs. To
achieve higher credit than 1 IPL, the PRV calculations should be
1
reviewed to determine whether the load can be successfully
handled by each PRV, based on the specific scenario under review.
Source based on [CCPS 1 Table 6.4].
Plugging Service, i.e. prone to plugging, polymerization, deposition,
or has a history of failure to operate properly when tested. An
unprotected PRV used in a plugging service is not considered (none)
sufficient for consideration as an IPL. Source based on [CCPS 1
Pressure
Table 6.4].
Relief Valve
Plugging Service, i.e. prone to plugging, polymerization, deposition,
or has a history of failure to operate properly when tested.
Redundant Pressure Relief Valves with separate process 0.1
connections. Each PRV should be sized to completely mitigate the
event. Source based on [CCPS 1 Table 6.4].
Plugging Service, i.e. prone to plugging, polymerization, deposition,
or has a history of failure to operate properly when tested.
Pressure Relief Valve with integrated rupture disk. PRV should be 0.1
sized to completely mitigate the scenario. Source based on [CCPS
1 Table 6.4].
Plugging Service, i.e. prone to plugging, polymerization, deposition,
or has a history of failure to operate properly when tested.
Pressure Relief Valve with integrated rupture disk with purging.
0.01
PRV should be sized to completely mitigate the scenario and have
a good operating history in the application under consideration.
Source based on [CCPS1 Table 6.4].
Vessel Should be designed to mitigate scenario. Release should be
0.01
Rupture Disk evaluated for potential risk. Source [CCPS 1 Table 6.4].
Process-related blast wall. This is not related to the control room
Blast- Seek
design. The blast wall is typically designed to direct/contain the
wall/Bunker Guidance
explosion away from the main process unit.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 33 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 6

DATA REQUIRED FROM COMPANY

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 34 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 A. BASE CASE TESTING INTERVALS

The base case test intervals are provided in table below, this is to be
confirmed by COMPANY:

Component Type Base case test interval

Field Transmitters 6 months

SDV Valves 6 months

BDV valves 6 months

Safety valves 6 months

Logic Solver 1 Year

Control Relay 1 Year

F & G system 1 Year

B. PLANT MAINTENANCE DATA

The JARN YAPHOUR Development plant maintenance data, as listed

below, is required from COMPANY before start of the SIL assessment
study:

Unit NN MM T

Cluster

Packages
Separator
Gas Compressor
MOL Pumps
Control Room
Substation
Where:
NN : No. of plant Operations/Maintenance personnel
MM : No. of Contractor personnel
T : Total hours spent in the hazardous area

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 35 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 C. ECONOMIC VALUES

The compressor rotor damage loss estimated as follows

i. Gas compressor : Rotor cost =300 K USD , Total repair cost= 500
K USD ( including the manpower)

ii. MOL pump : Rotor cost =200 K USD , Total repair cost= 400 K
USD ( including the manpower)

The Feed For Jarn yaphour Accelerated Depletion Development Project

production losses under various conditions are considered as follows:

i. Oil stream : 45 K USD per hour

ii. Gas stream : 15 K USD per hour

The compressor seal damage loss estimated as follows:

i. Gas compressor : Total Dry Gas seal kit cost= 300 K USD (
including the manpower)

Note: The above values shall be reviewed during SIL workshop however
above values has been taken from the past ASR Feed project.

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 36 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 APPENDIX – 7

SIF TAGS LIST

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 37 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 SIF Tags for JY Facility

Serial
Tag No. P&ID No. Description / Location
No.

1 53-21-DPT-0301-01 53-21-08-0645 Separator

2 53-21-LT-0301-03 53-21-08-0645 Separator

3 53-21-LT-0301-02 53-21-08-0645 Separator

4 53-21-PT-0301-02 53-21-08-0645 Separator

5 53-21-PT-1001-02 53-21-08-0646 Condensate export Pumps -Train 1

6 53-21-PT-1001-05 53-21-08-0646 Condensate export Pumps -Train 1

Compressor Suction Scrubber –

7 53-21-DPT-2801-01 53-21-08-0647
Train 1 ( note 1)

Compressor Suction Scrubber –

8 53-21-LT-2801-01 53-21-08-0647
Train 1 (note 1)

Compressor Suction Scrubber –

9 53-21-LT-2801-02 53-21-08-0647
Train 1(note 1)

Gas Compressor 1st Stage –

10 53-21-PT-2801-05A 53-21-08-0648
Train 1(note 1)

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 38 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 11 Gas Compressor 1st Stage –
53-21-PT-2801-05B 53-21-08-0648
Train 1(note 1)

Gas Compressor 1st Stage –

12 53-21-PT-2801-05C 53-21-08-0648
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

13 53-21-PT-2801-08
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

14 53-21-PT-2801-09
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

15 53-21-TT-2801-03A
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

16 53-21-TT-2801-03B
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

17 53-21-TT-2801-03C
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

18 53-21-TT-2801-05A
Train 1(note 1)

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 39 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 53-21-08-0648 Gas Compressor 1st Stage –
19 53-21-TT-2801-05B
Train 1(note 1)

53-21-08-0648 Gas Compressor 1st Stage –

20 53-21-TT-2801-05C
Train 1(note 1)

21 53-21-DPT-1301-01 53-21-08-0649 Pig Launcher

22 53-21-PT-1301-02 53-21-08-0649 Pig Launcher

23 53-21-PT-018P-05 53-21-08-0641 Production Wellhead

24 53-21-PT-018P-06 53-21-08-0641 Production Wellhead

25 53-21-PT-018P-04 53-21-08-0641 Production Wellhead

26 53-21-LT-6601-01 53-21-08-0671 Open Drain System

27 53-21-LT-6601-04 53-21-08-0671 Open Drain System

Instrument Air Receiver and

28 53-21-PT-6101-03A 53-21-08-0661
Distribution

Instrument Air Receiver and

29 53-21-PT-6101-03B 53-21-08-0661
Distribution

Instrument Air Receiver and

30 53-21-PT-6101-03C 53-21-08-0661
Distribution

31 53-21-LT-6701-02 53-21-08-0665 Closed Drain Drums and Pumps

32 53-21-LT-6801-02A 53-21-08-0667 Flare K.O. Drum and Pumps

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 40 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc
 33 53-21-LT-6801-02B 53-21-08-0667 Flare K.O. Drum and Pumps

34 53-21-LT-6801-02C 53-21-08-0667 Flare K.O. Drum and Pumps

35 53-21-LT-6301-02 53-21-08-0670 Diesel Storage System

SIF Tags for Rumaitha Facility

Description /
Serial No. Tag No. P&ID No.
Location

Pig Receiver at
1 44-01-DPT-1381-01 44-01-08-0803
Rumaitha

Pig Receiver at
2 44-01-PT-1381-02 44-01-08-0803
Rumaitha

Slug Catcher at
3 44-01-LT-0281-02 44-01-08-0804
Rumaitha

Slug Catcher at
4 44-01-LT-0281-03 44-01-08-0804
Rumaitha

Closed Drain Drums

5 44-01-LT-6781-02 44-01-08-0808 and Pumps at

Rumaitha

ADCO Project No.:- P44010

ADCO DOCUMENT No.: 30-99-90-0681
SIL CLASSIFICATION PROCEDURE
Rev : B Date : 08/12/2015
Page 41 of 41
O:\030912C005\Secretaries\2. PROJECT DOCUMENTS\PP\INSTRUMENTATION\1500-001\1500-001_B\P4401-30-99-90-0681-1.doc