In today's post about the Merrimack Valley Explosions, I want to discuss the mitigating factors and layers of protection, or rather apparent lack of then in this case. Again I will clearly state, I don't have all the facts and am not in anyway involved. I only have access to the preliminary investigation report and news reports.
As far as I can see, the only layer of protection was a couple of alarms were activated in a monitoring center in Ohio. This centre was only able to monitor what was happening and had no ability to intervene. All they could do was contact the local operators. In this case the alarms were activated at 16:04 and 16:05. It took till around 16:30 to close the regulators and a further three hours to completely isolate the system. I find this quite staggering to be honest.
In a operating plant, the control room operators generally have control. If they see something odd, they can put the valve in manual and move it to the position they want. There are a few control loops that are still the old style local control loops and not connected into the DCS but there are very few of these left and they are generally on low consequence control loops.
On any pressure system, you have some form of pressure relief, usually pressure relief valves, but sometimes bursting discs are used. These mechanical devices will protect the system from high pressures by opening up and dumping the gas to a safe location. They are sized to handle all credible situations including a control valve fully opening. As far as I can tell, there was no form of pressure relief on this system. Perhaps it was considered too difficult to do, where do you route the gas? It is not as if they will have a flare header they can just route it into. But I am still surprised that this was not available considering the consequences of overpressuring the system.
Finally for many hazards, an additional layer of protection is required by an emergency shutdown system. After reviewing the hazard and the existing layers of protection in a LOPA1, further protection may be required in the form of a Safety Instrumented Function (SIF). This will be a fully independent system from the normal control system. It will have independent instruments to sense and measure what is going on in the pipes, and independent processing functionality and a set of independent valves that can shutdown the process. Again, considering the consequences of overpressure and the apparent lack of other control measures, I am surprised that this is not a requirement.
As I said at the start, I am not involved in the investigation in any way and have only seen the preliminary report. I hope that there was some other layer of protection that just hasn't’ been mentioned. And I really hope that network gas operators in this country do have additional layers of protection.
- Layers Of Protection Analysis ↩
Previous:
« Merrimack Valley Gas Explosions Part 2
« Merrimack Valley Gas Explosions Part 2
Comments
I would love to know what you think. To comment on this article, send me an email
No comments yet.