Analyzing upset scenarios is one of the main tasks for process engineers when setting up proper equipment protection. This is clearly shown when preparing the P&IDs, calculating relief loads on the pressure safety valve (PSV) or to the flare system, or carrying out HAZOP / SIL assessment on the current design. Here, a process engineer should study each scenario and its consequences to ensure that adequate safeguards and protection measures are in place.
One point that needs to be analyzed when studying upset scenarios is the probability of two simultaneous upsets. This is commonly called “double jeopardy.”
Examples of Double Jeopardy
Example 1: Coincident failure of cooling water pump with Control Valve at hot side
Suppose we have this water cooler. What if the cooling water pump to an exchanger fails?
This would lead to a loss of cooling the hot fluid, which is a single upset scenario.
However, what if the control valve controlling the hot side flow rate fails in the open position? This would mean an abnormal flow from the hot side against zero flow at the same time the cooling water?
In this case, we are considering a double jeopardy scenario or a coincident failure of the cooling water pump and the control valve on the hot side.
Example 2: Coincident failure of the condenser with excessive reboiler duty
Another case can be that the tower reflux fails while the control valve on the steam side heating the reboiler fails in the open position. This would lead to a huge vapor load that can cause overpressure in the tower, which would mean a much larger PSV and relief load to be considered by the flare system.
So in the above examples, we assume two upsets happening at the same time: the coolant stops, and the heating medium gives excessive flow.
Would this be a credible scenario? Let’s analyze it.
When should we consider Simultaneous Failure?
Is this a probable scenario that we should consider, or is it an exaggeration?
The simple answer is: It depends.
It’s all about whether the upset scenarios or failures are related to each other. Let’s see how.
Unrelated Scenarios: No need to be considered
If both upsets are unrelated, we are dealing with a coincident failure. Having two different, unrelated upsets occurring at the same time is a coincidence with a very low probability. This means that considering them happening simultaneously would be an exaggeration. Let’s see how this works in the light of the above examples.
We can ask this question: what can cause stopping the cooling water system along with the failure of steam control valve in the open position?
A common cause can be the power failure. If power failed in the plant, two things can happen:
- The cooling water pump stops, leading to cutting the cooling medium in all water coolers.
- Instrument air compressor stops, leading to the failure of all control valves to their predetermined fail action.
During a power failure, the cooling water will be cut off simultaneously with the failure of control valves. However, for the control valve feeding the hot fluid to fail in the open position at the same time, this would mean that it wasn’t placed in the fail-safe position, which is a common practice a process engineer should follow. In most cases, it should be designated to fail in the closed position.
Process Engineering Masterclass
Become a Professional Process Engineer, discover process engineering career, role, activities and common practices with access to most of the courses here.
Will Control Valve Fail Safe Position eliminate the Relation between both upsets?
If the hot fluid valve was considered to fail in the closed position, the above simultaneous upset scenario wouldn’t be a valid scenario.
The same applies to a reboiler and condenser system, as cooling water feeding the condenser may stop in case of power failure. However, the control valve for steam feeding the reboiler should be failing in the closed position, which means that in this case, this scenario is not applicable.
But couldn’t the steam control valve stuck mechanically in the open position? Yes, it can but this scenario is NOT RELATED to power failure or cooling water pump failure. So this would be considered as a coincident failure or double jeopardy, which means that it is not a credible scenario to consider this mechanical failure at the same moment where the tower condenser duty is lost or that the cooling water pump fails.
Related Upset Scenarios that Need to be Considered
This leads us to talk about scenarios that can happen simultaneously. If both upsets have a relationship that could lead to both of them happening, then we should investigate this scenario.
Related upsets can fall into one of the following cases:
Case 1: Upsets with a common cause
For example, a power failure in the plant would stop cooling water pumps, causing all water coolers, air coolers, and rotating equipment to stop. The instrument air compressor would also stop, meaning all valves would either fail in the open or closed position. All of this is expected to happen simultaneously.
In the example below, if the power fails, no cooling water will enter the reactor, the pump that should pump the liquid will stop, and the outlet SDV-02 will stop because the valve will fail in the closed position. Therefore, this scenario should be thoroughly studied to ensure that the reactor and the entire system are adequately protected.
Case 2: Equipment in the same fire zone
Another example can be a fire in an area with congested equipment. When a fire occurs, it’s expected that several pieces of equipment will be affected, which may cause liquids inside to vaporize, leading to overpressure.
For example, if we assume that the above adjacent vessels and exchanger are in the same fire zone, and each vessel/equipment has its PSV sized for fire case. This means that when a fire occurs, all PSVs can open simultaneously. This shall lead to a high relief load to the flare system. So when we size the flare header, KO drum, and stack, we should consider the opening of all these PSVs simultaneously. We cannot consider this as a double jeopardy or coincident failure as they are all related to each other being in the same fire zone.
Case 3: Sequential upsets
As process engineers, we should also analyze the consequences of upset scenarios as they can lead to other upsets.
For example, if the heating medium is cut from a tower reboiler, the tower bottom liquid is expected to go to a tank. If the reboiler fails to provide its required duty, numerous light ends will not vaporize and will accumulate at the bottom of the tower. This means that the liquid going to the tank will contain many light ends, which will flash when sent to the tank, leading to overpressure.
Here, there is a relation between cutting the reboiler heating medium and light ends going to the tank. This wouldn’t be considered a double jeopardy.
Case 4: Latent Failure
In any plant, some components may be idle during normal operation, but their function is to provide protection during a specified upset. This is commonly called latent failure. Latent failures are described as unrevealed failures that are not immediately detected. These failures remain hidden for a significant period and can lead to more serious issues if not addressed in time.
Here we can see an example the latent failure of a check valve.
Suppose we have two streams, A and B, that are mixed at a point, and a check valve is installed on both streams to prevent backflow. If the pump supplying stream A fails, can we guarantee that the check valve on stream A will prevent backflow? Actually, we cannot. This is because the check valve is not normally in operation, so we cannot guarantee that it won’t fail when needed.
Conclusion
So here, we have seen that failure scenarios need a thorough analysis that should be carried out by a process engineer. Sometimes, the relationship between upset scenarios can lead to simultaneous failures or a more complicated scenario. Here, it’s the role of a process engineer to check the validity of these scenarios and provide appropriate equipment protection as needed.
Start your Career
Access Process Engineering Introduction Course
Share this:
[…] creation of a PFD is typically based on the output of process simulation software. We have discussed plant simulation’s role in a project in the previous article. In a nutshell, process simulation involves using specialized software to model and analyze the […]
