This Technical Measures document covers the reliability of utility services and reference is made to relevant codes of practice and standards.
Related Technical Measures documents are:
The reliable supply of utilities on sites operating hazardous plant is necessary in order to prevent events that may lead to multiple failures of equipment and potentially hazardous events. The modes of failure of site wide utility systems are numerous and may lead to site wide or local loss of supply or even only partial failure on a particular plant. Whilst most plant are designed to 'fail safe' on loss of utility supplies, there are those where failure to operate correctly will almost certainly result in a hazardous event and local back-up facilities are required. Particular care is required in the design of site power systems as loss of power can also result in loss of supply of all other site utility systems as well.
The company should demonstrate that it has assessed the risk of loss of utility supplies to its plants and identified the hazardous events that could occur following such loss (e.g. using relevant techniques such as HAZOP/HAZAN). These events should not only include fire and toxic gas emissions, but also the release of process streams hazardous to the environment such as the overflow of effluent sumps. The numerous ways in which loss of supply of a utility can occur – total site, part of a site, a single plant unit, part of a plant – should all be taken into consideration in order to identify which process streams will continue to flow or not and any potential hazards or domino effects arising as a consequence.
Site utility systems may include:
On some sites other more specialised utility systems may exist such as the supply of oxygen through a distribution system from a cryogenic plant unit.
Where a hazard assessment identifies that a plant may not continue to operate or may not shutdown safely then back-up features may be necessary to ensure its continued safe operation. Normally, such back-up supplies are provided local to the plant, e.g. bottled gas supplies, but may be via a redundant or diverse system arrangement, e.g. a parallel or alternative supply.
Based on risk assessment the operator should demonstrate that utility systems have been designed with an appropriate level of redundancy within the system to cope with failures and maintain the required integrity (availability) of supply. Items such as pumps and compressors can be expected to fail occasionally and typically this would mean the availability of back-up pumps, compressors, or steam boilers available on an auto start basis. To improve availability diverse equipment can be used to avoid common mode failures.
Routing of critical utility supplies should take into account the hazards on site and the potential for fire and impact damage on the distribution system. Appropriate shielding should be used where necessary. The loss of supply of a utility such as steam to a plant can often be handled safely by appropriate trip systems, but where the continued operation of a utility system is more critical, the design of the distribution system should demonstrate the availability of various routes to achieve supply. Routes for duplicate distribution lines should be segregated. Often a 'ring main' approach is used for the distribution of fire water in hydrant systems. Compressed air and inert gases should be supplied through local receiver vessels with sufficient volume to ensure safe shutdown or continued operation until normal supplies have been reinstated.
Electrical power supply systems involve much complex equipment and deserve special consideration as failure can also impact on the supply of other utilities and directly on process equipment. Typically a system for a high hazard site may consist of two independent Grid supply points, both fed from different circuits. Power may be fed to sub stations in duplicate lines with cross over connections. The distribution from local substations to various plant switch rooms can be switched between substations. Nominated critical drives should be capable of being fed from a standby emergency diesel generator and should auto start-up on receiving power. An uninterruptable power supply (often referred to as a UPS) should feed critical control and instrumentation systems.
The operator should demonstrate an appropriate level of availability for critical utility systems using methods such as fault tree analysis. Preferably for such calculations site specific data should be used, however, where this is not possible generic data may be used. Where this is the case some consideration of its appropriateness to the actual site should be provided. Regular reviews of the systems should be undertaken to ensure the required availability is being achieved in practice.
The operator should demonstrate that site personnel understand the implications of loss of a utility system and that emergency plans are in place for the safe reinstatement of critical supplies where necessary. Competent persons should be trained in the requirements of the emergency plans and exercises should take place to test those plans.
Programmes should be in place for inspection and maintenance of utility systems at regular intervals to written procedures. The intervals for proof tests should be based upon the required availability of the utility system. Where back-up systems are in place the operator should demonstrate that the test routine involves 'end to end' testing of the system. As an example, it is insufficient to test a diesel power generator set without testing that the auto start-up facility works and that the switch gear in the distribution system works properly.
Emergency absorption plants must be able to handle vents under all circumstances. These plants are built with standby recirculation pumps and suction fans. Emergency power is provided by a standby diesel generator. This approach is used in the handling of chlorine and other toxic gases. Operating procedures should include the shutdown of plant in the event of failure of such systems.
Where site operations involve the handling of flammable liquids a fire hydrant system should be provided that preferably encircles the plant and is provided with cross over connections at appropriate points. The ring should be maintained under pressure by e.g. 'jockey' pumps. Any fall in pressure should automatically start the main fire pump. A diesel powered pump should be provided on high hazard sites in case of power failure.
Many industrial processes involve the centrifuging of a powder from a flammable liquid. Centrifuges are well known for providing an ignition source due to their high speed moving parts and a secure nitrogen source is necessary. A local emergency back-up supply of nitrogen is often provided from local cylinders in case of site nitrogen failure.
Where a hazard can arise from the solidification of a liquid chemical on loss of steam heating, back-up heating is often provided by an electrical heater or trace heating. Whilst there are not many instances of this being a direct hazard, the exposure of personnel during the process of dealing with a solid tank of a substance such as sulphur can represent a hazard.
Loss of water cooling to a reactor can be hazardous where the reactions involved are exothermic. The use of site utility water supplies to back-up a local purpose designed cooling tower-based system is common. Where a refrigerant is used for cooling, loss of power supply to the refrigeration package can be critical.
'Process Utility Systems', Broughton, 1993, IChemE.
Lees, F.P., 'Loss Prevention in the Process Industries: Hazard Identification, Assessment and Control', Second Edition, 1996.
Perry’s Chemical Engineers Handbook, McGraw Hill.