Design Optimization of ESD ( Emergency ShutDown ) System for Offshore Process Based on Reliability Analysis

Hydrocarbon leaks have a major accident potential and it could give significant damages to human, property and environment.To prevent these risks from the leak in design aspects, installation of ESD system is representative. Because the ESD system should be operated properly at any time, It needs high reliability and much cost. To make ESD system with high reliability and reasonable cost, it is a need to find specific design method.In this study, we proposed the multi-objective design optimization method and performed the optimization of the ESD system for 1st separation system to satisfy high reliability and costeffective.‘NSGA-II (Non-dominated Sorting Genetic Algorithm-II)’ was applied and two objective functions of ‘Reliability’ and ‘Cost’ of system were defined. Six design variables were set to related variables for system configuration. To verify the result of the optimization, the results of existing design and optimum design were compared in aspects of reliability and cost. With the optimization method proposed from this study, it was possible to derive the reliable and economical design of the ESD system.


Motivation
As more offshore plants are installed around the world, more accidents related to the offshore plant areoccurring.Since 1995, the number of accidents related to the offshore plants for oil production has reached several hundred a year and a lot of people have been also injured or lost their lives [1].Especially, most of offshore plants which are designed to drilling, production, retrieve, refine the oil are closely related to the flammable hydrocarbon gas in high temperature and high pressure.
Since the accident in Piper Alpha [2], the offshore plant industries recognized importance of safety from accident of hydrocarbon and fire/explosion in offshore plant.So, to reduce the many accidents and risks, various attempts have been made such as rule revision and creation of safety division.UK put the onus on the operator to identify the major hazards and to reduce risks with The Offshore Safety Case regulations [3].The HSE (Health and Safety Executive) also created the 'Offshore Safety Division' and discussed the revision or verification of rules for safety.The NPD (Norwegian Petroleum Directorate) founded 'Regulations relating to management in the petroleum activities' in 2001 for safety [4].a Corresponding author : scshin@pusan.ac.krThere are a lot of approaches to satisfy safety in offshore plant.One is to reduce the 'Probability' of accident from human and organizational factors, system failure, natural disaster, etc.The other is to reduce 'Consequence' severity of such an event when it occurs with visual alarms, fire suppression system or a process shutdown [5].From these aspects, the ESD system is very important to reduce 'Consequence' of accident as shutdown release of hazardous material.If the ESD system doesn't work and fail to shutdown when there is release of hydrocarbon in offshore plant, this failure could cause of fire/explosion disaster.So the ESD system is required to design with high reliability to avoid failure in dangerous situation.
From reliability aspects, there are two international safety authorities governing SIL (Safety Integrity Level), IEC (International Electrotechnical Commission) 61508 and IEC 61511.61508 governs the functional safety of electrical, electronic and programmable electronic safety systems e.g.Production Inflow Control Devices (ICDs).It is applied across all industries and IEC 61511 governs the functional safety of safety instrumented systems and itis applied in the process industries.In 2000 year in Norway, OLF (The Norwegian oil industry association) tried to issue a guideline on the application of IEC 61508 and IEC 61511 in the Norwegian Petroleum Industry [6].OLF also has defined the procedure and requirements of the ESD for offshore plant in their "Technical Safety" of 'NORSOK STANDARD S-001' [7].DNVestablish 'OFFSHORE STANDARD DNV-OS-E201: Oil and Gas Processing Systems' and to provide an internationally acceptable standard of safety for hydrocarbon production plants and LNG processing plant by defining minimum requirements for the design, materials, construction and commissioning of plant [8].

A literature review
For high reliability of the offshore system, reliability analysis is necessary in the early stage of design.There are a lot of domestic and overseas studies related to the reliability analysis.As for the overseas studies, there was a research that suggested the simplified technique of reliability analysis and applied it to the offshore plant mooring system for the optimal [9].There was also a study on the fatigue reliability analysis in the structure based on the analysis of various scenarios related to the structural fatigue for the extension of lifetime of the offshore plant [10].But they are focused on structural or fatigue reliability of system.It is differ from functional safety of electrical, electronic, programmable electronic safety-related systems or safety instrumented systems for the process industry sector such as the ESD system.
As the overseas study directly related to the reliability analysis of the ESD system, FTA (Fault Tree Analysis) was used to define the failure rate of system component as the lower level and enhance the reliability of the system based on the HAZOP (HAZard and OPerability) [11].SINTEF (Norwegian: Stiftelsen for industriell og teknisk forskning)studied reliability of subsea BOP systems for deepwater application [12].Detailed failure statistics for the various BOP systems were analyzed and presented in the US GOM OCS (Outer Continental Shelf).Ram K. et al studied impact of reliability or the number of emergency shutdown devices on flare relief system and analyzed related factors for sizing of individual relief valves protecting equipment or process or system [13].This paper highlighted several concerns such as standards, reliability, safety and offers practical advice to those facing relief system design decisions.A.C.Torres-Echeverrı a et al studied about multi-objective optimization for safety instrumented systems of chemical reactor system with three objective functions reliability, STR (Spurious Trip Rate) and cost [14].Theyappliedthe reliability modelstooptimizationofdesignandtestingof safety instrumented systems.The models for optimization have been integrated, together with a Life cycle Cost model, as objective functions in to a multiobjective genetic algorithm.FaresInnal et al also studied safety and operational integrity evaluation and design optimization of safety instrumented monitoring systems with two objective functions reliability and STR [15].
In domestic studies, there was a study about design of the flight control system.Reliability of the system was analyzed and the method of improving reliability through simulation was proposed [16].There was also another research in the field of fire prevention.The design of the system can be ICDES 2016 verified whether it is proper to the SIL through the reliability analysis of fire/explosion safety device of Ethyl Benzene process [17].In offshore industry, Bae J. H. et al performed reliability analysis of the ESD for supporting design of LNG bunkering [18].
This study was focused on not only method of design optimization for offshore process but also practical design by selecting ESD products on the market.Totally 22 types of ESD components were investigated from valve companies and online.In order to design closer to practical system, Existing system 'Heidrun (TLP)', has been operating in Norwegian Sea since 1995, was selected to optimize design of ESD system and to compare its results.The multi-objective design optimization was performed with two objective functions of 'Reliability' and 'Cost'.'Reliability'is based on PFD (Probability of Failure rate on Demand)values from reliability analysis and 'Cost'is composed of purchase cost, proof test cost, loss of production and etc. Design variables were set to six practical variables for configuration of system.To verify improvement of the design, the results of Heidrun design and optimum design was compared in aspects of reliability and cost.

The Emergency ShutDown system
In this thesis, the ESD system of 1st separation system in TLP at Heidrun oil field was selected for target system because it could be applicable more practically for optimization.The 1 st separation and related line has high pressure and temperature conditions with hydrocarbon material.It could havehigh risks of fire/explosion accident.So, these separation systems are required to controlled and monitored in all process functions on the topsides as well as Fire & Gas and the ESD for the entire FPSO.The P&ID (Piping & Instrument Diagram)of the ESD system is as shown in Figure 1 [19].

Reliability Analysis
Reliabilityis defined by IEC 50 (191) as'the ability of an entity to perform a required function under gi ven conditions for a given time interval'and it is usually expressed in failure rate, MTTF (Mean Time To Failure), SIL (Safety Integrated Level) and etc. [21].
To perform reliability analysis for the ESD system, shutdown procedure is as follows; 1.If overpressure is detected by the sensors during separating operation, the main pump related to the 1 st separator is stopped immediately.2. The PSD/ESD control logic send shutdown signal to final elements.3. Final elements shutdown system to prevent further accidents from occurring.

PFD and Failure scenarios
Nine failure scenarios of overpressure were defined for reliability analysis (PFD calculation) as referred to 'Component structure' [22] and The Norwegian Oil Industry Association [6].The PFD of the E/E/PE safety-related system is determined by calculating and combining the average probability of failure on demand for all the subsystems which provide protection against a hazardous event [22].

Calculations of PFD and SIL
For, reliability analysis, failure data and MTTR (Mean Time To Repair)were referred from 'OREDA (Offshore and Onshore Reliability Data) 2009' [23].From nine failure scenarios with failure data of components, PFD and SIL were calculated as shown in Table 1.From, the results of reliability analysis, scenario 'S-Compressor' has lowest SIL 1 and scenarios 'S-PSV', 'S-LP' have high SIL 3. Except these 3 scenarios, allscenarios have SIL 2.Even if 'S-FO' has already SIL 2, it has more chance to reduce cost with higher PFD value in SIL 2 range.If the ESD system for 1 st separation system in offshore plant is required to minimum SIL 2 as referred from The Norwegian Oil Industry Association [6], S-Compressor' is needed to improve design to meet SIL 2 from SIL 1, while S-PSV' and 'S-LP' are needed to simplify design to make SIL 2 from SIL 3 for reducing cost.

The design optimization of the ESD system 4.1 Definition of Optimization problem
The purpose of this design optimization is to find design variables that make minimum value of objective function.It means optimized design has high reliability with reasonable cost for the ESD system.NSGA-II is selected for optimization algorithm.02003-p.5
Objective function 'Cost' Objective function of 'Cost'(݂ 2 ) is calculated from 'Product cost', 'Replace cost', 'Proof test cost' and 'Loss of production' of the ESD systems on the following equation (2). ‫݁ݖ݅݉݅݊݅݉‬ ‫ܥ‬ ‫ݐܿݑ݀ݎܲ‬ is product price of sensors, logic unit and final element for installation at first time.
‫ܥ‬ ‫݈ܴ݁ܿܽ݁‬ is cost of replacement during lifetime thatdepends on MTTF.

Design variables
From a reliability point of view, system is generally consist three parts; sensor, logic unit and final element.As shown in Table 2, six design variables were set to the number of redundancy at each part, type of sensor and final element, proof test interval.Database for design space was created including information of products as MTTF and price.Eight types of sensors and fourteen types of final elements were investigated from brochure of product [28] andonline market [29].Failure data is referred to 'OREDA 2009' data for sensors, logic unit and final elements.

Constraints
The topside process in offshore plant is not extremely dangerous such as nuclear plant or has not very severecondition such as deepwater subsea well operation.Therefore generally SIL 2 is proper for offshore topside process.The Norwegian Oil Industry Association [6] also suggested minimum SIL 2 for the ESD system related to separation system.Constraints were set to SIL 2 and it has range of 10 −3 ≤ PFD < 10 −2 by PFD value.

'S-FO' -Blowdown operation
Population of NSGA-II was set to 40, generation was 1,000 andcalculation time was 9.4s for optimization.Figure 11 is Pareto-frontier results from the optimization of scenario 'S-FO'.In this study, we focused on optimum design which has minimum cost in SIL 2. This means among the alternatives which satisfied SIL 2(10 −3 ≤ PFD < 10 −2 ), lowest cost alternative 'FO'could be chosen as shown in Figure 11.For 'S-FO' -Blowdown operation in 'To flare header' line, It should have equipment for blowdown system such as flow orifice.So, type of the final element in 'S-FO' was fixed to flow orifice and optimization was performed with the other design variables type of sensor, the numbers of redundancies and proof test interval.3.

4.2.2Summary of the results include other eight scenarios
The total results and comparisons of optimization results to Heidrun system are as shown in Table 4. Every scenario is optimized to meet the minimum SIL 2 and total cost of final design also decreased $24,191,186 from origin design.

4.3Discussion
As shown in Figure 12, all PFD values of scenarios are in the range of SIL 2 and this means they satisfied the required reliability through the optimization.Although SIL of the scenario 'S-FO' is the same as SIL 2 before the optimization, PFD is increased up to about 0.005 for reducing cost by design modification.In case of the scenario 'S-FO', redundancy was removed and another element among the database that has lower PFD was selected to reduce the cost of system in SIL 2.PFD of'S-PSV' and 'S-LP' scenarios were also increased and their SIL was degraded to SIL 2 from SIL 3 to reduce the cost.To design system with higher reliabilityneeds more cost because they need generally high quality products and complex system.But from the results PFD and cost as shown Figure 12, it was possible to improve reliability andreduce cost simultaneously.
PFD values of eight scenarios except 'S-Compressor' could not reached close to boundary of SIL 2 and SIL 1 as shown in Figure 12.It means they could have still more possibilities of improvement with reduction of cost.Despite convergence of optimization in this study, to reach near the ideal optimum point 'boundary of SIL 2 and SIL 3' was difficultbecause there were discrete design variables such as type of element and the number of redundancy.One of the methods of improve the result of optimization is to adding various elements for increasing database in order to make design space almost continuous.5 means the number of element in each scenario.The number of sensor and final element are modified to the same as one except 'S-PSV' and 'S-LP'.It seems they tried to decrease the number of redundancy for reducing cost of each scenario.From the results of 'Type (sensor)' in Table 5,'1: Pressure safety indicator' and '2: Pressure safety Sensor'are considered suitable for the ESD system in this study.From Table 5, the number of logic unitforsix scenarios 'S-Comp.',S-HP', 'S-Sand', 'S-Drain', 'S-Crude', 'S-Jet' are increased to two from one.We can estimate that this reason from graph of PFD comparison as shown in Figure 12.All of six scenarios' PFD values are decreased and this means redundancy of logic unit was be used for reduction of PFD.

Conclusions
In this study, following were carried out in order to attain final goals.
Reliability analysis of the existing ESD system foroffshore process was performed with defined scenarios and failure data.
The multi-objective design optimization was performed with defined two objective functions of 'Reliability' and 'Cost'.Six design variables and 'SIL 2' constraints were defined.Optimum design was selected from Pareto-frontier and it satisfied both reliability SIL 2 and cost reduction.
In order to designcloser to practical system, existing system was selected to optimize design of ESD system.Database for design space was also created including information of product on the market.With these results, more practical method of design optimization was proposed for the ESD system of offshore process and it could be applied to other similar process.One of the methods of improve the result of optimization is to adding various ESD elements for increasing database and makes design space almost to be a continuous.

DOI: 10
.1051/ C Owned by the authors, published by EDP Sciences /

Figure 1 . 1
Figure 1.1 st separation system with the ESD system [19].Rectangular with dot line in Figure 1 presents the component of ESD system such as PSV (Pressure Safety Valve), ESD valve, PSD (Pressure ShutDown) valve, FO (Flow Orifice), PSI A (Pressure Safety Indicator/Alarm) and PSE (Pressure safety sensor).Equipment is expressed in P&ID with symbol and identification letters defined from American National Standard 'Instrumentation Symbols and Identification' [20].Control panel (CLU: Control Logic Unit) is connected all of the ESD components.
FO' is related to the failure of two flow orifices, two pressure safety indicators installed in the line to flare header and CLU for control.If there is the overpressure in line, CLU should order to open the flow orifice.Once one of two flow orifices operates normally in failure situation, this scenario is success as shown in Figure 2. In similar way to define scenarios such as 'Flare FO', theother eight scenarios were defined as shown Figure 3to Figure 10.

Figure12.
Figure12.PFD and cost comparison of the results.As comparison of design variables of Heidrun and optimum as shown in Table5, all of test intervalsare increased and all structures of S-L-F (Sensor-Logic unit-Final element) are changed.Number in S-L-F column of Table5means the number of element in each scenario.The number of sensor and final element are modified to the same as one except 'S-PSV' and 'S-LP'.It seems they tried to decrease the number of redundancy for reducing cost of each scenario.From the results of 'Type (sensor)' in Table5,'1: Pressure safety indicator' and '2: Pressure safety Sensor'are considered suitable for the ESD system in this study.

Table 1 .
The results of reliability analysis (PFD and SIL).

Table 2 .
Design variables and space.

Table 4 .
The total results and Comparison of optimization results.

Table 5 .
Comparison of design variables of Heidrun and optimum.