This article provides a short overview of a tool that is currently being developed by the ILF Technical Safety team, which can be used to prevent improper selection of fire protection and mitigation systems in the oil & gas industry (referred to simply as “safety systems”). The tool is the result of the pressing need to overcome many known problems in the design phases coming from improper decisions in FEED; problems that result due to a lack of any analysis prior to system selection. ILF Consulting Engineers’ team will continue to develop the tool and to verify it in practice. Also, other colleagues and companies are welcome to test the tool under their own conditions: ILF would be grateful for any feedback in the form of impressions and suggestions.
Approach to the problem
The basic idea for developing the method for the system selection is starting analysis of the system without any other safety system applied, similarly as it is done in HAZOP workshops. If the risk is not acceptable at this point, safety systems are added until the point when risk is acceptable.
For the purpose of establishing acceptable risk level, the ALARP (as low as reasonably practicable) principle is used.
The starting point for developing the method is the Fire Hazard Analysis (FHA) according to guidelines given in Section 3.7 of the NFPA Fire Protection Handbook. FHA is hereby modified in several points.
As per NFPA, the “target outcome” should be the defined desirable outcome of fire cases, and most often it is specified as avoidance of occupant fatalities in a building/area. This was the area in which ILF’s team made the main modification of NFPA FHA.
The overall goal of oil & gas facility design is always that risk in all facility operating modes is acceptable, or ALARP as minimum. Hence, the target outcome in the method is defined as possible types of fire. These types of fire and their consequences should be investigated for every definitive feasibility study(DFS) based on materials that are handled in the analysed area. NFPA 101 provides the DFSs that should be considered.
Short description of the method
The method should be applied in the following steps:
Risk acceptance criteria definition
The most common way for defining risk acceptance criteria is to define risk matrix. As a minimum, the criteria from this matrix shall meet local regulation requirements and end-client requirements.
Fire zones segregation
A fire zone (FZ) is defined as a given risk area from which any reasonably expected fire cannot escalate to another FZ. The most common way for FZ segregation is segregation to functional entities. When the segregation is done, a number of steps are then applied to each FZ.
Defining applicable design fire scenarios and target outcomes
In each FZ all DFSs should be considered and only the applicable ones should be reported. In this step the event frequency for each DFS is defined, and this value is the constant. Hazardous materials, possible sources of hazards and causes for fire, occupants and possibility for their evacuation, and already foreseen process safety systems (e.g. ESD, blow-down) should also be reported. Based on these parameters, the target outcome should be defined for each DFS.
Initial risk assessment
Firstly, the possible fire scenario duration based on all the parameters entered so far should be assessed. Having all of this information, the possible consequences to human, environment, company reputation and financial impact should be assessed. Maximum assessed consequence level and already assessed event frequency are defining risk level for each DFS, with respect to defined risk acceptance criteria, as defined by the risk matrix.
Safety systems selection
As a minimum, safety systems shall be selected to meet local and end-client requirements, regardless of the initially assessed risk level. Having this new information, possible fire scenario duration should be reassessed, as well as possible consequences to human, environment, company reputation and financial impact. Risk shall be re-assessed based on new consequence level and already assessed event frequency. The analysis is finished if risk levels for all the DFSs are acceptable or at least ALARP. Otherwise, for intolerable risks levels additional measures should be taken. Each risk should be re-assessed with the same principle as described above. For ALARP risk levels, more consideration on whether it is reasonable to invest in additional safety systems is necessary.
A prime example
One recent real-world example demonstrates this method in use. For this project, ILF was preparing the FEED design for a large gas pipeline project including compressor stations. This example shows the most interesting part of analysis for gas compressor train (only one DFS).
Initial risk assessment showed an intolerable risk level, caused mainly by extreme financial impact due to very long business interruption. After several iterations, the decision was made to provide an automatic CO2 system covering compressor enclosure and extinguish possible fires on the compressor lubricating system. Re-assessment showed that risk is ALARP, and the tool allowed for all the decisions to be recorded and transparently presented (see Fig. 2).
Robert Poljak is senior safety engineer at ILF