Sie sind auf Seite 1von 12

Return to Worksheet

The Blank White Cells are to allow descriptions to be written


The green cells have drop down boxes for you to choose standardised inputs
The Grey Cells have automated inputs depending on the choices made in the green cells
If you make an error when using the drop downs on cells, please use the delete key and NOT the space key

The GAP column for each scenario should read zero or less to close the protection gap

LOPA: A worksheet for Layer of Protection Analysis


ALARP*: A way of calculating Cost Benefit Analysis to justify added layers of protection yes o
Examples: Some worked examples to help you
ALARP from Examples

ALARP = As Low As Reasonably Practical (Ref Reducing Risks Protecting People - U.K. Health and Safety Ex
te key and NOT the space key

ed layers of protection yes or no

eople - U.K. Health and Safety Executive


Scenario Definition Conditional Modifiers Independent Protection Layers
Ignition (valid only for
Protect-ion Scenario Description
Target Tolerated Event
Initiating Event Frequency fire or explosion
Probability of
Independent instrument layers must have separate sensors, logic solvers and final elements. Other safety related protection systems
Gap Frequency (User determined) Exposure/Time at risk
scenarios)

Operator response to
Describe Consequence of the Record the Probability Justify the probability Safety Safety
Target is Give a complete Description of the undesired BPCS Control Action - alarms and written Pressure Relief System -
Ref No scenario, then use the drop Describe the initiatiating event of Ignition. (POI) in the of exposure or time at Instrumented Instrumented SRPS 1 SRPS 2
0 or less outcome and the initiating event describe in white row procedures - describe in overpressure scenarios
downs in the blue row white row if relevant risk in the white row System 1 System 2
white row

Interceptor overflows - leads to fire possible Operation is <10% of SIL 3 Level trip
1.0 Level control fails Lost BPCS function
single fatality time system

POI > 500kg released 0.1 Probability of No BPCS Trip to safe Alarm is from BPCS - not
Safety Study Fatality on site BPCS Instrument Loop Failure SIS - SIL 3
M.I.E. <0.3 mJ Exposure shutdown independent

0 5 5 1 0 1 0 0 3
Independent Protection Layers Scenario Definition Notes

Protect-ion Scenario
Other safety
Description
related protection systems
Gap

Target is Give a complete Description of the undesired


Ref No SRPS 3
0 or less outcome and the initiating event

Interceptor overflows - leads to fire possible


1.0
single fatality Target Factors

Safety Study
Target Event Description
Minor Injury on site
0 5 Significant disabling Injury on site
Capital cost of Add.
Stage 1 Achieved
Event frequency

Protection Gap
Scenario No

Operational
Risk Anticipated
Description of possible additional Cost of

IPL
Reduction future life of
IPL added
achieved plant (years)
IPL/year

1 1E-05 0 2800 150 10 25


0 1E-02 4
0 1E-05 -2
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ###
0 #VALUE! ### 3000 300 10 50
0 #VALUE! ### 3000 100 10 50
Value of
risk
reduction
Ratio of Cost
(e.g.
to Benefit
fatalities
or cost
avoided)

1000000 29.11 10 9.000E-06 9.000E+00 225


#DIV/0! 100 #DIV/0! #DIV/0! #DIV/0!
#DIV/0! 1000 #DIV/0! #DIV/0! #DIV/0!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
1000000 #VALUE! #VALUE! #VALUE! #VALUE!
1000000 #VALUE! #VALUE! #VALUE! #VALUE!
Scenario Definition Conditional Modifiers Independent Protection Layers
Ignition (valid
Probability of
Protect-ion Target Tolerated Initiating Event only for fire or Independent instrument layers must have separate sensors,
Gap
Scenario Description Exposure/Time Other safety related protection system
Event Frequency Frequency explosion logic solvers and final elements.
at risk
scenarios)
Operator
Describe Record the Justify the response to
Safety Safety Pressure Relief
Give a complete Description of Consequence of the Probability of probability of BPCS Control alarms and
Target is Describe the Instrument Instrument System -
Ref No the undesired outcome and scenario, then use Ignition. (POI) in exposure or Action - describe in written SRPS 1 SRPS 2
0 or less initiatiating event ed System ed System overpressure
the initiating event the drop downs in the white row if time at risk in white row procedures -
1 2 scenarios
the blue row relevant the white row describe in white
row

Hard wired loop from


Reaction step is 7 x per Added Pressure Pressure safety Valve PSV
R 201 Temperature control fails (Temperature Possible rupture of R201 TE 201 loop failure, heating BPCS trip relies on failed separate temperature
This is an overpressure day and 1 hour - this is transmitter linked 201 designed for this
1.0 Transmitter) and initiates runaway reaction at causes 1 fatality on site, demand stays on beyond temperature transmitter loop - transmitter to alarm,
scenario a regularly occupied to steam block scenario - dumps to
185deg C possible injury off site normal closure set point so no credit operator has choice of
area valve containment vessel
trips inl. Manual isolation

Low stress operator


No BPCS Trip to safe response recognized PRD (No evidence of
Safety Study Fatality on site BPCS Instrument Loop Failure 100% probable Always exposed SIS - SIL 1
shutdown event > 10 minutes to fouling)
respond

0 5 5 1 0 0 0 1 1 2
Independent Protection Layers Scenario Definition Notes

Protect-ion
Gap
Other
Scenario
safetyDescription
related protection systems

Give a complete Description of


Target is
Ref No the undesired outcome and SRPS 3
0 or less
the initiating event

R 201 Temperature control fails (Temperature SIS A added to close gap. Need o make sure
1.0 Transmitter) and initiates runaway reaction at that both steam control valve and block valve
185deg C are fail closed.

Safety Study
Target Event Description
Minor Injury on site
0 5 Significant disabling Injury on site
Capital cost of Add.
Stage 1 Achieved
Event frequency

Protection Gap
Scenario No

Operational
Risk Anticipated
Description of possible additional Cost of

IPL
Reduction future life of
IPL added
achieved plant (years)
IPL/year

1 1E-05 0 Emergency dumping to containment 10000 100 10 25

2 1E-05 0 Emergency dumping to containment 10000 100 10 25

3 1E-05 0 Emergency dumping to containment 10000 100 10 25


add second trip SIS or change SIS A
4 1E-06 1 to SIL 3 3000 100 10 50
5 ### ###
0 ### ###
0 ### ###
0 ### ###
0 ### ###
0 ### ###
0 ### ###
0 ### ###
Value of
risk
reduction
Ratio of Cost
(e.g.
to Benefit
fatalities
or cost
avoided)

1000000 55.56 10 9.000E-06 9.000E+00 225

1000000 55.56 100 9.000E-06 9.000E+00 225

1000000 55.56 1000 9.000E-06 9.000E+00 225

1000000 177.78 9.000E-07 9.000E-01 45


#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!
#VALUE! #VALUE! #VALUE! #VALUE!