DN en ISO 10418erdöl - Und Erdgasindustrie - Offshore-Produktionsanlagen

09/19/2023 07:32:52
DEUTSCHE NORM Oktober 2019
DIN EN ISO 10418

D
ICS 75.180.10 Ersatz für
DIN EN ISO 10418:2005-07 und
DIN EN ISO 10418
Berichtigung 1:2009-09
Erdöl- und Erdgasindustrie –

Offshore-Produktionsanlagen –
Sicherheitssysteme für Prozesse (ISO 10418:2019);
Englische Fassung EN ISO 10418:2019
Petroleum and natural gas industries –
Offshore production installations –
Process safety systems (ISO 10418:2019);
English version EN ISO 10418:2019
Industries du pétrole et du gaz naturel –
Plates-formes de production en mer –
Systèmes de sécurité des procédés (ISO 10418:2019);
Version anglaise EN ISO 10418:2019
Printed copies are uncontrolled
Gesamtumfang 31 Seiten
DIN-Normenausschuss Erdöl- und Erdgasgewinnung (NÖG)
© DIN Deutsches Institut für Normung e. V. ist Inhaber aller einfachen Rechte der Verwertung, gleich in
welcher Form und welchem Verfahren.
Alleinverkauf durch Beuth Verlag GmbH, 10772 Berlin
www.din.de
www.beuth.de
!&+NN"
3084343
Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
Nationales Vorwort
Dieses Dokument (EN ISO 10418:2019) wurde vom Technischen Komitee ISO/TC 67 „Materials, equipment
and offshore structures for petroleum, petrochemical and natural gas industries“, SC 6 „Processing
equipment and systems“ in Zusammenarbeit mit dem Technischen Komitee CEN/TC 12 „Materialien,
Ausrüstungen und Offshore-Bauwerke für die Erdöl-, petrochemische und Erdgasindustrie“ (Sekretariat:
NEN, Niederlande) erarbeitet.
Für Deutschland hat hieran der Arbeitskreis NA 109-00-01-06 AK „Verfahrenstechnische Anlagen und
Ausrüstungen“ im DIN-Normenausschuss Erdöl- und Erdgasgewinnung (NÖG) mitgearbeitet.
Diese Europäische Norm enthält unter Berücksichtigung des DIN-Präsidialbeschlusses 1/2004 nur die
englische Originalfassung von EN ISO 10418:2019 und ISO 10418:2019.
Für die in diesem Dokument zitierten internationalen Dokumente wird im Folgenden auf die
entsprechenden deutschen Dokumente hingewiesen:
IEC 61511 (all parts) siehe DIN EN 61511 (alle Teile)

IEC 62682:2014 siehe DIN EN 62682:2016-02
ISO 10417 siehe DIN EN ISO 10417
ISO 13702 siehe DIN EN ISO 13702

ISO 15156-1 siehe DIN EN ISO 15156-1
ISO 17776:2016 siehe DIN EN ISO 17776:2017-04
ISO 31000 siehe DIN ISO 31000
Änderungen
Gegenüber DIN EN ISO 10418:2005-07 und DIN EN ISO 10418 Berichtigung 1:2009-09 wurden folgende
Änderungen vorgenommen:
a) Reduzierung der Anhänge auf Anhang A „Support systems“ und Anhang B „Toxic gases“;
b) Sicherheitsanalysetabellen (SATs) sowie Sicherheitsanalyse-Prüflisten (SAC) wurden gelöscht und

durch Verweisungen auf die Analyse-Methoden in API RP 14C ersetzt;
c) der überarbeitete Anhang B beinhaltet das Screening-Verfahren, um die Einstellung der Sicherheits-
Integritätslevel für Brand-, Gas- und ESD-Systeme zu vereinfachen.
Frühere Ausgaben
DIN EN ISO 10418: 2005-07

DIN EN ISO 10418 Berichtigung 1: 2009-09

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
Nationaler Anhang NA
(informativ)
Begriffe und Abkürzungen
Die Benummerung der folgenden Begriffe und Abkürzungen ist identisch mit der Benummerung in der
englischen Fassung.
3 Begriffe und Abkürzungen
3.1 Begriffe
Für die Anwendung dieses Dokuments gelten die folgenden Begriffe.
ISO und IEC stellen terminologische Datenbanken für die Verwendung in der Normung unter den folgenden
Adressen bereit:
 ISO Online Browsing Platform: verfügbar unter http://www.iso.org/obp
 IEC Electropedia: verfügbar unter http://www.electropedia.org/

3.1.1
anormaler Betriebszustand
Zustand, der in einem Prozessbauteil (3.1.21) auftritt, wenn eine Betriebsvariable außerhalb ihrer normalen
Betriebsgrenzen liegt
3.1.2
Alarm
akustisches und/oder visuelles Mittel zur Information des Bedieners über Fehlfunktionen von Betriebs-
mitteln, Prozessabweichungen oder anormale Zustände, welche eine zeitnahe Reaktion erfordern
[QUELLE: IEC 62682:2014, 3.1.7]
3.1.3
Ausblasen
Notfall-Druckentlastung
Abführen von Gas aus der Anlage zur Fackel oder zu einem anderen Beseitigungssystem
3.1.4
Einschluss
Situation, in welcher der Gefahrstoff sicher in einem druckbeaufschlagten System gehalten wird
3.1.5
Beherrschung
<von Gefährdungen> Begrenzung des Ausmaßes oder der Dauer eines gefährlichen Ereignisses
3.1.6
ESD-System
Notabschaltungssystem
System, ausgelöst durch automatische oder manuelle Signale, welches die Steuervorgänge zur Abschaltung
von Ausrüstung oder Prozessen in Reaktion auf eine Gefährdungssituation ausführt

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
3.1.7
Notfall-Unterstützungssystem
ESS
(en: emergency support system)
Abschnitt des gesamten Sicherheitssystems einer Anlage, bestehend aus den ESD-Systemen, Brandmelde-
anlagen, Gaswarnanlagen, Lüftungsanlagen, Einschlusssystemen, Sümpfen (en: sumps), Ausblaseanlagen und
SSSV (3.1.28)
3.1.8
in Störfällen schließendes Ventil
Ventil, das bei Verlust der Energiezufuhr oder des Signals schließt
3.1.9
Störfall
Fehlfunktion einer Einrichtung oder eines Ausrüstungsteils, welche die Ausführung der Funktion verhindert,
für die diese(s) ausgelegt ist
3.1.10
Brandmelde-Ringleitung
pneumatische Steuerleitung, die Temperatursensoren enthält, die bei Betätigung Steuervorgänge in
Reaktion auf eine Gefährdungssituation auslösen
Anmerkung 1 zum Begriff: Beispiele für Temperatursensoren sind: Schmelzsicherungen, Kunststoffleitungen usw.
3.1.11
funktionale Anforderungen
einzuhaltende Mindestkriterien, um im Bereich von Gesundheit, Sicherheit und Umwelt die angegebenen
Ziele zu erreichen
[QUELLE: ISO 13702:2015, 3.1.24]
3.1.12
Gasübertritt
(en: gas blowby)
Freisetzen von Gas aus einem Prozessbauteil (3.1.21) durch einen Flüssigkeitsauslass
3.1.13
Gaswarnanlage
Anlage, welche Räume auf einer Offshore-Anlage auf das Vorhandensein und die Konzentration entflamm-
barer und/oder giftiger Gase überwacht und einen Alarm (3.1.2) auslöst und gegebenenfalls bei
voreingestellten Konzentrationen Steuervorgänge einleitet
3.1.14
Leck
unbeabsichtigtes Austreten von flüssigen und/oder gasförmigen Kohlenwasserstoffen oder anderem
gefährdendem Material aus einem Prozessbauteil (3.1.21) in die Atmosphäre
3.1.15
Flüssigkeitsüberlauf
Austreten von Flüssigkeiten aus einem Prozessbauteil (3.1.21) durch einen Gas-(Dampf-)Auslass
3.1.16
Fehlfunktion
Zustand einer Einrichtung oder eines Geräts, der zu Störungen in deren/dessen Betrieb führt, ohne jedoch
die Ausführung der vorgesehenen Funktion zu verhindern

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
3.1.17
maximal zulässiger Arbeitsdruck
höchster Betriebsdruck, der an beliebiger Stelle in einem beliebigen anderen Prozessbauteil (3.1.21) als
Rohrleitungen bei normalem Betrieb oder statischen Bedingungen zulässig ist
3.1.18
mobile Offshore-Einheit
ortsbewegliche Plattform, einschließlich der Bohrschiffe, zur Erkundung von Unterwasser-Erdöl-/Erdgas-
lagerstätten sowie ortsbewegliche Plattform für andere Zwecke als zur Förderung und Lagerung von
Erdöl-/Erdgas
Anmerkung 1 zum Begriff: Umfasst mobile Offshore-Bohranlagen, Bohrschiffe, Wohneinheiten, Bau- und Verlege-
einheiten sowie Reparatur- und Förderschiffe.
3.1.19
Überdruck
Druck in einem Prozessbauteil (3.1.21), der den maximal zulässigen Arbeitsdruck (3.1.17) überschreitet
Anmerkung 1 zum Begriff: Bei Rohrleitungen wird für die Festlegung des maximal zulässigen Arbeitsdrucks auf die
entsprechende Bemessungsnorm verwiesen.
3.1.20
PRD
(en: pressure relief device)
Druckentlastungseinrichtung
Einrichtung, die durch den statischen Eingangsdruck betätigt wird und dafür ausgelegt ist, während Not-
fällen oder anomalen Zuständen zu öffnen, um einen Anstieg des Fluid-Innendrucks zu verhindern, der den
festgelegten Bemessungswert überschreitet
Anmerkung 1 zum Begriff: Die Einrichtung kann ein Druckentlastungsventil (Sicherheitsventil), eine Berstscheiben-
einrichtung oder eine Knickstab-Berstsicherung sein.
3.1.21
Prozessbauteil
einzelnes Funktionsteil der Fördereinrichtung und zugehörigen Rohrleitung für den Einsatz in Prozess- und
Injektionsanlagen
BEISPIEL Abscheider, Heizung, Pumpe, Tank.
3.1.22
Prozesssicherheitssystem
System, das aus Einrichtungen besteht, die an einer Anlage verwendet werden, um potentiell unerwünschte
Ereignisse (3.1.32) zu verhindern oder zu mindern, die innerhalb des Prozesses auftreten können
3.1.23
Schutzeinrichtung
Instrumentierung oder Ausrüstungsteil für die Verwendung innerhalb eines Schutzsystems

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
3.1.24
sicherheitstechnisches System
technisches System zur Ausführung einer oder mehrerer sicherheitstechnischen/-r Funktion(en)
Anmerkung 1 zum Begriff: Ein sicherheitstechnisches System besteht aus Sensor(en), Logistiksystem(en) und
Steuerungsaktor(en).
Anmerkung 2 zum Begriff: Die Hauptfunktion eines sicherheitstechnischen Systems ist die Erkennung und Auslösung
von Steuerungs- oder Minderungsmaßnahmen in einer potentiellen Gefährdungssituation.
3.1.25
Sicherheits-Integritätslevel
einzelne Stufe (eine von vier), die der sicherheitstechnischen Funktion (SIF) zugeordnet ist, zur Festlegung
der sicherheitsintegritätsbezogenen Anforderungen, die durch das sicherheitstechnische System (3.1.24) zu
erreichen sind
Anmerkung 1 zum Begriff: Weitere Einzelheiten (einschließlich Definition von SIF) sind in IEC 61511-1:2017
angegeben.
3.1.26
Sensor
Einrichtung, die einen Betriebszustand automatisch erkennt und ein Signal zur Auslösung/Ausführung einer
spezifischen Steuerfunktion sendet
Anmerkung 1 zum Begriff: Ein Beispiel einer von einem Sensor ausgelösten Steuerfunktion ist die Abschaltung eines
Prozessbauteils.
3.1.27
SDV
(en: shutdown valve)
Absperrventil
selbsttätig arbeitendes, in Störfällen schließendes Ventil (3.1.8) für die Abtrennung
3.1.28
Untertage-Sicherheitsventil
SSSV
(en: subsurface safety valve)
selbsttätig arbeitende Einrichtung, die in einem Bohrloch unterhalb des Meeresbodens eingebaut und für die
Funktion ausgelegt ist, unkontrollierten Bohrlochdurchfluss in Reaktion auf eine Gefährdungssituation zu
verhindern
3.1.29
SSCSSV
(en: subsurface-controlled subsurface safety valve)
untertage gesteuertes Untertage-Sicherheitsventil
SSSV (3.1.28), das durch die Druckeigenschaften des Bohrlochs betätigt wird
3.1.30
SCSSV
(en: surface-controlled safety valve)
oberflächengesteuertes Untertage-Sicherheitsventil
SSSV (3.1.28), das von der Oberfläche aus mittels hydraulischer, elektrischer, mechanischer oder anderer
Mittel gesteuert wird

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
3.1.31
Oberflächen-Sicherheitsventil
an einem Bohrlochkopfstandort eingebaute automatische Ventilanordnung, die bei Verlust der Energie-
zufuhr die Lagerstättenfluide automatisch absperrt
3.1.32
unerwünschtes Ereignis
nachteilige(s) Ereignis oder Situation in einem oder mehreren Prozessbauteilen (3.1.21), die eine spezifische
Prozessfunktion ausführen, das/die eine Gefährdung der Sicherheit darstellt
BEISPIEL Überdruck, Unterdruck, Gasübertritt, Flüssigkeitsüberlauf.
3.1.33
Vakuum
<in einem Prozessbauteil> Druck, der den atmosphärischen Druck unterschreitet
3.1.34
Entlüftung
Rohr oder Formstück an einem Behälter oder einer Rohrleitung, das in die Atmosphäre öffnet
Anmerkung 1 zum Begriff: Ein Entlüftungssystem könnte eine Druck- und/oder Vakuumentlastungseinrichtung ent-
halten.
3.2 Abkürzungen
AFP aktiver Brandschutz (en: active fire protection)
ESD Notabschaltung (en: emergency shutdown)
FES Brand- oder Explosionsstrategie (en: fire and explosion strategy)
ISA Internationale Gesellschaft für Automatisierung (en: International Society of Automation)
ISD inhärent sichere Konstruktion (en: inherently safer design)
OEL Grenzwert im Arbeitsbereich (en: occupational exposure limit)
PFD Prozessablaufdiagramm (en: process flow diagram)
P&ID Rohrleitungs- und Instrumentierungsdiagramm (en: piping and instrumentation diagram)
PSH obere Sicherheitsgrenze für den Druck (en: pressure safety high)
PSV Sicherheitsventil (en: pressure safety valve)
SAC Prüfliste für die Sicherheitsanalyse (en: safety analysis checklist)
SAT Tabelle für die Sicherheitsanalyse (en: safety analysis table)
SIL Sicherheits-Integritätslevel (en: safety integrity level)
SSC schwefelwasserstoffinduzierte Spannungsrisskorrosion (en: sulfide stress cracking)

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
Nationaler Anhang NB
(informativ)
Literaturhinweise
DIN EN 61511 (alle Teile), Funktionale Sicherheit — PLT-Sicherheitseinrichtungen für die Prozessindustrie
DIN EN 62682:2016-02, Alarmmanagement in der Prozessindustrie (IEC 62682:2014); Deutsche Fassung

EN 62682:2015
DIN EN ISO 10417, Erdöl- und Erdgasindustrie — Untertage-Sicherheitsventilsysteme — Auslegung, Einbau,

Betrieb und Instandsetzung
DIN EN ISO 13702, Erdöl- und Erdgasindustrie — Überwachung und Eindämmung von Feuer und Explosionen
auf Offshore-Produktionsplattformen — Anforderungen und Leitlinien
DIN EN ISO 15156-1, Erdöl- und Erdgasindustrie — Werkstoffe für den Einsatz in H2S-haltiger Umgebung bei
der Öl- und Gasgewinnung — Teil 1: Allgemeine Grundlagen für die Auswahl von gegen Rissbildung beständigen
Werkstoffen
der Öl- und Gasgewinnung — Teil 2: Gegen Rissbildung beständige unlegierte und niedriglegierte Stähle und
Gusseisen
der Öl- und Gasgewinnung — Teil 3: Hochlegierte Stähle (CRAs) und andere Legierungen
DIN EN ISO 17776:2017-04, Erdöl- und Erdgasindustrie — Offshore-Produktionsanlagen — Management der

Gefährdungen durch schwere Störfälle bei der Konstruktion neuer Offshore-Anlagen (ISO 17776:2016);
Englische Fassung EN ISO 17776:2016
DIN ISO 31000, Risikomanagement — Leitlinien

09/19/2023 07:32:52
EUROPEAN STANDARD EN ISO 10418

NORME EUROPÉENNE
EUROPÄISCHE NORM June 2019
ICS 75.180.10 Supersedes EN ISO 10418:2003
English Version
Petroleum and natural gas industries - Offshore

production installations - Process safety systems
(ISO 10418:2019)
Industries du pétrole et du gaz naturel - Plates-formes Erdöl- und Erdgasindustrie - Offshore-
de production en mer - Systèmes de sécurité des Produktionsanlagen - Sicherheitssysteme für Prozesse
procédés (ISO 10418:2019) (ISO 10418:2019)
This European Standard was approved by CEN on 20 May 2019.
CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this
European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references
concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to any CEN
member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN member into its own language and notified to the CEN-CENELEC Management
Centre has the same status as the official versions.
CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway,
Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and
United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION

COMITÉ EUROPÉEN DE NORMALISATION
EUROPÄISCHES KOMITEE FÜR NORMUNG
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2019 CEN All rights of exploitation in any form and by any means reserved Ref. No. EN ISO 10418:2019 E
worldwide for CEN national Members.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
EN ISO 10418:2019 (E)
European foreword
This document (EN ISO 10418:2019) has been prepared by Technical Committee ISO/TC 67 "Materials,
equipment and offshore structures for petroleum, petrochemical and natural gas industries" in
collaboration with Technical Committee CEN/TC 12 “Materials, equipment and offshore structures for
petroleum, petrochemical and natural gas industries” the secretariat of which is held by NEN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by December 2019, and conflicting national standards
shall be withdrawn at the latest by December 2019.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO 10418:2003.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO 10418:2019 has been approved by CEN as EN ISO 10418:2019 without any modification.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

Contents Page
Foreword......................................................................................................................................................................................................................................... iv
Introduction...................................................................................................................................................................................................................................v
1 Scope.................................................................................................................................................................................................................................. 1
2 Normative references....................................................................................................................................................................................... 1
3 Terms, definitions and abbreviated terms................................................................................................................................. 1
3.1 Terms and definitions........................................................................................................................................................................ 1
3.2 Abbreviated terms................................................................................................................................................................................ 5
4 Symbols and identification for protection devices............................................................................................................ 5
4.1 Objectives..................................................................................................................................................................................................... 5
4.2 Functional requirements................................................................................................................................................................. 6
5 Safety analysis concepts................................................................................................................................................................................. 6
5.1 Objectives..................................................................................................................................................................................................... 6
5.2 General functional requirements............................................................................................................................................. 6
5.3 Functional requirements for analysis using structured review techniques....................................... 7
6 Process safety system design.................................................................................................................................................................... 8
6.1 Objectives..................................................................................................................................................................................................... 8
6.2 Functional requirements................................................................................................................................................................. 8
Annex A (informative) Support systems.........................................................................................................................................................12
Annex B (informative) Toxic gases........................................................................................................................................................................15

Bibliography.............................................................................................................................................................................................................................. 17
© ISO 2019 – All rights reserved iii

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 67, Materials, equipment and offshore
structures for petroleum, petrochemical and natural gas industries, Subcommittee SC 6, Processing
equipment and systems.
This third edition cancels and replaces the second edition (ISO 10418:2003), which has been technically
revised. It also incorporates the Technical Corrigendum ISO 10418:2003/Cor.1:2008. The main changes
compared to the previous edition are as follows:
— safety analysis tables (SATs) and safety analysis checklists (SACs), which previously were reproduced
from API RP 14C, have been deleted and replaced by references to the analysis methods included in
API RP 14C;
— simplification of annexes to avoid duplication of API RP 14C content.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv © ISO 2019 – All rights reserved

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

Introduction
Effective management systems are required to address health and safety aspects of activities
undertaken by companies associated with offshore recovery of hydrocarbons. These management
systems are applied to each stage in the lifecycle of an installation and to related activities.
One key aspect of effective management systems is a systematic approach of identification of hazards
and the assessment of the risk, in order to aid decision-making on the need for risk-reduction measures.
Selection of risk-reduction measures entails the use of sound engineering judgement informed
by recognition of the particular circumstances, which can prompt variation to past practices and
previously applied codes and standards.
Risk reduction measures include those to minimize and eliminate hazards by design (i.e. use of
inherently safer designs), to prevent incidents (i.e. reducing the probability of occurrences), to control
incidents (i.e. limit the scale, intensity and duration of a hazardous event), and to mitigate effects (i.e.
reducing the consequences).
Extent of hazard identification and risk assessment activities will vary depending on the stage in the
installation lifecycle, as well as process conditions, degree of standardization, complexity, number of
persons on board and the installation’s overall estimated level of risk.
For installations in the early design phases, the evaluations will necessarily be less detailed than those
undertaken during later design phases. Design assumptions developed during these early stages are
normally verified before the installation becomes operational.
Process safety systems are provided to prevent, detect, control or mitigate undesirable events in
process equipment.
This document sets out three options for identifying appropriate process safety systems. The first
option is to adopt the prescriptive approach specified in API RP 14C. The second approach is to use
structured review techniques to identify hazards and evaluate risk, with process safety systems being
provided based on the results of this more specific analysis. The third option is to use a combination
of the first two. The use of the structured review techniques is likely to be of benefit for more complex,
novel or higher hazards systems.
Figure 1 illustrates the relationship of this document to other documents that play a key role in designing
offshore process safety systems. Under the overarching risk management principles of ISO 31000,
ISO 17776 provides a framework for managing major accident hazards throughout the facility lifecycle.
This document provides requirements and guidelines for process safety systems with more detailed
and specific guidance and requirements for particular elements provided in other documents, most
notably ISO 13702, ISO 23251 and the IEC 61511 series.
The approach described in this document is intended to be applied in an iterative way. As the design
proceeds, hazards that are introduced or changed are systematically identified and the need for
additional risk-reduction measures evaluated.
This document has been prepared primarily to assist in the development of new installations. It is not
always appropriate to apply certain requirements to an existing installation. During the planning of a
major modification to an installation, there can be greater opportunity to implement the requirements.
© ISO 2019 – All rights reserved v

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

NOTE The lines between the standards illustrate the main relationships.
Figure 1 — Relationship between offshore-relevant standards

vi © ISO 2019 – All rights reserved

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
INTERNATIONAL STANDARD ISO 10418:2019(E)
Petroleum and natural gas industries — Offshore

production installations — Process safety systems
1 Scope
This document provides objectives, functional requirements and guidelines for techniques for the
analysis and design of surface process safety systems for offshore installations used for the recovery of
hydrocarbon resources.
It also provides recommendations and requirements on support systems which complement the process
safety systems in reducing risk.
NOTE These are not intended to be exhaustive.
The scope of this document is limited to specifying the methods by which the asset is protected against
loss of containment of hydrocarbon or other hazardous materials.
This document is applicable to
a) fixed offshore structures, and
b) floating offshore production installations

for the petroleum and natural gas industries.
This document is not applicable to mobile offshore units and subsea installations.
NOTE Nevertheless, many of the principles contained in this document can be used as guidance.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 13702, Petroleum and natural gas industries — Control and mitigation of fires and explosions on
offshore production installations — Requirements and guidelines
IEC 61511 (all parts), Functional safety — Safety instrumented systems for the process industry sector
API RP 14C, Analysis, Design, Installation, and Testing of Safety Systems for Offshore Production Facilities
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions

For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at http://www.electropedia.org/
© ISO 2019 – All rights reserved 1

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

3.1.1
abnormal operating condition
condition which occurs in a process component (3.1.21) when an operating variable ranges outside of its
normal operating limits
3.1.2
alarm
audible and/or visible means of indicating to the operator an equipment malfunction, process deviation,
or abnormal condition requiring a timely response
[SOURCE: IEC 62682:2014, 3.1.7]
3.1.3
blowdown
emergency depressuring
system discharging gas to flare or other disposal system
3.1.4
containment
situation in which the hazardous material is held safely in a pressurized system
3.1.5
control
<of hazards> limiting the extent or duration of a hazardous event
3.1.6
ESD system
emergency shutdown system
system, activated by automatic or manual signals, which undertakes the control actions to shut down
equipment or processes in response to a hazardous situation
3.1.7
emergency support system
ESS
portion of the overall facility safety system consisting of the ESD, fire detection, gas detection,
ventilation, containment systems, sumps, blowdown system, and SSSVs (3.1.28)
3.1.8
fail-closed valve
valve which will move to the closed position upon loss of the power medium or signal
3.1.9
failure
improper performance of a device or equipment item that prevents completion of its design function
3.1.10
fire loop
pneumatic control line containing temperature-sensing elements which, when activated, will initiate
control actions in response to a hazardous situation
Note 1 to entry: Fusible plugs and synthetic tubing are examples of temperature-sensing elements.
3.1.11
functional requirements
minimum criteria which shall be satisfied to meet the stated health, safety, and environmental
objectives
[SOURCE: ISO 13702:2015, 3.1.24]
2 © ISO 2019 – All rights reserved

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

3.1.12
gas blowby
discharge of gas from a process component (3.1.21) through a liquid outlet
3.1.13
gas detection system
system which monitors spaces on an offshore installation for the presence and concentration
of flammable and/or toxic gases, initiates alarms (3.1.2), and might initiate control actions at
predetermined concentrations
3.1.14
leak
accidental escape from a process component (3.1.21) of liquid and/or gaseous hydrocarbons or other
hazardous materials to atmosphere
3.1.15
liquid overflow
discharge of liquids from a process component (3.1.21) through a gas (vapour) outlet
3.1.16
malfunction
condition of a device or equipment item that causes it to operate improperly, but does not prevent the
performance of its design function
3.1.17
maximum allowable working pressure
highest operating pressure allowable at any point in any process component (3.1.21), other than a
pipeline, during normal operation or static conditions
3.1.18
mobile offshore unit
mobile platform, including drilling ships, equipped for drilling for subsea hydrocarbon deposits, and
mobile platform for purposes other than production and storage of hydrocarbon deposits
Note 1 to entry: Includes mobile offshore drilling units, drillships, accommodation units, construction and
pipelay units and well servicing and well stimulation vessels.
3.1.19
overpressure
pressure in a process component (3.1.21) in excess of the maximum allowable working pressure (3.1.17)
Note 1 to entry: For pipelines, refer to relevant design code for the definition of the maximum allowable working
pressure.
3.1.20
PRD
pressure relief device
device actuated by inlet static pressure and designed to open during emergency or abnormal conditions
to prevent a rise of internal fluid pressure in excess of a specified design value
Note 1 to entry: The device can be a pressure-relief valve (pressure safety valve), a rupture disk device, or a
buckling pin device.
3.1.21
process component
single functional piece of production equipment and associated piping used on processing and injection
facilities
EXAMPLE Separator, heater, pump, tank.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

3.1.22
process safety system
system consisting of devices used on a facility to prevent or mitigate the potentially undesirable events
(3.1.32) that can occur within the process
3.1.23
protection device
instrument or item of equipment used within a protection system
3.1.24
safety instrumented system
instrumented system used to implement one or more safety instrumented functions
Note 1 to entry: A safety instrumented system is composed of any combination of sensor(s), logic solver(s), and
final element(s).
Note 2 to entry: The primary function of a safety instrumented system is to detect and initiate control or
mitigation action when there is a potentially hazardous situation.
3.1.25
safety integrity level
discrete level (one out of four) allocated to the safety instrumented function (SIF) for specifying the
safety integrity requirements to be achieved by the safety instrumented system (3.1.24)
Note 1 to entry: Further details (including definition of SIF) are given in IEC 61511-1:2017.
3.1.26
sensor
device which automatically detects an operating condition and transmits a signal to initiate/perform a
specific control function
Note 1 to entry: Process component shutdown is an example of a control function initiated by a sensor.
3.1.27
SDV
shutdown valve
automatically operated, fail-closed valve (3.1.8) used for isolation
3.1.28
subsurface safety valve
SSSV
automatically operated device installed in a well below the mudline and having the design function to
prevent uncontrolled well flow in response to a hazardous situation
3.1.29
SSCSSV
subsurface-controlled subsurface safety valve
SSSV (3.1.28) actuated by the pressure characteristics of the well
3.1.30
SCSSV
surface-controlled subsurface safety valve
SSSV (3.1.28) controlled from the surface by hydraulic, electric, mechanical or other means
3.1.31
surface safety valve
automatically operated wellhead valve assembly which will isolate the reservoir fluids upon loss of the
power medium

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

3.1.32
undesirable event
adverse occurrence or situation in one or more process components (3.1.21) performing a specific
process function which poses a threat to safety
EXAMPLE Overpressure, under pressure, gas blowby, liquid overflow.
3.1.33
vacuum
<in a process component> pressure less than atmospheric pressure
3.1.34
vent
pipe or fitting on a vessel or pipework that opens to the atmosphere
Note 1 to entry: A vent system can contain a pressure and/or vacuum relief device.
3.2 Abbreviated terms
AFP active fire protection
ESD emergency shutdown
FES fire and explosion strategy
ISA International Society of Automation

ISD inherently safer design
OEL occupational exposure limit
PFD process flow diagram
P&ID piping and instrumentation diagram
PSH pressure safety high
PSV pressure safety valve
SAC safety analysis checklist
SAT safety analysis table
SIL safety integrity level
SSC sulfide stress cracking
4 Symbols and identification for protection devices
4.1 Objectives
The purpose of graphical symbols and identification of protection devices is to
a) uniquely identify safety devices,
b) facilitate the recognition of safety devices throughout an installation and between installations, and
c) aid the systematic design and analysis process.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

4.2 Functional requirements

A unique system shall be employed for identifying and symbolizing process safety devices and process
components. Individual process safety devices and process components shall be described by a unique
identifier (tag). This unique identifier shall be used during the development of design drawings, such as
PFDs and P&IDs.
5 Safety analysis concepts
5.1 Objectives
Objectives of a safety analysis are to
a) identify undesirable events that pose a safety risk, and define reliable protective measures that
will prevent such events or minimize their effects if they occur,
b) establish a firm basis for designing and documenting a process safety system, and
c) enable verification that the arrangements provided for the protection of process components
form an integrated system covering the entire platform through the application of proven analysis
technics.
5.2 General functional requirements

5.2.1 An analysis shall be carried out for each process component in order to determine the
arrangements provided to prevent, detect, mitigate or control undesirable events which can develop
within or external to a process component. The analysis shall be based on scenarios that are selected to
represent all reasonably foreseeable hazardous events.
5.2.2 The analysis procedure shall provide a structured method to develop a process safety system and
provide supporting documentation.
5.2.3 The analysis shall
a) identify those undesirable events which can compromise the integrity of the process component,
b) identify the safety measures required to prevent, detect, mitigate such events, and
c) establish a firm basis for designing and documenting the provisions of a process safety system.
5.2.4 The safety analysis, system design and protection concepts used shall be in accordance with one
of the following:
a) the approach specified in API RP 14C;

b) the approach involving the use of structured review techniques as described in 5.3;
c) a combination of both approaches.
The use of structured review techniques is likely to be of benefit for more complex, novel or higher
hazard systems. A combined approach whereby structured review techniques are used for these types
of systems, with API RP 14C being applied to simpler or lower hazards systems, is an option that can
potentially offer both effective risk reduction and resource efficiency.
5.2.5 Factors to evaluate when selecting the analyses approach, include the following:
a) severity of operating conditions, quantities of hazardous inventories, potential personnel exposure;

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

b) novelty and complexity of the process to be used;

c) requirements of the regulation authority having jurisdiction over the facility;
d) company requirements in excess of the applicable regulations;
e) skills, experience and competency of those undertaking the analysis;
f) in the case of analysis of a modification, the consistency with the original method of analysis.
5.2.6 If process components that are not included in API RP 14C are used, or if process components
are used in a novel way, then use of the structured techniques as described in 5.3 shall be applied or new
SAT and SAC, as described in API RP 14C, shall be developed.
5.3 Functional requirements for analysis using structured review techniques
5.3.1 A risk management process shall be applied for
a) identification of hazards,
b) assessment of the risk (this may be qualitative or quantitative), and
c) control of risks.
Use of ISD should be applied to reduce the risk, if practical.
Guidance on application of ISD is in ISO 17776:2016, Annex D.
5.3.2 Structured review techniques shall be selected based on factors including but not limited to the
particular features of the installation and its process. Guidance on the selection of tools and techniques is
in ISO 17776:2016, Annex C.
5.3.3 A strategy for managing process hazards shall be developed based on the results of the risk
management process. The following elements shall be included or referenced in the strategy:
a) application of inherently safer design philosophy;

b) process control, plant start-up and shutdown philosophy;
c) ESD philosophy including plant segregation philosophy;
d) relief and blowdown philosophy;
e) flare and vent philosophy.
5.3.4 A systematic study shall be made to determine those credible undesirable events (such as, but
not limited to, overpressure, over filling) in the process that would result in hazardous events. The study
shall cover all anticipated modes of operation and assess the adequacy of protection systems for these
undesirable events. Guidance for relief is contained in ISO 23251 or API Std. 521.
5.3.5 Process safety system shall be designed to cater for all anticipated operating modes including
start-up and shutdown.
5.3.6 The design of the process safety system shall include
a) functional requirements of the process safety system,

b) SIL of each safety instrumented system shutdown loop,
c) bypasses required by the system, and

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

d) reliability, availability and maintainability of the process safety system components.

NOTE Bypasses prevent an automatic action, on a temporary basis, to allow continued operation.
5.3.7 The analysis technique shall be applied to all process components, from and including topside
wellhead or boarding valve to the most downstream discharge point and including injection systems,
and shall be incorporated into the overall safety system assessment.
6 Process safety system design
6.1 Objectives
The objectives of the process safety system are to
a) protect personnel, the environment, and the facility from process hazards,
b) prevent the release of hydrocarbons or other hazardous materials, and to minimize the adverse
effects of such releases, including escalation,
c) shut in the process or affected part of the process to stop the flow of hydrocarbons or other
hazardous materials to a leak or overflow,
d) prevent ignition of released hydrocarbons or other flammable materials, and
e) shut in the process in the event of a gas release or a fire.
6.2 Functional requirements
6.2.1 The design basis for the process safety system shall include the following:
a) good engineering practice based on relevant codes, standards and industry guidance;
b) use of proven analysis techniques to determine the minimum requirement for a process component.
6.2.2 Process components on a production platform, comprising the entire process from topside
wellhead or boarding valve to the most downstream discharge point and including injection systems,
shall be incorporated into the overall safety system assessment.
6.2.3 Protection measures shall be provided to protect each process component in order to
a) prevent the uncontrolled release of hydrocarbons or other hazardous materials, and

b) minimize the consequences of an uncontrolled release.
6.2.4 Protection measures shall be provided to
a) isolate the process in order to minimize the consequences of a leak or overflow,

b) initiate shutdown or isolation of ignition sources in the event of the release of flammable vapours,
c) shut-in the process in the event of a fire, or gas accumulation, and
d) depressurize the inventory, if necessary, based on risk evaluation, by connecting process safety
systems to the system for discharging gas to the atmosphere.
6.2.5 The process safety system provided shall be independent of and in addition to the process control
devices used in normal process operation. Failure of the normal process control system shall not cause a

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

dangerous failure of the process safety system or impede the process safety system from responding to
an abnormal event.
6.2.6 The location of SDVs shall be determined based on the following:
a) detailed flow schematic and operating parameters;

b) process segregation/isolation philosophy which considers plant functions, inventories and
maintenance/availability requirements;
c) fire and explosion studies.
6.2.7 SSSVs shall be installed below the mudline to prevent uncontrolled well flow in the event of an
emergency situation. SSCSSVs should shut in if well rate exceeds a predetermined rate that might indicate
a large leak. SCSSVs shall shut in when activated by an ESD system and/or a fire loop. Guidance for the
design and installation of SSSVs is covered in ISO 10417.
6.2.8 If events that are external to the process result in fire and/or hazardous materials release, the
safety system shall shut down all platform activity except that which is necessary for firefighting and
other emergency operations.
NOTE Such events can be caused by natural phenomena, ship or helicopter collision, failure of tools
and machinery, or mistakes by personnel. These types of events can be prevented or minimized through the
implementation of a structured system to manage safety which includes the safe design of tools and machinery,
safe operating procedures for personnel and equipment, and personnel training.
6.2.9 The process safety system provides protection in the following ways:
a) automatic monitoring and automatic protective action if an abnormal operating condition,

indicating an undesirable event, is detected by one or more sensors;
b) protective action if manually actuated by personnel who observe or are alerted to an abnormal
operating condition by an alarm;
c) continuous protection by support systems that limit the volume and effects of escaping
hydrocarbons.
ESD system shall be provided for all offshore installations. ESD systems for not continuously occupied
installations shall be designed to ensure that personnel are able to actuate the ESD system locally.
6.2.10 When an abnormal condition is detected in a process component (by a safety device or by
personnel), all input sources of hazard shall be shut off or diverted to other components if they can be
safely handled. If shutoff is selected, process inputs should be shut off at the primary source of energy
(wells, pump, compressor, pipeline, etc.).
6.2.11 The process safety system shall provide two levels of protection to prevent or minimize the
consequences of an undesirable event within the process using functionally different types of device. If
it is not practicable to provide two functionally different types of protection device, then two sets of the
same function safety device may be used, provided it can be demonstrated that they are suitable for the
function intended and that the expected demands and common modes of failure have been considered.
NOTE Functionally different types of devices are for example instrumented and mechanical device, as
similar devices have the same characteristics and can have the same mode of failure.
6.2.12 The two levels of protection are normally the first to act (primary) and the next to act (secondary).
Judgment is required to determine these two levels for a given situation.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

NOTE As an example, two levels of protection from a rupture due to overpressure might be provided by
a PSH, which could be used to initiate isolation of the affected equipment before rupture can occur, and a PSV,
which prevents a rupture by relieving excess volumes to a safe location.
In selecting the setting for the primary level of protection

a) the value shall be above the maximum normal operating pressure including allowance for accuracy
of setting and normal process disturbances,
b) the value shall be below the secondary protection level setting, including allowance for accuracy of
both level settings, and
c) the rate of rise of the process parameter and the speed of response of the system shall be taken into
account.
6.2.13 If instrument-based systems are used as both the primary and secondary methods of protection,
SIFs shall be assigned a SIL and designed and implemented in accordance with the IEC 61511 series.
Under the API RP 14C approach, if an instrument-based system is used for primary protection, it will not
need to conform with the IEC 61511 series, provided the secondary protection system is self-actuating
and meets the requirements of relevant codes and standards.
Under the approach using structured review techniques, each safety instrumented function is assigned
a SIL (see 5.3.6) and designed and implemented in accordance with the IEC 61511 series.
6.2.14 An ESS is required for emergency situations that result in fire and gas events that could cause
a risk to the facility or to the personnel. The ESS shall not be used as the sole or secondary level of
protection for overpressure.
The ESS does not need to meet the requirements of the IEC 61511 series, unless it is part of a safety
instrumented function.
Guidance on ESS is provided in Annex A.
6.2.15 The ESS shall minimize the effects of escaped hydrocarbons and toxic fluids on offshore
production platforms. The ESS can include the following:
a) a flammable gas detection system to sense the presence of escaped hydrocarbons and initiate
platform shutdown;
b) where necessary, a toxic gas detection system to sense the presence of toxic gases and initiate
platform shutdown;
NOTE 1 Annex B provides guidelines and methods of handling toxic gases.
NOTE 2 Categorization of the facilities according to toxic gas hazard for personnel access is implemented
to indicate areas where specific protective means are required (breathing apparatus, portable and fixed
detections, etc.). An example is given in Annex B.
c) a containment system to collect escaped liquid hydrocarbons and initiate platform shutdown;
d) devices to sense the heat or flame from a fire and initiate platform shutdown (e.g. flame detection,
heat detection, smoke detection, fire loop);
e) a method to manually initiate platform shutdown by personnel observing abnormal conditions or
undesirable events;
f) SSSVs that may be self-actuated (SSCSSV) or activated by an ESD system and/or a fire loop (SCSSV);
g) blowdown process components to divert hydrocarbon gas inventory to a safe location in the case of
a fire or leak.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

6.2.16 The ESS shall be designed to meet the functional requirements as specified in the FES developed
in accordance with ISO 13702.
NOTE The integrity of a platform system depends on proper operation of several other support systems.
6.2.17 The process safety system design shall include arrangements for controlling and managing the
following:
a) bypasses on shutdown loops;

b) resetting of tripped shutdown loops;
c) testing of primary and secondary devices;
d) management of change to the process or shutdown loops and shutdown systems.
6.2.18 Each protection measure shall have a functional specification that defines the technical and
operational requirements it needs to meet in order to achieve its safeguarding functions.
6.2.19 Where systems have been specified as a result of applying structured review techniques
in accordance with 5.3, they shall be installed, maintained and tested to meet the functional and
performance requirements determined to be necessary by the analysis techniques used.
6.2.20 The design of the process safety systems shall be documented, including the following:
a) hazards and hazardous events that have been used as a basis for the design;
b) records of any SIL determination and assumptions made;
c) specifications and drawings;
d) functions required and cause and effect diagrams (including inputs and outputs of the ESS);
e) details of equipment used to prevent hazardous events occurring and mitigate the consequences;
f) index of alarms and trips;
g) index of PSVs and associated sizing basis.
6.2.21 Documentation shall be maintained and controlled throughout the design and operation of the
installation.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

Annex A
(informative)
Support systems
A.1 General
ESSs should be provided in accordance with Annex G of API RP 14C (8th edition).
A.2 Guidance for emergency support systems

A.2.1 Purpose
The ESS is used as protection against leakage and the performance requirements for the system will
need to be determined. For manned installations, fire and gas detection and ESD systems are likely to
contribute to reducing risk, and should be engineered to achieve the functional requirements identified
in the FES as described in ISO 13702.
A.2.2 Functions of the ESS

The primary function of the ESS is to isolate the installation from the reservoir and pipelines. The ESS
can also be used for additional functions, including the following:
a) isolation to segregate sections of the installation;
b) initiation of blowdown;
c) isolation of electrical equipment to prevent further development of electrical fires;
d) initiation of shutdown of ventilation system to minimize ingress of smoke or flammable gas;
e) initiation of isolation of electrical equipment and other potential ignition sources upon detection of
flammable gas, to minimize risk of ignition;
f) initiation of AFP systems if these have been provided to control or mitigate fires;
g) initiation of muster of personnel.
The criticality of the additional functions should be considered, assessed and managed accordingly.
A.2.3 General approach
A.2.3.1 General
Irrespective of the design approach adopted, it is important that the risk reduction required from
the fire and gas detection and protection functions are assessed to ensure that the system will have
adequate integrity to fulfil its role.
A.2.3.2 Fire and gas detection
The technique applied for the assessment of fire and gas detection should
a) be systematic,
b) be auditable,

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

c) produce consistent results, and

d) take into account the hazards in the areas where detection is provided.
Furthermore, the system design, maintenance and testing should take into account the required
reliability.
Fire and gas detection and associated protective functions reduce the risk in the local area where they
are installed and also reduce the risk of a local incident escalating into a hazardous event with very
severe consequences. The effectiveness of fire and gas detection and protective functions in preventing
local consequences can be limited because performance is dependent on many factors related both to
the capabilities of the devices, the nature of the events that can arise and the environment in which they
are located. ISA-TR 84.07-2010 provides more information on the limitations of fire and gas systems.
Examples of the factors that affect performance and limit the ability to set simple performance targets
include the following:
a) there are likely to be a number of hazardous events that can arise in any area, each with potentially
many different outcomes;
b) the outcome of the event is a function of the speed of detection, which itself is related to the size of
the event and the location within the area;
c) partial failure to initiate planned actions may not always significantly increase the risk to people
or to the location;
d) manual detection can occur and initiate the required functions before the detection system has
responded (e.g. by operation of field-mounted shutdown devices);
e) leak frequencies for each possible source of leak are higher for low leakage rates and lower for high
leakage rates;
f) coverage factors (the probability that a leak will be detected by sensors) for a particular leak source
depend on the size of leak and the number and location of detectors;
g) not all of the actions taken will be necessary for every source of release.
A.2.3.3 Safety integrity level approach
Other protection features such as blowdown, blast and fire resistance, ventilation, design of the
temporary refuge and the evacuation, escape and rescue features should also be considered when
evaluating the contribution of the ESS to the overall risk reduction required to reduce the likelihood of
escalation resulting in very severe consequences to people or to the location.
Risk reduction requirements for safety instrumented systems can be determined by using a qualitative
or a quantitative approach as described in the IEC 61511 series.
Where the ESS forms part of SIF(s), guidance on assigning a SIL is provided in the IEC 61511 series.
A.3 Blowdown and discharging gas to atmosphere

A.3.1 Purpose
Systems for discharging gas to the atmosphere provide a means for conducting discharged gas from
process components under normal conditions (flare, vent) and abnormal conditions (relief) to safe
locations for final release to the atmosphere.
As an alternative, discharged gas under normal conditions may be collected and returned to the
process. In such cases if there is a need for depressuring, a control valve is normally installed to act as
a vent valve and this directs the flow of relieved gas to the flare. A rupture disk is normally included in

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

parallel to the vent valve to ensure that failure of the valve or associated instrumentation does not lead
to a problem.
A.3.2 Description
Gas discharge systems originate at the normal gas exit or PRD of a process component and terminate at
the designated safe locations. They can vary from an exit nipple on an individual PRD or control valve
to a piping network connected to the outlet of several valves. If gas is discharged from a pressure vessel
during normal operation (i.e. to flare or vent), a knock-out drum should be provided to remove liquid
hydrocarbons.
A.3.3 Design considerations

Atmospheric gas discharge systems should be designed in accordance with ISO 23251, API Std. 521,
API Std. 2000, or nationally or internationally recognized pressure vessel codes.
Gas discharge systems should be designed so that back pressure, including inertial forces developed at
maximum instantaneous flow conditions, will not exceed the working pressure of the lowest pressure
rated item. Subject to blockage evaluation, flame arrestors can be used in vent systems to reduce the
danger of combustion within the component from an external source. A flare knock-out drum should
be a pressure vessel designed to handle maximum anticipated flow. Consideration should be given to
hydrate potential, flare capacity and flare radiation.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

Annex B
(informative)
Toxic gases
B.1 General
This annex provides guidelines and methods of handling sour production [e.g. production containing
hydrogen sulfide (H2S)] on offshore platforms. This annex includes discussion of general criteria, toxic
gas detectors, and atmospheric discharging systems. These are essential systems and procedures that
provide a minimum level of protection to the facility and personnel by initiating shut-in functions or
reacting to minimize the consequences of released toxic gases. In addition to the recommendations in
this annex, API RP 55 should be consulted.
Accumulations of toxic gases or vapours are more likely to occur in enclosed and poorly ventilated
areas containing a source of H2S. Methods for increasing safety and minimizing personnel exposure
include improving ventilation and installing toxic gas detection systems. These systems should alert
personnel by unique audible and visual alarms, as appropriate for the area or zone where low-level
concentrations of toxic gases have been detected. These systems can also initiate executive actions to
increase ventilation and shut off the gas source. In exploration and production operations, toxic gases
are normally encountered as constituents of hydrocarbon gases and vapours which are flammable.
Ignition sources should be eliminated and electrical installations should be made in accordance with
API RP 14F.
Strict controls should be used when exposing materials to an environment containing H2S. Many
materials can suddenly fail by a form of embrittlement known as SSC that increases as strength
and tensile stress (residual or applied) increase. Material hardness is frequently used as an indirect
measurement of strength and sometimes is referenced as a limiting parameter. The failure of certain
producing and gas processing components used in the SSC regime could allow the uncontrolled release
of H2S to the atmosphere. Guidelines for equipment and materials selection on the basis of resistance to
SSC and corrosion is provided by ISO 15156-1, ISO 15156-2 and ISO 15156-3.
B.2 Installation, operation, and testing of fixed detection systems

Decisions on the installation of fixed H2S detectors and their placement involve consideration of many
variables, including concentration of toxic gas in process streams, specific gravity of the gas mixture,
process pressure, atmospheric conditions, ventilation, equipment location, type of decking (solid or
grated), and direction of prevailing winds. A detailed design analysis that might include dispersion
modelling should be performed to determine the need for and placement of detector systems.
Within a specific facility, the potential for H2S to be present in the atmosphere varies from location
to location. Areas within the facility may be categorized according to their H2S risk, for example, as
follows.
a) Category 0: Areas where H2S in the atmosphere is encountered during normal operations and
which cannot be made H2S free, e.g. within legs and storage cells of gravity-base structures.
Entry to and work in such areas requires the use of breathing apparatus at all times. Since toxic gas
is always likely to be present, installation of a fixed detection/monitoring system is not required
from a safety viewpoint.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

b) Category 1: Areas in which H2S can be encountered during normal operations but which can be
made safe for working by applying specific laid down procedures, e.g. utility legs of some gravity-
base structures.
Entry to such areas should only be allowed with portable toxic gas monitoring equipment. Breathing
apparatus should be worn on first entering the area until confirmation is obtained that the H2S
concentration in the atmosphere is below the OEL. Fixed detection systems are recommended
for these areas to maintain a H2S risk history but should not be used for making safety-related
decisions.
c) Category 2: Areas which are free of H2S in the atmosphere during normal operations but which
can be contaminated by a leak, system malfunction or opening up pipework or equipment.
These areas should have fixed detection linked to an alarm system providing alarm indications
both in the facility control-room and at the affected workplace. The detection system sensors may
be flammable-gas or H2S detectors depending on the concentration of H2S in the process streams,
Detector selection should take into account the cross-sensitivity of detectors to different gas
compositions and the risk of poisoning of some types of detector due to the presence of the H2S, in
consultation with the detectors manufacturer.
B.3 Systems for discharging H2S and SO2 to atmosphere

Discharge of pressure-relief and normally venting devices should be located away from work areas and
designed to provide adequate dispersion and to limit personnel exposure to H2S and SO2 concentrations
not exceeding those discussed in Annexes A and B of API RP 55 (1st edition). If dispersion modelling
determines that ignition of vented gas is required, the flare outlets should be equipped with an
automatic ignition system and contain a pilot(s) or other means to ensure combustion. On platforms
where flaring is required, failure of the automatic ignition system and loss of flare should shut in the
input source.

09/19/2023 07:32:52
DIN EN ISO 10418:2019-10
ISO 10418:2019(E)

Bibliography
[1] ISO 10417, Petroleum and natural gas industries — Subsurface safety valve systems — Design,
installation, operation and redress
[2] ISO 15156-1, Petroleum and natural gas industries — Materials for use in H2S-containing
environments in oil and gas production — Part 1: General principles for selection of cracking-
resistant materials
environments in oil and gas production — Part 2: Cracking-resistant carbon and low-alloy steels,
and the use of cast irons
environments in oil and gas production — Part 3: Cracking-resistant CRAs (corrosion-resistant
alloys) and other alloys
[5] ISO 17776:2016, Petroleum and natural gas industries — Offshore production installations —
Major accident hazard management during the design of new installations
[6] ISO 23251, Petroleum, petrochemical and natural gas industries — Pressure-relieving and
depressuring systems
[7] ISO 31000, Risk management — Guidelines
[8] IEC 62682:2014, Management of alarm systems for the process industries
[9] API RP 14F, Design and installation of electrical systems for fixed and floating offshore petroleum
facilities for unclassified and class I, division 1, and division 2 locations
[10] API RP 55, Conducting oil and gas producing and gas processing plant operation involving
hydrogen sulfide
[11] API Std. 521, Pressure-relieving and depressuring systems
[12] API Std. 2000, Venting atmospheric and low-pressure storage tanks
[13] ISA-TR 84.07-2010, Guidance on the evaluation of fire, combustible gas, and toxic gas system
effectiveness

DN en ISO 10418erdöl - Und Erdgasindustrie - Offshore-Produktionsanlagen

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

DN en ISO 10418erdöl - Und Erdgasindustrie - Offshore-Produktionsanlagen

Hochgeladen von

Copyright:

Verfügbare Formate

09/19/2023 07:32:52

DEUTSCHE NORM Oktober 2019

DIN EN ISO 10418

Erdöl- und Erdgasindustrie –

DIN-Normenausschuss Erdöl- und Erdgasgewinnung (NÖG)

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

IEC 61511 (all parts) siehe DIN EN 61511 (alle Teile)

ISO 13702 siehe DIN EN ISO 13702

b) Sicherheitsanalysetabellen (SATs) sowie Sicherheitsanalyse-Prüflisten (SAC) wurden gelöscht und

DIN EN ISO 10418: 2005-07

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

Begriffe und Abkürzungen

3 Begriffe und Abkürzungen

Für die Anwendung dieses Dokuments gelten die folgenden Begriffe.

 ISO Online Browsing Platform: verfügbar unter http://www.iso.org/obp

 IEC Electropedia: verfügbar unter http://www.electropedia.org/

[QUELLE: IEC 62682:2014, 3.1.7]

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

[QUELLE: ISO 13702:2015, 3.1.24]

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

BEISPIEL Abscheider, Heizung, Pumpe, Tank.

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

BEISPIEL Überdruck, Unterdruck, Gasübertritt, Flüssigkeitsüberlauf.

AFP aktiver Brandschutz (en: active fire protection)

ESD Notabschaltung (en: emergency shutdown)

FES Brand- oder Explosionsstrategie (en: fire and explosion strategy)

ISA Internationale Gesellschaft für Automatisierung (en: International Society of Automation)

ISD inhärent sichere Konstruktion (en: inherently safer design)

OEL Grenzwert im Arbeitsbereich (en: occupational exposure limit)

PFD Prozessablaufdiagramm (en: process flow diagram)

P&ID Rohrleitungs- und Instrumentierungsdiagramm (en: piping and instrumentation diagram)

PSV Sicherheitsventil (en: pressure safety valve)

SAC Prüfliste für die Sicherheitsanalyse (en: safety analysis checklist)

SAT Tabelle für die Sicherheitsanalyse (en: safety analysis table)

SIL Sicherheits-Integritätslevel (en: safety integrity level)

SSC schwefelwasserstoffinduzierte Spannungsrisskorrosion (en: sulfide stress cracking)

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

DIN EN ISO 10418:2019-10

DIN EN 62682:2016-02, Alarmmanagement in der Prozessindustrie (IEC 62682:2014); Deutsche Fassung

DIN EN ISO 10417, Erdöl- und Erdgasindustrie — Untertage-Sicherheitsventilsysteme — Auslegung, Einbau,

DIN EN ISO 17776:2017-04, Erdöl- und Erdgasindustrie — Offshore-Produktionsanlagen — Management der

DIN ISO 31000, Risikomanagement — Leitlinien

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

EUROPEAN STANDARD EN ISO 10418

ICS 75.180.10 Supersedes EN ISO 10418:2003

Petroleum and natural gas industries - Offshore

This European Standard was approved by CEN on 20 May 2019.

EUROPEAN COMMITTEE FOR STANDARDIZATION

CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

This document supersedes EN ISO 10418:2003.

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

Annex B (informative) Toxic gases........................................................................................................................................................................15

© ISO 2019 – All rights reserved ﻿ iii

Hochschulbibliothekszentrum des Landes Nordrhein-Westfalen (HBZ)

iv ﻿ © ISO 2019 – All rights reserved

© ISO 2019 – All rights reserved iii

iv © ISO 2019 – All rights reserved

© ISO 2019 – All rights reserved v

vi © ISO 2019 – All rights reserved

INTERNATIONAL STANDARD ISO 10418:2019(E)

© ISO 2019 – All rights reserved 1

2 © ISO 2019 – All rights reserved

© ISO 2019 – All rights reserved 3

4 © ISO 2019 – All rights reserved

© ISO 2019 – All rights reserved 5

6 © ISO 2019 – All rights reserved

© ISO 2019 – All rights reserved 7

8 © ISO 2019 – All rights reserved

© ISO 2019 – All rights reserved 9

10 © ISO 2019 – All rights reserved