What is an Emergency Shutdown System?
Welcome to another article made by RealPars! Today we are going to learn about what an Emergency Shutdown or ESD system is.
Emergency Shutdown vs. Emergency Stop
So, what is an Emergency Shutdown System? Let us consider a small control system assembling a toy car.
We have several parts that need to go in a certain place. We have two sets of wheels, a base where the wheels attach, and the shell of the vehicle which sits atop the completed base. Sounds simple, right?
Well, what would happen if there was a problem with the control system, and the parts got assembled in the wrong order?
If that was the case, to prevent damage to the machine, an operator may choose to perform an Emergency Stop, to be able to quickly stop the machine and make it safe to enter.
This is the premise behind something that is used in almost any control system you can think of, all over the world.
Our toy car example demonstrates the function of an emergency stop, whereas what we are going to learn about in this article, is an Emergency Shutdown, something which is a little different than a standard emergency stop function.
What an Emergency Shutdown does which an Emergency Stop does not, is to be able to detect a potentially hazardous condition and react to it by shutting the system down to protect personnel, facilities, and even the environment.
How an Emergency Shutdown System Works
Now we are going to consider an Emergency Shutdown in a real-world environment, in the Oil and Gas industry.
In the Oil and Gas industry, an Emergency Shutdown is a safety system that is designed to minimize the consequences of an emergency situation, such as a failure, to reduce the potential of flooding, escape of hazardous materials, or outbreak of fire.
This is normally done by monitoring the state of field mounted sensors, valves, trip relays and inputs to a control system as alarms.
The control system is able to determine a cause and effect type analysis which are determined to protect the facility.
The Emergency Shutdown does not need to completely shut down the entire plant. This can sometimes be more dangerous.
What the system will do is to minimize the effects. It could be to reduce the number of plant items available or shut down part of the systems.
In the event of a fire, a Fire Damper control system may override existing controls to open or close vents as needed, and close fire doors.
Applications of Emergency Shutdown Systems
There are so many examples of what an Emergency Shutdown system might be used for. So let’s review some of them.
1. Hydrocarbon Inventories’ Isolation System
In a system that isolates hydrocarbon inventories, it is of great importance that an Emergency Shutdown system is effective so that nothing is released into the atmosphere.
2. Emergency Ventilation System
Another important use of an Emergency Shutdown is in an Emergency Ventilation system.
When a problem is detected which requires rapid venting, it is crucial that a safety system can detect and react to the problem, or even detect it before it becomes one.
An example of an Emergency Ventilation system could be a smoke detection system.
If a fire is detected, the system would likely shut down all plant equipment to contain the fire, not allowing oxygen in to allow it to burn, but if smoke was detected they may want to vent the smoke out, therefore switching on plant equipment to do so.
You can learn more about the smoke detection and Fire Alarm Systems in this article.
Emergency Shutdown systems usually have their own logic controller, one that reacts to failures much faster than a normal PLC system.
Milliseconds count, and can be the difference between a problem and a catastrophic failure.
What is Safety Integrity Level?
Safety systems use a classification based on risk and probability. This is called Safety Integrity Level or SIL for short. There are 4 levels to SIL;
1. Safety Integrity Level 1 (SIL 1)
SIL Level 1 represents the integrity required to avoid relatively minor incidents and is likely to be satisfied by a certain degree of fault-tolerant design using guidelines that follow good practice.
2. Safety Integrity Level 2 (SIL 2)
SIL Level 2 represents the integrity to avoid more serious, but limited, incidents some of which may result in serious injury or death to one or more persons.
3. Safety Integrity Level 3 (SIL 3)
SIL Level 3 represents the integrity required to avoid serious incidents involving a number of fatalities and/or serious injuries.
4. Safety Integrity Level 4 (SIL 4)
SIL Level 4 represents the integrity level required to avoid disastrous accidents.
When designing the safety system, the required level, and associated risk is taken into account by using a safety matrix.
This will look at each of the risks, and attach a probability and consequence to them, to get to the required safety integrity level required for the safety system.
Wow! That is a lot to take in, and we understand if you need to read this article again to take it all in again!
Summary
Safety systems are essentially separate control systems that interrupt main PLC controllers under emergency conditions, such as an Emergency Shutdown scenario.
Different to an Emergency Stop pushbutton on a panel, or inside a machine cell, the Emergency Shutdown system can detect potential failures based upon field sensors, valves, and trip relays and react quicker than us humans can to stop the escalation of a small problem becoming a catastrophe!
Every alarm on a system is assigned a rating based upon its probability to occur and the consequence if it does.
The higher the potential consequence, the higher the integrity rating of the safety system is required to be.
Of course, there are other factors that can be involved, but these are designed and implemented on a case by case basis.
Got a friend, client, or colleague who could use some of this information? Please share this article.
The RealPars Team
Join the Top 1% of Automation Engineers
Start Your 7-day Free TrialLearn from Industry Experts
With a 7-day trial, then €25/month