130 likes | 311 Views
MICE Hydrogen Safety Functions IEC61508 Compliance & Emergency Procedures. MICE Safety Review Meeting 4 th Oct 2011 PJ Warburton - Daresbury Lab. IEC 61508. Functional Safety of electrical / electronic / programmable electronic safety – related systems
E N D
MICE Hydrogen Safety FunctionsIEC61508 Compliance & Emergency Procedures MICE Safety Review Meeting 4th Oct 2011 PJ Warburton - Daresbury Lab
IEC 61508 • Functional Safety of electrical / electronic / programmable electronic safety – related systems • Functional safety is part of the overall safety that depends on a system or equipment operating correctly in response to its inputs • Neither safety nor functional safety can be determined without considering the systems as a whole and the environment with which they interact • Safety – The freedom from unacceptable risk of harm
SIL Rating • Tolerable Risk 10-5 Fatalities per Year From RAL Safety • How Safe is H2 System
IEC 61508 Compliance Process • LOPA Study conducted Nov 2010 based on HAZOP Report from Serco June 2006 • Panel consisted of representatives from FSC, MICE project at RAL & DL and RAL Safety • Identified 2 Systems requiring SIL Functions • Plus 2 to be considered but not requiring formal SIL Ratings
SIL Rated Safety Functions • Following LOPA study the following events were found to require SIL rated safety systems • Buffer Tank Over Pressure • Leading to a release of hydrogen and ignition leading to multiple deaths • Build up of impurities in Cryostat (Ins Vac) • Build up of impurities over a period of time, pressurisation and heating of hydrogen leading to a rupture & Explosion leading to multiple deaths
Not Quite SIL Rated • Following LOPA study the following events were found Not to require SIL rated safety systems • Hydride Bed Over Pressure • Over heating of Metal Hydride Bed Leading to a release of hydrogen and ignition leading to multiple deaths • Temperature Rise in Absorber Volume • Causing pressurisation and heating of hydrogen leading to a rupture & Explosion leading to multiple deaths • Same outcome as Buffer Tank Over Pressure
Buffer Tank Over Pressure • Build up of pressure causing leaks in pipework and Hydrogen to escape • SIL 1 Required PFD 1.00E-01 (1 out 10) • Solution detect the H2 before it reaches explosive levels • Install a gas Detection System alarm 50% LEL • 2 Detectors / Beacons per location on separate loops • Detection system subject to annual checks • PFD Achieved 1.51E-02 (<2 out 100) = SIL 1 • PFD = Probability of Failure on Demand • H2 LEL = 4%
Build up of impurities in Cryostat (Insulation Vacuum) • Over time Cryostat insulation vacuum may build up impurities. - O2 Leaking In – H2 Leaking Out • Depending on Temperature / Pressure an Explosive atmosphere may form • Temp & Level Sensors are Ex i • Heaters are not so operation needs to be prevented if vacuum is not good – below 10-3
Build up of impurities in Cryostat (Insulation Vacuum) • SIL 2 Required PFD 6.73E-03 (~7 out 1000) • Solution interlock heater power supply • Use 1 Set Point on existing Vac Gauge & Controller • Additional Set Point from new Vac Gauge & Controller • Guard Line A & B Relays to turn of heater power supply Hardwired I/L • Guard Line A & B inputs also into PLC for Software I/L • PFD Achieved 3.76E-03 (~4 out 1000) = SIL 2
Emergency Actions • Return hydrogen to Bed if possible • Vent hydrogen to atmosphere via vent line • IF PLC goes off • Vacuum pumps stay on • Hydride Bed set to ‘chill’