Process alarm or shutdown systems provide interlocks, alarms, safety sequences, and trips to either prevent an abnormal, unsafe event from occurring or to minimize the consequences of that event. In most cases, the need for such protective systems depends upon a realistic assessment of the process being handled, the location, the probability of equipment failure or operator inattention resulting in a possibly dangerous situation, and the severity of the consequences. No single alarm or shutdown system design is suitable for every application.
In general, a protective system should be considered if:
• Equipment malfunction or incorrect operation can result in risk of injury, damage to equipment, or lost production
• Facility is unattended
• Safe plant shutdown involves a critical sequencing of individual unit and equipment shutdowns
• The operator cannot respond quickly enough to avoid a hazardous condition
• There is a possibility of personnel being in or close to the plant during a potentially hazardous upset
• There is a risk of release of flammable or toxic materials in the event of equipment malfunction
• An installation represents a high capital investment
As the severity of the event or the likelihood of the event increases, the integrity of the shutdown system should increase. Redundancy, diversity, reviews, acceptance test, periodic tests, and keeping the design simple all increase the integrity of the shutdown system.
Shutdown systems perform functions that are different from those performed by alarm-only systems. A shutdown system, upon receiving input that a process condition is possibly dangerous, automatically closes valves, opens valves, or activates other equipment to bring the plant to a shutdown condition. An alarm system merely informs the operator that a possibly dangerous condition has occurred, leaving the response to that condition up to the operator. Though functionally different, many design features of these two systems are identical.