Petroleum and natural gas industries — Offshore production installations — Process safety systems

This document provides objectives, functional requirements and guidelines for techniques for the analysis and design of surface process safety systems for offshore installations used for the recovery of hydrocarbon resources. It also provides recommendations and requirements on support systems which complement the process safety systems in reducing risk. NOTE These are not intended to be exhaustive. The scope of this document is limited to specifying the methods by which the asset is protected against loss of containment of hydrocarbon or other hazardous materials. This document is applicable to a) fixed offshore structures, and b) floating offshore production installations for the petroleum and natural gas industries. This document is not applicable to mobile offshore units and subsea installations. NOTE Nevertheless, many of the principles contained in this document can be used as guidance.

Industries du pétrole et du gaz naturel — Plates-formes de production en mer — Systèmes de sécurité des procédés

General Information

Status
Published
Publication Date
19-May-2019
Current Stage
6060 - International Standard published
Start Date
11-Jan-2015
Completion Date
20-May-2019
Ref Project

Relations

Buy Standard

Standard
ISO 10418:2019 - Petroleum and natural gas industries -- Offshore production installations -- Process safety systems
English language
17 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO
STANDARD 10418
Third edition
2019-05
Petroleum and natural gas
industries — Offshore production
installations — Process safety systems
Industries du pétrole et du gaz naturel — Plates-formes de production
en mer — Systèmes de sécurité des procédés
Reference number
ISO 10418:2019(E)
©
ISO 2019

---------------------- Page: 1 ----------------------
ISO 10418:2019(E)

COPYRIGHT PROTECTED DOCUMENT
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

---------------------- Page: 2 ----------------------
ISO 10418:2019(E)

Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms . 1
3.1 Terms and definitions . 1
3.2 Abbreviated terms . 5
4 Symbols and identification for protection devices . 5
4.1 Objectives. 5
4.2 Functional requirements . 6
5 Safety analysis concepts . 6
5.1 Objectives. 6
5.2 General functional requirements . 6
5.3 Functional requirements for analysis using structured review techniques . 7
6 Process safety system design . 8
6.1 Objectives. 8
6.2 Functional requirements . 8
Annex A (informative) Support systems .12
Annex B (informative) Toxic gases .15
Bibliography .17
© ISO 2019 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO 10418:2019(E)

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www .iso .org/iso/foreword .html.
This document was prepared by Technical Committee ISO/TC 67, Materials, equipment and offshore
structures for petroleum, petrochemical and natural gas industries, Subcommittee SC 6, Processing
equipment and systems.
This third edition cancels and replaces the second edition (ISO 10418:2003), which has been technically
revised. It also incorporates the Technical Corrigendum ISO 10418:2003/Cor.1:2008. The main changes
compared to the previous edition are as follows:
— safety analysis tables (SATs) and safety analysis checklists (SACs), which previously were reproduced
from API RP 14C, have been deleted and replaced by references to the analysis methods included in
API RP 14C;
— simplification of annexes to avoid duplication of API RP 14C content.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO 2019 – All rights reserved

---------------------- Page: 4 ----------------------
ISO 10418:2019(E)

Introduction
Effective management systems are required to address health and safety aspects of activities
undertaken by companies associated with offshore recovery of hydrocarbons. These management
systems are applied to each stage in the lifecycle of an installation and to related activities.
One key aspect of effective management systems is a systematic approach of identification of hazards
and the assessment of the risk, in order to aid decision-making on the need for risk-reduction measures.
Selection of risk-reduction measures entails the use of sound engineering judgement informed
by recognition of the particular circumstances, which can prompt variation to past practices and
previously applied codes and standards.
Risk reduction measures include those to minimize and eliminate hazards by design (i.e. use of
inherently safer designs), to prevent incidents (i.e. reducing the probability of occurrences), to control
incidents (i.e. limit the scale, intensity and duration of a hazardous event), and to mitigate effects (i.e.
reducing the consequences).
Extent of hazard identification and risk assessment activities will vary depending on the stage in the
installation lifecycle, as well as process conditions, degree of standardization, complexity, number of
persons on board and the installation’s overall estimated level of risk.
For installations in the early design phases, the evaluations will necessarily be less detailed than those
undertaken during later design phases. Design assumptions developed during these early stages are
normally verified before the installation becomes operational.
Process safety systems are provided to prevent, detect, control or mitigate undesirable events in
process equipment.
This document sets out three options for identifying appropriate process safety systems. The first
option is to adopt the prescriptive approach specified in API RP 14C. The second approach is to use
structured review techniques to identify hazards and evaluate risk, with process safety systems being
provided based on the results of this more specific analysis. The third option is to use a combination
of the first two. The use of the structured review techniques is likely to be of benefit for more complex,
novel or higher hazards systems.
Figure 1 illustrates the relationship of this document to other documents that play a key role in designing
offshore process safety systems. Under the overarching risk management principles of ISO 31000,
ISO 17776 provides a framework for managing major accident hazards throughout the facility lifecycle.
This document provides requirements and guidelines for process safety systems with more detailed
and specific guidance and requirements for particular elements provided in other documents, most
notably ISO 13702, ISO 23251 and the IEC 61511 series.
The approach described in this document is intended to be applied in an iterative way. As the design
proceeds, hazards that are introduced or changed are systematically identified and the need for
additional risk-reduction measures evaluated.
This document has been prepared primarily to assist in the development of new installations. It is not
always appropriate to apply certain requirements to an existing installation. During the planning of a
major modification to an installation, there can be greater opportunity to implement the requirements.
© ISO 2019 – All rights reserved v

---------------------- Page: 5 ----------------------
ISO 10418:2019(E)

NOTE The lines between the standards illustrate the main relationships.
Figure 1 — Relationship between offshore-relevant standards
vi © ISO 2019 – All rights reserved

---------------------- Page: 6 ----------------------
INTERNATIONAL STANDARD ISO 10418:2019(E)
Petroleum and natural gas industries — Offshore
production installations — Process safety systems
1 Scope
This document provides objectives, functional requirements and guidelines for techniques for the
analysis and design of surface process safety systems for offshore installations used for the recovery of
hydrocarbon resources.
It also provides recommendations and requirements on support systems which complement the process
safety systems in reducing risk.
NOTE These are not intended to be exhaustive.
The scope of this document is limited to specifying the methods by which the asset is protected against
loss of containment of hydrocarbon or other hazardous materials.
This document is applicable to
a) fixed offshore structures, and
b) floating offshore production installations
for the petroleum and natural gas industries.
This document is not applicable to mobile offshore units and subsea installations.
NOTE Nevertheless, many of the principles contained in this document can be used as guidance.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 13702, Petroleum and natural gas industries — Control and mitigation of fires and explosions on
offshore production installations — Requirements and guidelines
IEC 61511 (all parts), Functional safety — Safety instrumented systems for the process industry sector
API RP 14C, Analysis, Design, Installation, and Testing of Safety Systems for Offshore Production Facilities
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https: //www .iso .org/obp
— IEC Electropedia: available at http: //www .electropedia .org/
© ISO 2019 – All rights reserved 1

---------------------- Page: 7 ----------------------
ISO 10418:2019(E)

3.1.1
abnormal operating condition
condition which occurs in a process component (3.1.21) when an operating variable ranges outside of its
normal operating limits
3.1.2
alarm
audible and/or visible means of indicating to the operator an equipment malfunction, process deviation,
or abnormal condition requiring a timely response
[SOURCE: IEC 62682:2014, 3.1.7]
3.1.3
blowdown
emergency depressuring
system discharging gas to flare or other disposal system
3.1.4
containment
situation in which the hazardous material is held safely in a pressurized system
3.1.5
control
limiting the extent or duration of a hazardous event
3.1.6
ESD system
emergency shutdown system
system, activated by automatic or manual signals, which undertakes the control actions to shut down
equipment or processes in response to a hazardous situation
3.1.7
emergency support system
ESS
portion of the overall facility safety system consisting of the ESD, fire detection, gas detection,
ventilation, containment systems, sumps, blowdown system, and SSSVs (3.1.28)
3.1.8
fail-closed valve
valve which will move to the closed position upon loss of the power medium or signal
3.1.9
failure
improper performance of a device or equipment item that prevents completion of its design function
3.1.10
fire loop
pneumatic control line containing temperature-sensing elements which, when activated, will initiate
control actions in response to a hazardous situation
Note 1 to entry: Fusible plugs and synthetic tubing are examples of temperature-sensing elements.
3.1.11
functional requirements
minimum criteria which shall be satisfied to meet the stated health, safety, and environmental
objectives
[SOURCE: ISO 13702:2015, 3.1.24]
2 © ISO 2019 – All rights reserved

---------------------- Page: 8 ----------------------
ISO 10418:2019(E)

3.1.12
gas blowby
discharge of gas from a process component (3.1.21) through a liquid outlet
3.1.13
gas detection system
system which monitors spaces on an offshore installation for the presence and concentration
of flammable and/or toxic gases, initiates alarms (3.1.2), and might initiate control actions at
predetermined concentrations
3.1.14
leak
accidental escape from a process component (3.1.21) of liquid and/or gaseous hydrocarbons or other
hazardous materials to atmosphere
3.1.15
liquid overflow
discharge of liquids from a process component (3.1.21) through a gas (vapour) outlet
3.1.16
malfunction
condition of a device or equipment item that causes it to operate improperly, but does not prevent the
performance of its design function
3.1.17
maximum allowable working pressure
highest operating pressure allowable at any point in any process component (3.1.21), other than a
pipeline, during normal operation or static conditions
3.1.18
mobile offshore unit
mobile platform, including drilling ships, equipped for drilling for subsea hydrocarbon deposits, and
mobile platform for purposes other than production and storage of hydrocarbon deposits
Note 1 to entry: Includes mobile offshore drilling units, drillships, accommodation units, construction and
pipelay units and well servicing and well stimulation vessels.
3.1.19
overpressure
pressure in a process component (3.1.21) in excess of the maximum allowable working pressure (3.1.17)
Note 1 to entry: For pipelines, refer to relevant design code for the definition of the maximum allowable working
pressure.
3.1.20
PRD
pressure relief device
device actuated by inlet static pressure and designed to open during emergency or abnormal conditions
to prevent a rise of internal fluid pressure in excess of a specified design value
Note 1 to entry: The device can be a pressure-relief valve (pressure safety valve), a rupture disk device, or a
buckling pin device.
3.1.21
process component
single functional piece of production equipment and associated piping used on processing and injection
facilities
EXAMPLE Separator, heater, pump, tank.
© ISO 2019 – All rights reserved 3

---------------------- Page: 9 ----------------------
ISO 10418:2019(E)

3.1.22
process safety system
system consisting of devices used on a facility to prevent or mitigate the potentially undesirable events
(3.1.32) that can occur within the process
3.1.23
protection device
instrument or item of equipment used within a protection system
3.1.24
safety instrumented system
instrumented system used to implement one or more safety instrumented functions
Note 1 to entry: A safety instrumented system is composed of any combination of sensor(s), logic solver(s), and
final element(s).
Note 2 to entry: The primary function of a safety instrumented system is to detect and initiate control or
mitigation action when there is a potentially hazardous situation.
3.1.25
safety integrity level
discrete level (one out of four) allocated to the safety instrumented function (SIF) for specifying the
safety integrity requirements to be achieved by the safety instrumented system (3.1.24)
Note 1 to entry: Further details (including definition of SIF) are given in IEC 61511-1:2017.
3.1.26
sensor
device which automatically detects an operating condition and transmits a signal to initiate/perform a
specific control function
Note 1 to entry: Process component shutdown is an example of a control function initiated by a sensor.
3.1.27
SDV
shutdown valve
automatically operated, fail-closed valve (3.1.8) used for isolation
3.1.28
subsurface safety valve
SSSV
automatically operated device installed in a well below the mudline and having the design function to
prevent uncontrolled well flow in response to a hazardous situation
3.1.29
SSCSSV
subsurface-controlled subsurface safety valve
SSSV (3.1.28) actuated by the pressure characteristics of the well
3.1.30
SCSSV
surface-controlled subsurface safety valve
SSSV (3.1.28) controlled from the surface by hydraulic, electric, mechanical or other means
3.1.31
surface safety valve
automatically operated wellhead valve assembly which will isolate the reservoir fluids upon loss of the
power medium
4 © ISO 2019 – All rights reserved

---------------------- Page: 10 ----------------------
ISO 10418:2019(E)

3.1.32
undesirable event
adverse occurrence or situation in one or more process components (3.1.21) performing a specific
process function which poses a threat to safety
EXAMPLE Overpressure, under pressure, gas blowby, liquid overflow.
3.1.33
vacuum
pressure less than atmospheric pressure
3.1.34
vent
pipe or fitting on a vessel or pipework that opens to the atmosphere
Note 1 to entry: A vent system can contain a pressure and/or vacuum relief device.
3.2 Abbreviated terms
AFP active fire protection
ESD emergency shutdown
FES fire and explosion strategy
ISA International Society of Automation
ISD inherently safer design
OEL occupational exposure limit
PFD process flow diagram
P&ID piping and instrumentation diagram
PSH pressure safety high
PSV pressure safety valve
SAC safety analysis checklist
SAT safety analysis table
SIL safety integrity level
SSC sulfide stress cracking
4 Symbols and identification for protection devices
4.1 Objectives
The purpose of graphical symbols and identification of protection devices is to
a) uniquely identify safety devices,
b) facilitate the recognition of safety devices throughout an installation and between installations, and
c) aid the systematic design and analysis process.
© ISO 2019 – All rights reserved 5

---------------------- Page: 11 ----------------------
ISO 10418:2019(E)

4.2 Functional requirements
A unique system shall be employed for identifying and symbolizing process safety devices and process
components. Individual process safety devices and process components shall be described by a unique
identifier (tag). This unique identifier shall be used during the development of design drawings, such as
PFDs and P&IDs.
5 Safety analysis concepts
5.1 Objectives
Objectives of a safety analysis are to
a) identify undesirable events that pose a safety risk, and define reliable protective measures that
will prevent such events or minimize their effects if they occur,
b) establish a firm basis for designing and documenting a process safety system, and
c) enable verification that the arrangements provided for the protection of process components
form an integrated system covering the entire platform through the application of proven analysis
technics.
5.2 General functional requirements
5.2.1 An analysis shall be carried out for each process component in order to determine the
arrangements provided to prevent, detect, mitigate or control undesirable events which can develop
within or external to a process component. The analysis shall be based on scenarios that are selected to
represent all reasonably foreseeable hazardous events.
5.2.2 The analysis procedure shall provide a structured method to develop a process safety system and
provide supporting documentation.
5.2.3 The analysis shall
a) identify those undesirable events which can compromise the integrity of the process component,
b) identify the safety measures required to prevent, detect, mitigate such events, and
c) establish a firm basis for designing and documenting the provisions of a process safety system.
5.2.4 The safety analysis, system design and protection concepts used shall be in accordance with one
of the following:
a) the approach specified in API RP 14C;
b) the approach involving the use of structured review techniques as described in 5.3;
c) a combination of both approaches.
The use of structured review techniques is likely to be of benefit for more complex, novel or higher
hazard systems. A combined approach whereby structured review techniques are used for these types
of systems, with API RP 14C being applied to simpler or lower hazards systems, is an option that can
potentially offer both effective risk reduction and resource efficiency.
5.2.5 Factors to evaluate when selecting the analyses approach, include the following:
a) severity of operating conditions, quantities of hazardous inventories, potential personnel exposure;
6 © ISO 2019 – All rights reserved

---------------------- Page: 12 ----------------------
ISO 10418:2019(E)

b) novelty and complexity of the process to be used;
c) requirements of the regulation authority having jurisdiction over the facility;
d) company requirements in excess of the applicable regulations;
e) skills, experience and competency of those undertaking the analysis;
f) in the case of analysis of a modification, the consistency with the original method of analysis.
5.2.6 If process components that are not included in API RP 14C are used, or if process components
are used in a novel way, then use of the structured techniques as described in 5.3 shall be applied or new
SAT and SAC, as described in API RP 14C, shall be developed.
5.3 Functional requirements for analysis using structured review techniques
5.3.1 A risk management process shall be applied for
a) identification of hazards,
b) assessment of the risk (this may be qualitative or quantitative), and
c) control of risks.
Use of ISD should be applied to reduce the risk, if practical.
Guidance on application of ISD is in ISO 17776:2016, Annex D.
5.3.2 Structured review techniques shall be selected based on factors including but not limited to the
particular features of the installation and its process. Guidance on the selection of tools and techniques is
in ISO 17776:2016, Annex C.
5.3.3 A strategy for managing process hazards shall be developed based on the results of the risk
management process. The following elements shall be included or referenced in the strategy:
a) application of inherently safer design philosophy;
b) process control, plant start-up and shutdown philosophy;
c) ESD philosophy including plant segregation philosophy;
d) relief and blowdown philosophy;
e) flare and vent philosophy.
5.3.4 A systematic study shall be made to determine those credible undesirable events (such as, but
not limited to, overpressure, over filling) in the process that would result in hazardous events. The study
shall cover all anticipated modes of operation and assess the adequacy of protection systems for these
undesirable events. Guidance for relief is contained in ISO 23251 or API Std. 521.
5.3.5 Process safety system shall be designed to cater for all anticipated operating modes including
start-up and shutdown.
5.3.6 The design of the process safety system shall include
a) functional requirements of the process safety system,
b) SIL of each safety instrumented system shutdown loop,
c) bypasses required by the system, and
© ISO 2019 – All rights reserved 7

---------------------- Page: 13 ----------------------
ISO 10418:2019(E)

d) reliability, availability and maintainability of the process safety system components.
NOTE Bypasses prevent an automatic action, on a temporary basis, to allow continued operation.
5.3.7 The analysis technique shall be applied to all process components, from and including topside
wellhead or boarding valve to the most downstream discharge point and including injection systems,
and shall be incorporated into the overall safety system assessment.
6 Process safety system design
6.1 Objectives
The objectives of the process safety system are to
a) protect personnel, the environment, and the facility from process hazards,
b) prevent the release of hydrocarbons or other hazardous materials, and to minimize the adverse
effects of such releases, including escalation,
c) shut in the process or affected part of the process to stop the flow of hydrocarbons or other
hazardous materials to a leak or overflow,
d) prevent ignition of released hydrocarbons or other flammable materials, and
e) shut in the process in the event of a gas release or a fire.
6.2 Functional requirements
6.2.1 The design basis for the process safety system shall include the following:
a) good engineering practice based on relevant codes, standards and industry guidance;
b) use of proven analysis techniques to determine the minimum requirement for a process component.
6.2.2 Process components on a production platform, comprising the entire process from topside
wellhead or boarding valve to the most downstream discharge point and including injection systems,
shall be incorporated into the overall safety system assessment.
6.2.3 Protection measures shall be provided to protect each process component in order to
a) prevent the uncontrolled release of hydrocarbons or other hazardous materials, and
b) minimize the consequences of an uncontrolled release.
6.2.4 Protection measures shall be provided to
a) isolate the process in order to minimize the consequences of a leak or overflow,
b) initiate shutdown or isolation of ignition sources in the event of the release of flammable vapours,
c) shut-in the process in the event of a fire, or gas accumulation, and
d) depressurize the inventory, if necessary, based on risk evaluation, by connecting process safety
systems to the system for discharging gas to the atmosphere.
6.2.5 The process safety system provided shall be independent of and in addition to the process control
devices used in normal process operation. Failure of the normal process control system shall not cause a
8 © ISO 2019 – All rights reserved

---------------------- Page: 14 ----------------------
ISO 10418:2019(E)

dangerous failure of the process safety system or impede the process safety system from responding to
an abnormal event.
6.2.6 The location of SDVs shall be determined based on the following:
a) detailed flow schematic and operating parameters;
b) process segregation/isolation philosophy which consider
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.