Microsoft Word - 1.docx CHEMICAL ENGINEERING TRANSACTIONS VOL. 77, 2019 A publication of The Italian Association of Chemical Engineering Online at www.cetjournal.it Guest Editors: Genserik Reniers, Bruno Fabiano Copyright © 2019, AIDIC Servizi S.r.l. ISBN 978-88-95608-74-7; ISSN 2283-9216 Use of LOPA and HAZOP Concepts for Complex Automated Hazard Identification Matej Danko, Ján Janošovský, Juraj Labovský, Zuzana Labovská, Ľudovít Jelemenský* Institute of chemical and environmental engineering, Faculty of chemical and food technology, Slovak university of technology, Radlinského 9, 81237, Bratislava, Slovakia ludovit.jelemensky@stuba.sk In this contribution, integration of bifurcation and steady state analysis into simulation-based hazard and operability study – HAZOP is presented. In this study, advanced mathematical modeling techniques provide valuable support to testing of processes design and process control on different HAZOP deviations. Raw process design together with basic process control is presented as the first layer of protection within general Layer of protection analysis (LOPA). Protection layers are tested by a set of dynamic simulations on different failures. The concept is able to identify hazardous regimes caused by parameter disturbances themselves and also those when inappropriate control loop actions act synergic with already present disturbances. Thus, validation of the applied process control is provided. In this work, CSTR propylene glycol production under Proportional-Integral-Derivative (PID) actions was chosen to identify potential hazard and operability problems of a real chemical process. 1. Introduction Hazard and operability (HAZOP) study is a team-based brainstorming activity that systematically reviews all equipment as well as deviations from their normal operating conditions in order to identify potential safety related hazard in chemical plant. The latest overview of recent developments including support by CAPE (computer aided process engineering) methods and combination of HAZOP with other PHA has been provided by Pasman and Rogers, (2016). The prime drawback of a HAZOP study is related to the possibility that hazards and operability problems may be overlooked as they did not occur in the past. Application of the HAZOP technique to a detailed chemical plant design is a complex and time consuming task. Both of these drawbacks can be reduced by integration of a simulation-based approach, mathematical modeling and other risk assessment techniques into HAZOP (Antonello, et al., 2016). Several simulation tools such as Aspen Plus, Aspen Hysys, Unisim Design are available offering basic environment for the simulation of a number of deviations from design intent. However, different attempts to combine commercial process simulation features with standard hazard identification techniques often show strong limitations of the simulation of processes operated near or within nonlinear regimes, especially in the absence of numerical solution convergence (Li and Huang, 2011 and Janošovský, et al., 2016). To be rigorous, control and regulation systems have to be also integrated into the simulation environment. Basic process control is the first of various protection layers used to lower the frequency of undesired consequences (AICHE, 2001). LOPA provides a consistent basis for judging whether there are sufficient IPLs (Independent Protection Layers) to control the risk of an accident for a given scenario. However, control system mechanisms as well as other present safeguards unpredictably affect the propagation of disturbances mainly within the nonlinear behavior regimes of the process. Simulating only the process design in steady state together with the implemented process control layer on generated HAZOP deviations can result in situations when it is impossible to distinguish consequences caused by the parameter disturbance itself from those caused by inappropriate process control action. Also, traditional HAZOP studies often focus only on the size of the generated deviation and they do not consider duration of the deviation and the failure dynamic behavior, as it is not the purpose of steady state process design DOI: 10.3303/CET1977135 Paper Received: 3 December 2018; Revised: 11 April 2019; Accepted: 4 July 2019 Please cite this article as: Danko M., Janosovsky J., Labovsky J., Labovska Z., Jelemensky L., 2019, Use of LOPA and HAZOP Concepts for Complex Automated Hazard Identification, Chemical Engineering Transactions, 77, 805-810 DOI:10.3303/CET1977135 805 simulators. Relation between steady state and dynamic simulations and their role in complex mathematical modeling-based hazard identification is illustrated in Figure 1. Based on the mentioned findings, a new approach to independent protection layers of LOPA testing layer by layer using both steady state and dynamic simulations of the investigated failures was presented (Danko, et al., 2018). Subsequent classification of root causes revealed parameter disturbances for which the investigated protection layer failed. In this work, contribution of the combination of advanced steady state (bifurcation) and dynamic analyses to automated hazard identification in plants with protection layers of typical LOPA concept is presented. Beneficial outputs from bifurcation and steady state analyses including prediction and tracking of process failures and control system interventions will be demonstrated on the chosen case study - propylene glycol production. Figure 1. Relation between steady state and dynamic simulations in simulation-based hazard identification. 2. Theoretical 2.1 Case study The presented risk assessment concept is demonstrated on a case study of propylene oxide (PO) hydrolysis to mono-propylene glycol (PG). The reaction is carried out in a continuous stirred tank reactor (CSTR), where PO reacts with water to form PG in one exothermic reaction (Figure 2). Kinetic parameters of the reaction were taken from Fogler, (1999). The reactions are considered to be of the first order with respect to propylene oxide and water. Complete reaction data are listed in Table 1. Figure 2. Reaction scheme of the mono-propylene glycol production process. Table 1: Kinetic parameters for the Arrhenius equation Variable Units Value Pre-exponential factor m3 mol-1 s-1 96,000 Activation energy J mol-1 75,362 Heat of reaction J mol-1 -91,360 The reaction was carried out in a reactor with the volume of 2 m3 and at the pressure of 2 MPa. According to Figure 2, PO and water were fed into the reactor as two separate streams. Inflow temperature of both feed streams was 26°C. At standard operating conditions, the molar flow rate of PO was 10 mol/s and that of water was 6 mol/s. The reactor was cooled through a jacket cooling system configuration; the cooling medium, water, was fed into the jacket at the temperature of 15°C with the flow rate of 150 mol/s. Due to the high quantity of heat evolved by the reaction, the heat transfer capacity of the cooling system of 7 kW/K was considered. Under these conditions, the reactor was operated at stable steady state at the temperature of 86°C and a 92 % water conversion. HAZOP deviations Deviations of failure size Steady state simulations NAEs system Mathematical model of process Deviations of failure duration Dynamic simulations ODEs system Number of steady states Stability of steady states Runaway conditions Steady state multiplicity Shutdown procedure Unexpected devices failure Process parameters fluctuations Start up of the reactor Hazard identification techniques Evaluation of simulations Parametric sensitivity analysis Bifurcation analysis Process description incl. design parameters Problem formulation and scope of HAZOP definition 806 Figure 3. Simple schematic flow diagram of the investigated process. The aim of the investigated process is to produce PG with water conversion of above 90%. As the conditions in the feed can vary due to different actual production requirements and unexpected failures, the output parameters, mainly temperature, can fluctuate and result in hazardous consequences even if the system steady state multiplicity is possible. Considering safe operation, temperature in the reactor should not exceed 97 °C, the point of safety temperature level. At this temperature, evaporation of a large amount of the reaction mixture occurs. Crossing this level is unacceptable. To prevent such situations, the basic control loop mechanism is introduced into the process. If the error signal is not equal to zero, a controller makes appropriate changes in one of the system manipulated inputs, MI (e.g., cooling medium flow rate, mc) to force the output variable, T, to return to its set point, Tsp set to 86°C. 2.2 Model equations Mathematical model of the process investigated in this work consists of standard material balances of compounds, and the enthalpy balances of the reactor and the cooling medium for CSTR: = − + = f fiR i i R i Nox dc V V c V c V r i components dt ν (1) ( ) . 1 1 - (- ) = = = + + Δ   S S f f f R i Pi i i i R r hyd i i dT V c c V c h h Q V H r dt (2) ( )-= −  fcc Pc c c cdTN c n h h Qdt (3) ( ) ln(( ) / ( )) − = − −  in out c c in out c c UA T T Q T T T T (4) Mathematical model of steady-state simulation is represented by a standard system of nonlinear algebraic equations (Eq. 5 also depicted in Figure 1): ( , , ) 0α =fF X X (5) where Xf represents the vector of inlet conditions as components’ concentrations and inlet temperatures of the reactor and cooling medium, X represents the vector of reactor outlet conditions in the same manner and α the vector of investigated operating parameters. f i 1 i 1 f f i S i S f in out c c c c X Xc c T T T T = = = =                = =                   (6) Dynamic simulation of the effect of process parameter fluctuations on the reactor behavior can be modeled using a system of ordinary differential equations (Eq. 7 also depicted in Figure 1): CSTR Cooling medium IN Propylene oxide Water T Propylene glycol Cooling medium OUT ! ! 807 ( , , )α= f dX G X X dt (7) with the initial conditions in Eq.8, where t is the time and X0 the vector of initial conditions. 00 := =t X X (8) To model actions of the control system layer, the controller’s functional and mathematical background is reported. Controller functions minimizing any unexpected disturbances by introducing appropriate changes into the system manipulated inputs, MI, from their default values, MI0, measuring output variable that has to be controlled, and comparing it to the desired value, TSP (set point). The difference between measured output and TSP is the error signal (Eq. 10). In this case study, classic interpretation proportional-integral (PI) actions with controller gain, kc, and integral time constant, τI, according to Eq.9 with support of the PID parameters designing tool introduced by Bakošová, et al., (2011) was used. 0 0 ( ) ( ) ( ) t c c I k MI t MI k e t e t dt τ = + +  (9) = − SPe( t ) T ( t ) T (10) 3. Results and discussion 3.1 Steady states analysis In this study, deviations of all relevant parameters in both feed streams and in one inlet cooling medium streams were simulated and analyzed. In this contribution, only the most affecting cases, showing control system weakness are provided. For reactor safety and control system stability, most influential are changes in the PO feed flow rate. To identify possible multiplicity of steady states of reactor operation and their stability, steady states solution diagrams of reactor temperature as a function of the PO feed flow are depicted in Figure 4. First diagram (a) is important for the prediction of parameter influence where the system is under no control loop actions as the cooling medium flow rate is constant and so just one input parameter – PO feed flow rate is deviating. Second diagram (b) provides the whole picture of the influence of cooling medium flow rate dynamic changes as the manipulated variable input in the controller regulating actions. Figure 4 indicates that, for the designed operating feed flow rate of 10 mol/s, only one steady state is possible; however, with uncontrolled fluctuation, other multiple steady states including unstable (bounded by limit points) and oscillating ones (bounded by Hopf bifurcation points) can be achieved. Figure 4. Steady state solutions diagrams: a) at constant value of the cooling medium flow rate of 150 mol/s, solid circle – limit point, empty circle – Hopf bifurcation point, empty square – normal operating point b) at different cooling medium flow rates representing controller manipulated input variable. 3.2 Bifurcation and dynamic analysis From the HAZOP study and the numerical analysis point of view, from the moment of controller addition to the investigated system, responses of the system to the deviations are dependent not only on the size and duration of the deviation in the propylene oxide flow rate but also on the size and rate of the change in the cooling medium flow rate as a controller manipulated variable. Thus, two input variables affect the reactor 0 5 10 15 20 25 30 20 30 40 50 60 70 80 90 100 Stable st. states Unstabe st. states Oscilating st. states R e a c to r t e m p e r a tu r e , °C Propylene oxide feed flow rate, mol/s a 0 5 10 15 20 25 30 35 40 45 0 20 40 60 80 100 120 140 160 180 Safety temp. level mc = 25 mol/s mc = 100 mol/s mc = 150 mol/s mc = 400 mol/s R e a c to r t e m p e r a tu r e , °C Propylene oxide feed flow rate, mol/s b 808 temperature behavior during the simulation. As the cooling medium flow rate is changed constantly in time by the controller action during the deviation occurrence, steady state solution diagrams in Figure 4 and basic steady state analysis as presented previously cannot be used as a valid support to predict this kind of response. Therefore, steady state analysis has to be enhanced by the bifurcation diagram, as construction its is illustrated in Figure 5 (a). Bifurcation diagram (Figure 5 (b)) shows the dependence of the Hopf bifurcation points and limit points locations in the parametric plane of two input variables, e.g. propylene oxide feed flow rate and cooling medium flow rate changes. Figure 5. Bifurcation analysis a) pair of limit points forming parametric plane of the bifurcation diagram b) final bifurcation diagram with recorded process parameter deviations and control system interventions. In Figure 5, the resulting black curves of points location sectionalize the phase plane into regions in which the number of steady states (all kinds – first digit in the bracket, stable ones – second digit in the bracket) is the same. Solid curves separates it into stable regions (S), regions with oscillating states (O) and regions considered as strictly unstable (U). Hence, the bifurcation diagram contains two unstable, two oscillation and two stable steady state regions. From the safe operating point of view, these two stable steady state regions are safe and actions made within them cannot cause serious incidents. However, only the one located down in the left part of the diagram provides high economic conversion while the other one is uneconomic for the production process. In the bifurcation diagram, four different simulated deviations are depicted. Simulated process parameter deviations under no control are indicated by triangles, while control system actions to correct these deviations are indicated by circles. As it is shown, except for HAZOP deviation A, all investigated deviations can result in dangerous situations as the controller action is able to run these process deviations (from triangles) to hazardous oscillation and unstable regimes (to circles). Some of these process deviations are already hazardous or at the edge of stability, but in case of HAZOP deviation B, the controller was able to get the system out of the oscillation region. Situation when the controller acted synergically with the simulated parameter disturbance and worsened the situation by inappropriate action is documented by dynamic simulation in Figure 6. In this case, the effect of oscillations initiation by the controller action was proven. Process design layer Process “covered’’ by control system layer Figure 6. Example of simulated deviation – HAZOP deviation D and different responses of tested protection layers to parameter disturbance in the process. Blue line – reactor temperature, gray line – PO feed flow rate (step change), dashed red line – safety temperature level. a 50 100 150 200 250 300 350 400 0 5 10 15 20 25 30 35 O D B B C D A 1/0 Direction of failure action C Hopf bifurcation points curves Limit points curves P r o p y le n e o x id e f e e d f lo w r a te , m o l/ s Cooling medium flow rate, mol/s A Direction of controller action S O /U 1/1 1/1 U 2 /0 S 1/0 O b 0 2 4 6 8 10 20 30 40 50 60 70 80 90 100 110 120 HAZOP DEVIATION: ‘‘Less flow - 17%”D P r o p y le n e o x id e f e e d f lo w r a te , m o l/ s R e a c to r t e m p e r a tu r e , °C Time, h 0 10 20 30 40 50 0 2 4 6 8 10 12 14 16 18 20 20 30 40 50 60 70 80 90 100 110 120 P r o p y le n e o x id e f e e d f lo w r a te , m o l/ s R e a c to r t e m p e r a tu r e , °C Time, h HAZOP DEVIATION: ‘‘Less flow - 17%”D 0 10 20 30 40 50 809 4. HAZOP report and conclusions A new approach to automated hazard identification in plants with independent protection layers by a combination of steady state, bifurcation and dynamic analyses has been presented. The developed methodology allows the user to effectively perform screening of a large number of steady states and dynamic deviations and their impact on process and control system and so support and improve the traditional HAZOP study. In Table 2, standard HAZOP report on achieved results obtained by the proposed concept is presented. Table 2: HAZOP report for the investigated process deviations Deviation Causes Consequences IMP* L* RAM Safeguards Recommendations +30% (A) ‣P-oxide feed valve failure ‣Pressure control system failure ‣No serious consequence 1 M 3 ‣Cooling system control loop ‣Signalization of safety temperature level reach in the reactor ‣No recommendations +66% (B) ‣Reaching reactor safety temp. level 1 M 3 ‣Consider testing of reactor safety temp. alarms and safety relief valves +120% (C) ‣Short-term oscillations 3 L 6 ‣Add signalization of low cooling medium flow rate limit -17% (D) ‣Pump failure ‣Irreversible oscillations ‣Overpressure 4 H 24 ‣Reconsider cooling system configuration ‣Implement advanced control strategy In Table 2, IMP relates to an impact-ranked from 1 (nominal loss under 10k USD) to 5 (loss over 10M USD), Likelihood – L (Low: 10-4 <= F <= 5.10-2), H (High: 2.5.10-1 <= F <1), RAM – Risk assessment matrix. As it was shown by bifurcation analysis supported by dynamic simulations, most hazardous are consequences for deviations C and D as process control initiate hazardous event in form of reactor temperature oscillation and so safety temperature level can be reached. The presented hazard identification concept verifying also process control is able to provide a complementary and valuable input for higher protection layers in LOPA – real-time plant operator’s decision making process. Acknowledgements This work was supported by the Slovak Scientific Agency [Grant No. VEGA 1/0659/18], the Slovak Research and Development Agency [Grant No. APPV-14-0317], STU Grant scheme for Support of Young Researchers and the project Science and Technology Park STU “ITMS26240220084“ co-financed from the European Regional Development Fund. References AICHE, 2001, Layer of Protection Analysis - Simplified process risk assessment, American Institute of Chemical Engineers, 3 Park Avenue NewYork, NewYork10016-5991, USA, 292 Antonello F., Dedominicis D., Ivaldi A., Fiocca G., Tomiato L., 2016, Reliability analysis and risk analysis: Integration between Hazop, FMEDA and Fault tree analysis for SIL assessment Chemical engineering transactions, 48, 1-6 Bakošová M., Meszaros A., Klemeš J. J., Oravec J., 2011, Comparison of robust and optimal approach to stabilization of CSTRs, Chemical Engineering Transactions, 25, 99-104 Danko M., Janošovský J., Labovský J., Labovská Z., Jelemenský Ľ., 2018, Use of LOPA concept to support automated simulation-based HAZOP study, Chemical Engineering Transactions, 67, Fogler H. S., 1999, Elements of chemical reaction engineering, Prentice-Hall, Inc., London, UK, Prentice-Hall, Inc., London, UK, 957 Janošovský J., Labovský J., Jelemenský L., 2016, Automated Model-based HAZOP study in process hazard analysis, Chemical Engineering Transactions, 48, 505-510 Li S., Huang D., 2011, Simulation and Analysis on Multiple Steady States of an Industrial Acetic Acid Dehydration System, Chinese Journal of Chemical Engineering, 19, 983-989 Pasman J. H., Rogers J. W., 2016, How Can We Improve HAZOP, Our Old Work Horse, and Do More with Its Results? An Overview of Recent Developments Chemical Engineering Transactions, 48, 829-834 810