UNDER PRESSURE – Emergency Procedures – Loss of Control System and Loss of View

Becht > About Us > News & Blog > Reliability Improvement > UNDER PRESSURE – Emergency Procedures – Loss of Control System and Loss of View

UNDER PRESSURE – Emergency Procedures – Loss of Control System and Loss of View

By: Jeff Johns Monday, November 6, 2023
Reliability Improvement

“It can’t happen!”

“Our control systems have redundancies that won’t allow us to lose view!”

“If we lose view, we’ll just move to the field control room and run the unit.”

The comments above are what I have heard in the past when discussing emergency procedures for loss of view and loss of control on hydrocracking and hydrotreating units.  Despite these claims, I have seen a couple of incidents where the unit control system just went haywire.  I have also seen at least 7 different incidents where the control system lost view to all consoles while the unit was still operating.

Although we are fortunate that loss of control and loss of view don’t happen often, they can be classified as low-frequency, high-impact events.  Consider the risks associated with these events:

  • Loss of control means that the unit operation becomes unpredictable – valves go shut that should be open, or open when they should be shut. Sometimes emergency valves can shut without explanation.  Loss of control can happen due to failure in the control system or safety interlock systems.
    • When a unit becomes unstable, the only solution is to shutdown and place the unit in a safe condition until the control system can be fixed
    • Normal shutdown procedures may not work in this scenario because the regular equipment may or may not be available.
  • Loss of view is a much more insidious problem because the unit most likely will continue to operate without the views on the control screen. Whether or not the unit will run safely is the main question.  Consider the following risks and unknowns with loss of view:
    • There is no temperature monitoring of a reactor with exothermic reactions occurring. It’s simply not safe to run an exothermic reactor without adequate temperature indications.
    • There will be no audible or visual alarms to warn of abnormal or dangerous conditions
    • Without alarms, operators will be unaware of developing hazards or instability developing in the unit and will not be able to stop incipient instability from becoming a full emergency.
    • Some valves in the unit may have been in manual when view was lost and will not be controlling, leading to a possible unsafe condition.
    • Some valves may be fully saturated (fully opened or closed) and unable to control.
    • The status of advanced control systems which feed setpoints to the main control system are unknown – the advanced control system may be heating up or cooling down the unit without the operators knowing.
    • Operator control is considered as an independent layer of protection for some hazards. Upon loss of view, this layer of protection is obviously not available.

 

I’ll cover several additional emergency procedures in the coming months, but I thought I would start with a necessary procedure that is often overlooked in our industry.

Loss of View Incidents

Incident 1

A refinery suddenly lost all view on the control screens for the entire refinery, including view on the central control room screens and remote screens.  This highly integrated refinery was tricky to shutdown in the best circumstances and impossible to shutdown without view on the control screens.

Without a planned procedure for loss of view, the operations group had to improvise.  Operators were sent out into the units to determine whether they believed the units were running properly (in any way possible).  Operators were held over for shift change to have as many personnel as possible to help with the situation.

The refinery operations group held on for 3 hours until view was restored.  Fortunately, there were no incidents during this highly stressful event.  Plans and procedures were developed after this event to handle it appropriately in the future so that “luck” would not be the main strategy.

Incident 2

A hydrocracking unit suddenly lost view on all control screens during a day shift.  All non-operations personnel were evacuated from the unit while the operations group planned their actions.  Again, this unit had not developed procedures for loss of view.  The decision was made to shut down the unit if view was not restored within one hour and emergency procedures were developed for the shutdown process.  The plans included manual shutdown of feed pumps and the reactor charge furnace.

Fortunately, the control screen view was restored before the shutdown process was initiated.  Loss of view procedures were subsequently developed for this unit.

Incident 3

A naphtha hydrotreating unit suffered a loss of view and partial loss of control during a night shift.  Operator assessment of the unit concluded that the reactor charge furnace had dropped to minimum fires, the feed had stopped to the unit, and the recycle gas compressor was still running.  Operators believed the reactor was cooling down and the unit was in a safe position to wait until view and control could be restored.

After approximately one hour, the safety interlock system (SIS) chopped the reactor feed furnace completely.  Subsequent investigation determined that the amount of heat from the furnace was enough to heat the outlet to the high outlet temperature limit (over 1000°F), even though the furnace was in minimum fires.  Fortunately, the loss of view and partial loss of control did not affect the SIS system, which saved the unit from a furnace tube rupture in this event.

Incident 4

A diesel hydrotreater had developed emergency procedures for a loss of view event based on the experience of the other incidents above.  The emergency procedure called for the furnaces to be shut down by manually blocking the fuel gas and the feed to be pulled from the unit by manually shutting off the pumps and blocking in the pump outlet block valves.  The unit was then depressured below the allowable pressure for minimum pressurization temperature (MPT) to avoid brittle fracture risk while the unit cooled down.

The next morning, control personnel were able to re-establish view for the unit.  Operators found the unit to be in great shape based on the execution of the emergency procedure.  The unit was started up and back on-line by the end of day shift.  Operators later said this was the biggest non-event they had witnessed for an emergency because they were prepared with the right emergency procedure.  Operators had done table-top drills on the loss of view emergency procedure which gave them confidence in executing the procedure.

All these incidents were heavily discussed through the associated refineries and all hydroprocessing units developed appropriate loss of view procedures to prepare for any future events.

Lessons from Loss of View Events

  1. “If you are prepared, there is no need to fear!” Incident 4 illustrates that preparation and appropriate emergency procedures can prevent a loss of view from becoming a large incident.  In fact, the right procedure can prevent a loss of view from becoming an uncomfortable incident!
  2. “Luck is not a strategy!” Incidents 1-3 above could have easily turned into major emergencies with loss of containment, fire, and potential personnel injuries.  It is not likely that all such emergencies will have such good luck.
  3. Any assumptions about unit conditions made during a loss of view event are just guesses. Incident 3 shows that a furnace at minimum fire may not be safe when feed has been pulled out of the unit.
  4. Field readings on critical instruments are valuable. One example is that field separator level readings helped operators determine that they were not at immediate risk of vapor blow-through from the high-pressure separator to the low-pressure separator.

 

Loss of Control Incident

A VGO hydrotreater suddenly suffered a loss of control event where some of the emergency block valves closed while other valves remained open.  In this incident, there was no loss of view, but operators had to determine the status of the unit from field observations.

Operators correctly surmised that they could not predict or control the unit and executed the loss of power emergency procedure where they depressured the high-pressure loop, pulled feed, and chopped furnace fires.  The unit was fully depressured, de-inventoried, and put under nitrogen until the control system and SIS system problems could be identified and fixed.  Fortunately, there were no injuries or loss of containment from this event.  The cause of this event was a combined failure in both the control and SIS systems.

This is an event where the main resource is experienced, trained operators.  It would be difficult or impossible to create a procedure that would cover all possible scenarios.

Emergency Response Procedures

It’s not hard to develop a procedure to shutdown a hydroprocessing unit in a loss of view event.  Consider the following:

  1. Furnaces can be shutdown by closing manual block valves on the fuel system.
  2. Feed, wash water, and amine flows can be shutdown by stopping pumps and manually blocking in valves.
  3. The high-pressure portion of the unit can be depressured to flare to a safe pressure that allows the unit to cool down.
  4. If possible, it is desirable to keep the recycle compressor running to help cool the reactor. If the recycle compressor is lost, then the unit can be fully depressured and manually put under a nitrogen atmosphere.
  5. There may be other considerations such as heavy oil setting up that should be considered based on the characteristics of each unit.

 

Remember that having a procedure prevents the absolute terrible panic of not being prepared.

Application in your unit(s)

  1. Does your unit have emergency procedures for loss of view and a general emergency like loss of control?
  2. Does your unit have a procedure to safely shutdown a unit upon loss of view?
  3. Are your operators trained on the procedures to safely shut down the unit?
  4. Do your operators regularly have drills on the procedures?

 

As always, we welcome and appreciate feedback, questions, comments, and suggestions on this topic and other topics covered in our blogs.

contact becht 

|

About The Author

Jeff Johns
Contact:
Jeff Johns has over 35 years’ experience in the petroleum refining industry. He was honored as a Chevron Hydroprocessing Fellow (Chevron’s highest technical recognition) for contributions to Chevron and to the industry. Jeff has expert knowledge of hydrocracker and hydrotreater design/operation, optimization, and troubleshooting, and has substantial experience in other key refinery processes. Jeff managed hydrocracking and hydrotreating technology in Chevron’s refineries worldwide where he developed and implemented best practices and projects to improve safety, reliability, and profitability. One of his special interests as a technology mentor was developing and delivering training. For 20 years, Jeff led an ad hoc Industry Committee of hydroprocessing experts dedicated to sharing safety and reliability information among North American Refiners. He was a member of the AFPM Q&A Panel in 2004 and directed multiple technology seminars as a member of the AFPM Q&A screening committee. Jeff served on the Board of Directors for Advanced Refining Technologies (ART). Jeff holds a B.S. degree in Chemical Engineering from the University of Utah. He holds six patents in hydroprocessing technology.

Authors Recent Posts

UNDER PRESSURE – Emergency Procedures – Loss of Control System and Loss of View
11-06-2023

Related Posts

Becht News
Even Simple Mistakes Can Lead to Serious Incidents
Reliability Improvement
Becht News
What RBI Is and What It Isn’t
Reliability Improvement
Becht News
How to Get Started on a Reliability Improvement Journey
Reliability Improvement
Becht News
Optimize The Performance, Output And Reliability Of Your Steam Methane Reformer
Owner's Project Support Piping Reliability Improvement
Becht News
Why Doesn’t a Great Maintenance Process Equal Great Results? (Part 2)
Process Consulting Reliability Improvement Turnaround
Becht News
Improve Your Availability with A RAM Study
Process Consulting Reliability Improvement

Leave a Reply

Let Becht Turn Your Problem
Into Peace of Mind
Get In Touch