The Emergency Shutdown (ESD) system is crucial for the protection of personnel, the environment, and plant from harm. It ensures that in a hazardous situation, a planned automatic shutdown and isolation of processes and utilities are carried out in a logical and safest possible sequence to minimize risk to personnel, environment, and equipment.
The ESD system should act in the following cases during operation: sudden loss of feed to the plant from the source of the product, process upsets that result in process parameters approaching critical limits, confirmed detection of fire or gas within the plant, and a serious fault in an item of equipment vital to continued safe and efficient operation of the plant.
Safe operation of the plant can be maintained with minimum possibility of emergency shutdown by attention and quick response to the comprehensive system of pre-alarms provided in the DCS. The pre-alarms give early warning of a potential process upset, equipment faults, and the detection of fire or gas, some of which could be corrected before approaching the ESD limits.
Inhibits and overrides must be active, with all inhibits removed, and the outputs armed. Failure to meet this requirement will leave the plant unprotected. Inhibits and overrides should only be installed under controlled conditions: clearing inputs to the shutdown system PLCs in preparation for start-up, when a fault is identified on a sensor, and when testing the system is being performed.
The ESD system comprises two identical PLCs, each operating a separate path, monitoring field inputs for change of state and generating automatic control outputs in accordance with the pre-programmed cause and effect logic. The outputs from the PLCs pass to output relays which operate on a voting system so that normally both inputs are required to generate a relay output (2002).
The ESD system can be initiated manually, either locally at the equipment or remotely from local control/equipment rooms. Automatic shutdown will also be initiated by operating excursions outside normal control and/or by activation of the fire and gas detection devices.
units and systems can be shut down by upset conditions within the unit or system, but they do not directly initiate general shutdowns or other units. An ESD-1 signal on will shut down all production facilities, selectively isolating platform areas. The effect of manual initiation of ESD-1 on CSP is as follows: separator inlet SDVs close, gas to GTP FCV-30/31 closes, and slop tank pump stops.
ESD-2 shutdown with automatic depressurization on USSC will shut down and isolate the platform as per ESD-1, depressurizing each isolated section to flare. The effect of an ESD-2 on the CSP and associated platforms is as follows: fuel gas to PGP - trip signal only, all NRP SDVs close, ERP SDVs close, OCCP SDVs close, CSP SDVs close, 36 inch MOL platform SDVs close, pig launch sequence stop, corrosion inhibitor pumps stop, sump pump stop, trip signals to GTP and NGTP initiated.
If necessary, a manual switch in both the LCR and CCR may be used to initiate opening of blowdown valves to depressurize the 36 inch MOL and sphere launcher. Standing Instruction No. 15/04/96 advises against re-opening an emergency shutdown valve (ESDV) against a full or significant pressure difference/drop to avoid damage and reduce its integrity in the future. Cause and Effect Charts have been produced to cover various components of the ESD system.