Most protective systems are installed in critical applications and therefore must be highly reliable and not subject to extensive down time. This system availability depends on component selection and design and testing frequency. Protective systems may use microprocessors (e.g., programmable controllers) or be electrical, pneumatic, hydraulic or mechanical (rare). They are designed using several types of logic.
The selection of the logic type should be determined by evaluating the availability and reliability of the utilities (power, instrument air, etc.) which will actuate the protective system, and by evaluating the complexity of the system. A conceptual drawing of a simple shutdown system is shown in Figure 1300-3.
Figure 1300-4 shows the safety analysis function evaluation (SAFE) chart prepared for this system. The SAFE chart should be completed for offshore production facilities in accordance with API RP 14C.
Figures 1300-5, 1300-6, and 1300-7 indicate how logic can be performed pneumatically for this same shutdown system.
Logic systems range in size from one or two components to hundreds of logic functions and many discrete components. Generally, as complexity increases, the tendency is toward electronic, microprocessor based logic systems, e.g., programmable controllers.
False trips resulting in nuisance shutdowns can result in complete abandonment of the protective system. High false trip rates are frequently cited as the reason operators bypass or disarm protective systems. Reducing the false trip frequency to an acceptable level means careful selection of components, thorough testing, and prudent use of redundancy.
Documented periodic testing of protective systems is one means of ensuring a higher degree of availability. Because of the need to provide bypassing or deactivating features of some type while testing is in progress, all or part of the plant may not be protected by the shutdown system during the testing period.
Through the use of additional or redundant measuring devices, and, in some cases, redundant final control elements, a significant improvement in the reliability of the system may be achieved. Protective systems using multiple sensors and dependable, electronic voting logic (see Triple Circuit System, following) to initiate action are also being used. The initial cost will be greater, but a significant payback can result from reliability, reduction of nuisance trips, reduction of failures that prevent proper operation, and the elimination, reduction, or simplification of testing procedures.