API RP 14C pdf download

API RP 14C pdf download Analysis , Design , Installation , and Testing of Safety Systems for Offshore Production Facilities
5.3Safety System Operation
The safety system provides protection in all of the following ways:
a)automatic monitoring and automatic protective action if an abnormal condition indicating an undesirable
event can be detected by a sensor,
b)protective action manually actuated by personnel who observe or are alerted to an unsafe condition by
an alarm,
c)continuous protection by support systems that minimize the effects of escaping hydrocarbons.
The emergency shutdown (ESD) system is required for all offshore facilities. These ESD systems arerequired for those facilities that are not continuously occupied, because many accidents and failures arecaused by human error and can occur on normally unoccupied faclities during those times when personnelare aboard and conducting maintenance or other activities. Thus, personnel may be available to actuate theESD system.
A system to remotely control the facility safety system and process control system may be installed tomonitor, control, open, close,and restart specific wells, pipelines, and process components remotely. SeeAnnex C for further details on remote operations.
5.4Premises for Basic Analysis and Design
5.4.1 The analysis and design procedures for a platform safety system are based on the premisesdescribed in 5.4.2 through 5.4.10.
5.4.2The process facility shall be designed for safe operation in accordance with good engineeringpractices.
5.4.3 The safety system provides two levels of protection to prevent or minimize the effects of anequipment failure within the process. In general, the two levels should be provided by functionally differenttypes of safety devices for a wider spectrum of coverage. Two identical devices would have the samecharacteristics and might have the same inherent weaknesses.
5.4.4 The two levels of protection should be the highest order (primary) and next highest order (secondary)available.Judgment is required to determine these two highest orders for a given situation.Preference shallbe given to prevention as opposed to mitigation measures. As an example,two levels of protection from arupture due to overpressure would be provided by a PSH and a PRD. The PSH prevents the rupture byshutting in affected equipment before pressure becomes excessive,and a PRD is selected because itprevents the rupture by relieving excess volumes to a safe location. In this case the PSH would be theprimary device because it prevents the overpressure at a level below the set point of the PRD. In somecases a PRD’s fast response can prevent a rupture in situations where the PSH might not effect correctiveaction fast enough.
5.4.5 The safety devices shall be independent of and in addition to the control devices used in normalprocess operation.Process connections between control and safety devices should be independent toeliminate common cause failures. For example, the LSH and the level control device would have separateprocess connections for high level in a vessel.
5.4.6 The use of proven systems analysis techniques,such as those provided in 6.4, will determine theminimum safety requirements for a process component. If such an analysis is applied to the component asan independent unit,assuming worst-case conditions of input and output,the analysis is valid for thatcomponent in any process configuration.
5.4.7 All temporary and permanent process components,associated with a production facility, comprisethe entire process from the wellhead to the most downstream discharge point;, thus, all process equipmentand functions are incorporated into the safety system.
5.4.8 When fully protected process components are combined into a facility, no additional threats to safetyare expected. Therefore, if all process component safety devices are logically integrated into a safetysystem, the entire facility should be protected. However,it is incumbent on the user to apply appropriateadditional hazardous analysis methodologies to ensure that hazards are identified and mitigated.
5.4.9The analysis procedure should provide a standard method to develop a safety system and providesupporting documentation.
5.4.10 The safety system should be designed to limit the amount of time and frequency that safety functionsare bypassed and to automate start-up bypasses where practical to minimize human error. Bypasses shallbe classified and applied in accordance with Annex C.