In the Oil and Gas industry, an Emergency Shutdown is a safety system that is designed to minimize the consequences of an emergency situation, such as a failure, to reduce the potential of flooding, escape of hazardous materials, or outbreak of fire (Figure 1.1).
An ESD system is a method to rapidly cease the operation of a process and isolate it from incoming and outgoing connections or flows to reduce the likelihood of an unwanted event from occurring, continuing, or escalating. The aim of the ESD system is to protect personnel, afford protection to the facility, and prevent the occurrence of an environmental impact from a process event.
Emergency shutdown has capability to be provided at all process facilities, be it manual, remotely operated, or automatic. Inherent safety practices rely on ESD capability as a prime facet in achieving a low-risk facility. Without adequate shutdown capabilities a facility cannot be controlled during a major incident.
An ESD system should have, as a minimum, the following design features:
- Shutdown reverts the process to a safe state;
- Prevents subsequent process operation until the cause of the shutdown has been corrected;
- Prevents unintended process startup until correction of the shutdown.
Facilities that do not have a capability to immediately provide an ESD should be considered high risks. Similarly, if the reliability of an ESD system is very poor the facility might be considered with adequate protection and be therefore judged as a high risk.
The Emergency Shutdown shall minimize the consequences of emergency situations, correlated to typically uncontrolled flooding, escape of hydrocarbons, or outbreak of fire in hydrocarbon carrying areas which may otherwise be unsafe. Conventionally risk analyses have concluded that the ESD system is in need of a high Safety Integrity Level, typically SIL 2 or 3. Basically the system consists of field-mounted sensors, valves and trip relays, system logic for processing of incoming signals, alarm and HMI units. The system is able to process input signals and activating outputs in accordance with the Cause & Effect charts defined for the installation.
In automated process control system, due to the special requirements in the design of emergency protection, the programming of cause and effect matrix (CEM) has become the standard in the programming of ESD (emergency shutdown) /PSD (process shutdown) security systems or any systems with blocking logic. In its simplest form, the Cause and Effect matrix is a matrix with named tags. The values in the matrix cells indicate that the column effect "triggers" when a specific "causes" column is activated.