The Center for Chemical Process Safety (CCPS) defines process safety time as “the time period between a failure occurring in the process or its control system and the occurrence of the hazardous event.”¹  Process safety time is an often overlooked aspect in the evaluation of safety systems at operating facilities.  When designing safety systems such as a back-up generator to provide redundant power, an emergency shutdown system to isolate a process in the event of a leak or a pressure relief device to prevent overpressure in the event of a tube rupture (see our previous blog on this topic), the response time of the prevention measure must be carefully considered and compared against the process safety time for the event to occur.  If the response time exceeds the process safety time, the hazardous event may not be prevented increasing the chances for a loss of containment.

Ensuring that the response time for a safety system is shorter than the process safety time for the scenario to which it is responding is always important, but in many situations an event develops slowly with time, making this less of a practical concern.  For example, a compressor suction drum at low ambient temperatures may only receive very little condensed liquid that can accumulate in the drum over a very long period of time.  The detection of and reaction to the high liquid level may have many opportunities before a high level alarm activation, and even after the alarm activation (the initial conditions), the time before the hazardous conditions occur (namely the overfilling of the suction drum) is more than sufficient for preventative actions to occur.

Other scenarios may result in a much quicker chain of events, requiring a faster response time.  For example, many gas compressors utilize a start-up bypass line connecting the often lower rated suction side of the compressor to the discharge system.  In the event of a sudden power trip, the compressor may shutdown and high pressure gas on the discharge side of the compressor may flow in reverse (for example, through a latently stuck open single check valve), to the suction side of the compressor.  Under such a circumstance, the suction side may be quickly overpressured given a large pressure differential.

One common solution in situations where installing a sufficiently large relief device is impractical is to install a high pressure trip on the suction of the compressor that closes several isolation valves, including one on the offending bypass line, protecting the compressor from overpressure.  Typical off-the-shelf instrument air operated valves have an approximate closure rate of 1 second per
inch of nominal valve diameter, so a large 10” valve may take 10 seconds to close, while the process safety time for such an event may only be on the order of 1 second.  Identifying this discrepancy in process safety versus response times is important because it allows for the design of a better shutdown system that will meet the needs of the process.  In this case, higher performance actuators and valves may be used to isolate the process within a time that will prevent overpressure of the compressor suction system from occurring.

Calculating process safety time depends on the complexity of the process and scenario being evaluated.  In general, the following approach is taken²:

1. Identify the process variable that, when exceeded, may result in the hazardous event.  Pressure and temperature are two common variables.
2. Determine the starting condition as the maximum value of the process variable before the upset occurs.
3. Determine the rate of change of this variable during the upset.  This is often a complicated analysis that may require the use of process simulators and/or a dynamic approach to evaluate the process upset.  In the example given, this analysis requires the rate of flow into the compressor suction to be calculated based on the dynamic upstream and downstream conditions.
4. Determine the Process Safety Time as the overall change in the process variable from starting to emergency conditions, divided by the rate of change.

Note that steps 3 and 4 in the above process are dynamic in nature.  In the example given, as gas flows into the suction side of the compressor, the pressure differential will decrease, potentially resulting in a lower mass flow rate and prolonged process safety time versus using an initial steady state flow rate.

By carefully considering the impact of process safety time on the ability of a safety system to prevent a potential upset, a more robust safety system may be designed and a better understanding of the risks to the operation can be achieved.