Construction of Boysun GPP

Safeguarding and ESD philosophy

SAFEGUARDING AND ESD PHILOSOPHY

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1

A1 08.02.2022 Approved for Construction Yunusov I. Leniuk T. Asaftey L.

R3 20.12.2021 Issued for Review Yunusov I. Leniuk T. Asaftey L.
R2 28.10.2021 Issued for Review Yunusov I. Leniuk T. Asaftey L.
R1 18.06.2021 Issued for Review Tsapaev V. Yunusov I. Asaftey L.

REV. Date Revision Purpose Originated Checked Approved

1 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

REVISION
LOG Date Audit objective Originated Checked Approved
Revision
R1 18.06.2021 Issued for Review Tsapaev V. Yunusov I. Asaftey L.
R2 28.10.2021 Issued for Review Yunusov I. Leniuk T. Asaftey L.
R3 20.12.2021 Issued for Review Yunusov I. Leniuk T. Asaftey L.
Approved for
A1 08.02.2022 Yunusov I. Leniuk T. Asaftey L.
Construction

2 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

Table of Contents
1.0 INTRODUCTION ............................................................................................................................................................................ 4
1.1 SCOPE ......................................................................................................................................................................................... 4
1.2 PURPOSE ..................................................................................................................................................................................... 4
1.3 APPLICABLE REGULATION AND STANDARDS.................................................................................................................................... 4
1.4 PROCESS AND UTILITY SYSTEMS ................................................................................................................................................... 5
1.5 DEFINITION AND ABBREVIATIONS .................................................................................................................................................... 6

2.0 PURPOSE OF SAFEGUARDING .................................................................................................................................................. 7

2.1 OVERPRESSURE PROTECTION ....................................................................................................................................................... 8
2.2 UNDERPRESSURE PROTECTION ..................................................................................................................................................... 8
2.3 SAFE SHUTDOWN ......................................................................................................................................................................... 9
3.0 SHUTDOWN HIERARCHY .......................................................................................................................................................... 10
3.1 SHUTDOWN HIERARCHY FOR PRODUCTION WELLS ....................................................................................................................... 10
3.2 SHUTDOWN HIERARCHY FOR GPP FACILITY ................................................................................................................................. 10
4.0 PROCESS SAFEGUARDING PHILOSOPHY.............................................................................................................................. 13
4.1 CLUSTER PADS........................................................................................................................................................................... 13
4.2 GATHERING HEADERS ................................................................................................................................................................. 13
4.3 SEPARATORS & VESSELS ............................................................................................................................................................ 13
4.4 COLUMNS ................................................................................................................................................................................... 13
4.5 ROTATING EQUIPMENT ................................................................................................................................................................ 14
4.6 AIR COOLED HEAT EXCHANGERS ................................................................................................................................................ 15
4.7 HEAT EXCHANGERS .................................................................................................................................................................... 15
4.8 FLARE ........................................................................................................................................................................................ 15
4.9 TANKS........................................................................................................................................................................................ 15
4.10 APPLICATION OF VALVES IN SAFEGUARDING SYSTEMS .................................................................................................................. 16
4.11 IMPLEMENTATION OF SHUTDOWN SYSTEMS .................................................................................................................................. 16
4.12 EQUIPMENT PACKAGES ............................................................................................................................................................... 16
5.0 ARCHITECTURE OF THE ESD SYSTEM ................................................................................................................................... 17
6.0 ATTACHMENTS........................................................................................................................................................................... 18
6.1 ESD HIERARCHY AT CLUSTER PADS ............................................................................................................................................. 18
6.2 ESD HIERARCHY AT GPP (ESD-1, ESD-1A/B, ESD-2, ESD-3) ................................................................................................... 19

3 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

1.0 INTRODUCTION
1.1 Scope

This document covers the description of Process Safeguarding Philosophy for the “Construction of Boysun Gas
Processing Plant (hereafter named GPP)” which is located at Surkhandarya region of Republic of Uzbekistan. It
describes different shutdown levels and respective causes, effects and actions required.
In the event of a conflict between this philosophy and any of the Licensor’s criteria/specification, the Licensor’s
specification/criteria will prevail.

1.2 Purpose

The purpose of this document is to:

 Explain the requirement of overall emergency shutdown.
 Explain the various levels of shutdown and their associated causes and effects.
 Explain and clarify actions required for respective shutdown levels.
Process Safeguarding Philosophy for upstream (wells, clusters, gas gathering system) provided in the document
BGPP-UZLE-B-100-000-0-PR-PHI-00003.

1.3 Applicable Regulation and Standards

International Standards
 API RP 520 Sizing, selection, and installation of pressure-relieving devices in refineries – Part I: Sizing
and selection
 ISO 23251 Petroleum and natural gas industries—Pressure-relieving and depressuring systems
 API RP 521 Pressure-relieving and Depressuring Systems
 API Std 2000 Venting Atmospheric and Low-Pressure Storage Tanks
 IEC 61508: “Functional safety of electrical/electronic/programmable electronic safety related systems”
 IEC 61511: “Functional safety, Instrumental systems safety for production processes”
Local Codes
 ХК 13-43-09 : “General explosion safety rules for fire and explosion dangerous, chemical, and
petrochemical and oil and gas processing operations.”
Reference Project Documents

4 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

 Process flow diagrams BGPP-UZLE-D-200-XXX-0-PR-PFD-NNNNN (XXX means process unit’s

number, NNNNN means sheet’s No.)
 Utility flow diagrams BGPP-UZLE-D-200-XXX-0-PR-UFD-NNNNN (XXX means utility unit’s number,
NNNNN means sheet’s No.)
 Process control and safeguarding diagram BGPP-UZLE-D-200-XXX-0-PR-PSD-NNNNN (XXX
means process/utility unit’s number, NNNNN means sheet’s No.)
 Cause Effect Matrix BGPP-UZLE-D-200-XXX-0-PR-CAE-NNNNN (XXX means process/utility unit’s
number, NNNNN means sheet’s No.)
 Emergency Isolation and Depressurization Philosophy BGPP-UZLE-D-200-000-0-PR-PHI-00001
 Safeguarding and ESD philosophy. Jurassic gas gathering system BGPP-UZLE-B-100-000-0-PR-
PHI-00003
 Overpressure Protection Philosophy BGPP-UZLE-D-200-000-0-PR-PHI-00003
 Fire and Gas Detection Philosophy BGPP-UZLE-D-200-000-0-HS-PHI-00003
 Technical Specification for Emergency Shutdown System (ESD) BGPP-UZLE-D-200-000-0-IN-
SPE-00008
 PLC Programmable logic controller BGPP-UZLE-D-200-000-0-IN-SPE-00009
 Instrumentation on Package Unit BGPP-UZLE-D-200-000-0-IN-SPE-00018
 Overall Control Scheme BGPP-UZLE-D-200-000-0-PR-BLD-00003

1.4 Process and Utility Systems

Construction of GPP Complex project consists of following process and utility systems. Depending on the
shutdown levels, individual equipment within systems or system (unit)-wise shutdown or plant shutdown will be
executed.
Table 1.1: Process Units
Unit No. Unit Description
210 Inlet manifold system
211 Slug Catcher System
212 Inlet separation system
213 SULFINOL-M Gas Sweetening System
214 SULFINOL-X Gas Sweetening System
215 Sulphur Recovery System and Tail Gas System
216 Dehydration system
217 Sulphur granulation and solidification system
218 Chemical oxidation unit
219 Formation Water Treatment System

5 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

MEA Regeneration System, Unit 231 (Out of the scope of

231
work under the contract UZLE-EE-BGPZ-2020-21)

Table 1.2: Utility Units

Unit No. Unit Description
241 Steam and BFW generation and distribution system
242 Steam Condensate System (Collection and Treatment)
243 Heating system and hot water supply system
251 Service and Instrument Air System
253 Nitrogen System
261 Raw water pretreatment and distribution system
263 Fire water system
264 Circulation (Cooling) water system
265 Potable water system
266 Demineralized Water System
280 Fuel gas system
290 Flare System
291 Sweet Flare
292 Acid flare system
460 Waste Treatment System
470 Chemicals and Catalyst Storage System
710 Normal Power supply system
715 Essential (Emergency) Power Supply System

1.5 Definition and abbreviations

This section describes the definition of the abbreviation concerned with this document as following aspects.

ALARP As Low As Reasonably Practicable

BDV: Blowdown Valve

DCS: Distributed Control System

ESD: Emergency Shutdown

6 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

GPP: Gas Processing Plant

HMI: Human Machine Interface

IPF: Instrumented Protective Function

KOD: Knock Out Drum

MOS: Maintenance Override Switches

OOS: Operational Override Switches

PA/GA: Public Address and General Alarm

PCS: Process Control System

SCOT: Shell Clause Off Gas Treatment

SDV: Shutdown Valve

SIL: Safety Integrity Level

SIS: Safety Instrumented System

UPS: Uninterruptible Power Supply

2.0 PURPOSE OF SAFEGUARDING

The main objectives of the shutdown system (Safeguarding system) are:

 To protect the personnel

 To avoid or minimize the pollution to environment
 To protect the assets
 To avoid or minimize the production losses

Safeguards are systems or elements that serve as different levels of protection against uncontrolled loss of
containment. The process safeguarding system is required to reduce the risks of malfunction of plant
equipment, in terms of hazards to personnel, environment and economic loss, to a level that is As Low As
Reasonably Practicable (ALARP).

The principle of a two-tier process safeguarding system will be adopted. A multilevel system of safeguarding is
proposed to fulfil above objectives. Penultimate (Primary) safeguarding shall be provided through Instrumented
shutdown system, while ultimate (Secondary) safeguarding shall be through mechanical protection devices
such as relief valves. Where required, a fully rated system shall be considered to minimize additional

7 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

safeguards. In addition, the process and ESD shutdown local push buttons will be strategically located around
the GPP facility. Provision will be made for remote process and emergency shutdowns from the control room.

The ESD system, Fire and Gas system shall be segregated from the process control and monitoring system
(DCS), but shall interface to provide shut-down and safety status information to the Operator.

Automatic emergency depressurizing considered only for “blowdown zone” where confirmed fire and flammable
gas / toxic gas have been detected. Sectionalizing valves will be provided between all blowdown zones. Blow
down of other zone could be initiated by operator in a manual mode.
Time delay between zone depressurizing to be considered to ensure that the instantaneous capacity of the flare
system will not be exceeded. Sectionalizing allows equipment and piping in and around the location of a detected
fire to be blown down first. The flare systems do not have sufficient capacity to blow down all blowdown zones at
once.

The shutdown system will be built hierarchically i.e. a higher level shutdown includes the actions of the lower
levels. This structure improves understanding of the system and simplifies programming.

2.1 Overpressure Protection

The process safeguarding system must ensure that suitable protection is provided against the maximum
pressure and other operating parameters that can be generated by the worst credible scenario. There are
essentially three safeguard options to protect against overpressure:
1. Fully pressure rated equipment
2. Pressure Relieving Devices
3. Instrumented Protective Function

For more detail refer to Overpressure Protection Philosophy (BGPP-UZLE-D-200-000-0-PR-PHI-00003).

2.2 Underpressure Protection

It is recognized that certain process can develop sub atmospheric pressure conditions generated by the worst
credible scenario. The process safeguarding system must ensure suitable protection against minimum pressure
or vacuum conditions. The ultimate safeguard for underpressure can be:
1. Design for vacuum
2. Provision of Vacuum Relief valves
3. Instrumented Protective Function

8 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

2.3 Safe Shutdown

In case of any malfunction of the plant equipment or its associated control instrumentation which results into a
hazard for personnel or the environment, or potentially leading to consequences of economic loss (e.g. damage
of main equipment or severe production loss), the safeguarding system will bring the facility to a safe condition
automatically. As a representive safeguarding, ESD system shall prevent excursions of the process outside the
equipment design envelope and reduce the fire and explosion escalation risks.

The ESD should be initiated by:

 Confirmed detection of fire (at least 2 fire detectors are required to confirm a fire)
 Confirmed Hydrocarbon gas (based on Lower Flammability Limit) / Toxic gas (based on H2S) – at
least 2 fire detectors are required to confirm the gas leakage
 Instrument air failure
 Emergency condition of processes detected by ESD instruments
 Electrical supply failure
 Liquid High-High Level in Flare KO drum/s
 Sales Gas Pipeline Shutdown
 Manual Action ESD push button (Remote / Local)

All emergency conditions leading to emergency shutdown are specified in unit Cause & Effect diagrams. Refer
to the specific section of operating and supervisory guidelines for the more common, emergencies and normal
BGPP shutdown in relevant unit Cause & Effect diagrams.

In case of shutdown, the ESD system should automatically carry out the following actions according to the
circumstances:

 To isolate the process system units so as to limit the hazardous inventory leakage to atmosphere.
 To isolate the process equipment so that the depressurization can be carried out if necessary.
 To automatically carry out the depressurization, if required.
 To isolate the flow from one process unit to another in case of deviation of process conditions.
 Shutdown of the wells, if required.
 Shutdown of sales gas pipeline, if required.

Emergency Shutdown System (ESD) is designed to prevention of accidents, protection of equipment by turn the
process into a safe state to prevent the escalation of abnormal conditions into a major hazardous event.

Consequence of any shutdown on the sales gas pipeline will initiate ESD-1 of GPP. Consequence of GPP ESD-
1 will initiate sales gas pipeline shutdown.

9 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

3.0 SHUTDOWN HIERARCHY

3.1 Shutdown Hierarchy for Production Wells

Refer to the document BGPP-UZLE-B-100-000-0-PR-PHI-00003 regarding shutdown hierarchy for production

wells and cluster pads.

3.2 Shutdown Hierarchy for GPP Facility

The shutdown hierarchy below pertains to the GPP facility. In most of the shutdown level specified below the
non-hydrocarbon utilities such as steam, steam condensate recovery, air system, cooling water, nitrogen etc.
continue to run unless otherwise specified.
Emergency utilities like firefighting system, emergency power system, electrical heat tracing system etc. will
remain available during any level of the shutdown may be for entire duration or until the operator intervention.
Additionally, all facilities required for the safety shutdown process shall continue to function or until the operator
intervention. As a minimum, these shall include those items listed below:
- UPS power supply for ESD, FGS, PA/GA;
- Instrument air;
- Emergency lighting;
- HVAC of building with permanent stay of personnel;
- Flare operational requirements (e.g. purging gas supply or pilot fuel supply);
- Firefighting system;
- Emergency power system;
- Heat Tracing System (where applicable).
The following level of shutdown are proposed for GPP facility
I. Level 0 – ESD-0 Process units shutdown with zonal blowdown
II. Level 1 – ESD-1 Process units shutdown without blowdown
Sublevel ESD-1 A/B: Single Train Shutdown (Include Train Level Shutdown (Causes will be discussed
later) without blowdown. GPP having two trains hence sublevel safeguarding logic is created as ESD-1A
for Train-1 and ESD-1B for Train-2.
ESD-1A and ESD-1B leave the SCOT unit operating to maintain supply of semi-lean Sulfinol-M to the
Units-213 (1 and 2 trains) which hasn’t been shutdown. The solvent can continue to pass trough the
SCOT Absorber in the absence of gas during a SCOT trip scenario.
III. Level 2 – ESD-2 Individual unit shutdown without blowdown
IV. Level 3 – ESD-3 Individual equipment shutdown without blowdown
ESD Sketch for GPP is indicated in the section 6.2, 6.3.

10 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

Table 3.2 : Shutdown Hierarchy for GPP

Level Designation Caused by Results in

Confirmed fire or flammable/ ESD-1 of the GPP facility if fire or

toxic gas detection flammable/ toxic gas detection confirmed
ESD-0 manual push button within:
 Process unit 210, 211, 212, 219,
215 SCOT (to be confirmed by
Licensor) area.
 Fuel gas system, Unit 280, Flare
KOD area, Unit 290.
ESD-1 of cluster pads (if GPP ESD-1 (both
trains) initiated).
ESD-2 Unit 217 if fire or flammable/ toxic
gas detection confirmed within sulfur
storage area.
0 ESD-0
Switch off the zonal power source
depending on F/G detection (zonal)
Initiate local blowdown that will be limited to
respective fire circle as per the blowdown
sequencing logic corresponding to the area
in which F&G detection activated (Refer
Note 1)
No automatic blowdown of gathering system
headers shall be considered.
Non-hydrocarbon utilities like steam,
instrument air, cooling water, nitrogen (if
available) etc. keep running unless fire/
flammable gas detected in the particular
area.
Instrument Air Failure ESD-1 of cluster pads
ESD-2

High High Level in Sweet Non-hydrocarbon utilities like steam,

1 ESD-1 Flare KOD/Acid Gas Flare instrument air, cooling water, nitrogen etc
KOD keep running unless power supply from the
connected substation is tripped

Failure to detect flame after Purge gas supply is maintained.

the flare system restart

11 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

Level Designation Caused by Results in

Global power supply failure

(Note 4)

ESD-1 with manual push

button

ESD-1 of the facility Shutdown of the units by automatic closing

ESD-2 manual push button of of inlet and outlet valves
the respective units ESD-3 of the respective equipment
Unit remains pressurised with gas
2 ESD-2 ESD-1 of the cluster pads in case of U210
shutdown
Non-hydrocarbon utilities like steam,
instrument air, cooling water, nitrogen etc
keep running
Purge gas supply is maintained

Trip function in case process Local action e.g. trips a pump, Isolation of
variables exceed pre-set equipment
3 ESD-3
values without requiring unit/
train shutdown

NOTES
1. Automatic emergency depressurizing considered only for zone where confirmed fire and flammable
gas / toxic gas have been detected. Blow down of other zone (both trains and utilities) could be
initiated by operator in a manual mode. Blowdown management trip logic shall be specified in ESD-0
Cause and Effect matrix with pointing delay (if required).
Time delay between zone depressurizing to be considered to ensure that the instantaneous capacity
of the flare system will not be exceeded.
2. High Pressure PCV to flare to have “fail closed” design to ensure flare capacity is not exceeded in
the event of low instrument air pressure.
3. ESD logic can be reset from Foreman workstation after return all cases to normal condition and
activation "ESD reset" key on ESD console in control room. ESD shutdown/blowdown valves are
equipped by solenoids with reset buttons, which must be pressed from field. .
4. Global power loss should initiate ESD-1, but loss of individual substations should shutdown only
affected units.

12 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

4.0 PROCESS SAFEGUARDING PHILOSOPHY

Units / Trains with inter- connected equipment without any isolation valves in between can be protected by a
single IPF and relief valve for overpressure. FGS system will be available in the plant as per Fire and Gas
detection Philosophy (BGPP-UZLE-D-200-000-0-HS-PHI-00003).

4.1 Cluster Pads

Process Safeguarding Philosophy for upstream system (wells, clusters, gas gathering system) is separated from
that of GPP. For more details regarding refer to the document BGPP-UZLE-B-100-000-0-PR-PHI-00003.

4.2 Gathering headers

Process Safeguarding Philosophy for upstream system (wells, clusters, gas gathering system) is separated from
that of GPP. For more details regarding refer to the document BGPP-UZLE-B-100-000-0-PR-PHI-00003.

4.3 Separators & Vessels

The Separators & Vessels will typically be provided with following penultimate protection system on case by case
basis.
 Vessel pressure high high – Close SDV on feed line;
 Level high high - Closes SDV on feed line ;
 Level low low - Closes liquid outlet valves.
The separators and Vessel will be provided with safety relief valves to protect the equipment from overpressure.
High temperature trip to be considered if heater is provided inside the separator/ vessel.
Additional safety measures for vessels to be considered in case by case basis.

4.4 Columns

The columns shall be provided with penultimate protection system similar to separators and vessels. Additionally
it shall consider re-boiler on full load while the regenerator is shut-in, i.e. High- High Temperature in column will
cause reboiler energy stream (steam) to be cut-off/ tripped. In case of power failure, the steam flow to reboilers to
be isolated in order to minimize the rate of pressure rise in the regenerator columns. Pressure high high trip to be
considered due to possible reboiler’s tube rupture scenario.
The columns will be provided with safety relief valves to protect the equipment from overpressure.
Additional safety measures for columns to be considered in case by case basis.

13 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

4.5 Rotating Equipment

Compressors
The compressor unit typically should be tripped during following conditions.
 Suction KO drum level high high
 Suction Pressure low low
 Discharge temperature high high,
 Discharge pressure high-high (for reciprocating compressors)
 After-cooler outlet temperature high-high (if necessary)
 Anti Surge Trip
 Gas leak and fire detection.
The need of compressor blowdown in case of seal gas leakage to be determined by the Vendor.
Additional safety measures for compressors to be considered in case by case basis.
The compressor will be provided with safety relief valve in the discharge line, as ultimate overpressure protection.
Machinery safeguarding will be as per vendor recommendations.

Pumps
Pumps typically should have following penultimate safeguards:
 Upstream Vessel/ Tank low-low level.
 Downstream Vessel/ Tank level high-high.
 Positive displacements pump discharge pressure high/high (except for intermittent service chemical
injection pumps).
 High high temperature of the pump/motor bearings.
Machinery safeguarding will be as per vendor recommendations.
The centrifugal process pump are usually controlled throttling the discharge. Variable speed drivers or minimum
recirculation device could be applied as an alternative. Suction piping, from the isolation valve (including valve) to
the pump shall be rated to pump discharge side piping design pressure.
Reciprocating pumps shall be provided with an individual relief valve at the pump discharge line before the first
isolation valve (and non return valve) as ultimate protective system.
Positive displacement pumps shall be provided with a pulsation damper and an individual relief valve at the pump
discharge line as ultimate protective system.
Suction valves for spared pumps with auto starts to be locked open.

14 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

Additional safety measures for pumps to be considered in case by case basis.

4.6 Air Cooled Heat Exchangers

Loss of control of the air cooled heat exchanger will lead to condition of High or low outlet temperature. This
could impact the process stream and the downstream process unit/ equipment. There is a need to shutdown
affected units (like compressors / pumps etc) as the temperature could go beyond the design temperature.
Machinery related safeguarding for the Fans/ motors will be as per vendor recommendations.
For equipment, including air coolers, located at a level above 7.6 m, the fire scenario is not considered.
Therefore, the safety valves designed for the "Fire" scenario is not required.
Additional safety measures for air coolers to be considered in case by case basis.

4.7 Heat Exchangers

Cold fluid outlet downstream piping / equipment may not be designed for high temperature; hence it will be
required to stop the hot fluid flow in case of failure of temperature control.
Generally, the shell and tube exchangers will be designed as per 10/13 rule to protect the lower pressure side.
This means to set the design pressure of the lower pressure side of a heat exchanger not lower than 77% of the
design pressure of the higher pressure side. This design rule allows to protect the equipment against tube
rupture without installing a PSV. The design pressure set following the “10/13 rule” will be extended also to inlet
and outlet piping connected to the lower pressure side of the heat exchanger including the isolation valves.
A situation where the cold fluid is blocked in, while the hot fluid side is operational may give rise to high pressure
due to thermal expansion upon continual heating; this can require to be provided with relief valve. Further as
required the relief valve for fire scenario may be considered for exchanger on case-by-case basis.
Additional safety measures for heat exchangers to be considered in case by case basis.

4.8 Flare

Flare system will be protected from air ingress by providing continuous purge gas. Liquids in the flare system are
removed by a flare KOD. In case of high-high liquid level in flare KOD, the GPP facility will be shutdown (ESD-1).
The capacity of each flare system (including flare system’s KO drums) shall be defined based on governing case
flowrate. The blowdown flowrate (both scheduled or emergency) shall not exceed the flare system’s design
flowrate – downstream of the BDV valves the restriction diaphragms shall be installed (if required).

4.9 Tanks

Emergency venting should be provided by means of pressure relieving devices (Unless vented directly to
atmosphere with an adequately sized vent). The venting capacity of normal and emergency vents should be
sufficient to considered. A blow off hatch covers to lift under abnormal internal pressure due to external fire.
The tanks typically shall be provided with blanketing gas to prevent atmospheric air entry on case-by-case basis.
15 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

The atmospheric tanks shall be provided with following penultimate protection:

 Tank high high level closes the inlet valve or trips feed pumps.
 Tank low low level trips the downstream operating pumps.
 Tank vacuum protection.
Additional safety measures for tanks to be considered in case by case basis.

4.10 Application of Valves in Safeguarding Systems

Control valves: Control valves typically are not to be considered tight shut-off. For some particular cases control
valves can be used within ESD system with maintaining functional, logical and physical independence of DCS
and ESD and the associated instruments.
Non-Return Valves: Non return valve/s shall not be considered for pressure protection
Locking Valves: Locking valves (in open or closed position) for safeguarding purpose can be considered.
1. Car seal or chain lock
2. Lock integrated with valve (e.g. Castel lock)
3. Interlocking system
Isolation valves located on BDVs discharge lines to be locked open. Isolation valves on instruments connected to
the ESD system shall be locked open.

4.11 Implementation of Shutdown Systems

ESD Valve Locations:

Shutdown valves (SDV) will be provided on all process gas lines entering and leaving each blowdown zone.

Failure Mode: Shutdown valves shall fail safe in close position

Blow down valves (BDV) shall fail safe in open position.
ESD valves could be equipped with individual instrument air tanks which provides operability of the ESD valves
in case of instrument air supply loss.

4.12 Equipment Packages

Dedicated independent Integral Package Control and Emergency System, remotely installed inside RIBs
(Remote Control Buildings) to be supplied by Package Equipment Vendors. IPCES will be redundantly
communicated and integrated with plant DCS/ESD by means of ethernet TCP/IP Modbus Protocol.
Package PLC (Programmable Logic Controller) shall be minimum SIL 2 (BGPP-UZLE-D-200-000-0-IN-SPE-
00009). Vendor should justify any deviation from this request for the Client review and approval. More details and
specification for Package Instrumentation and package PLCs are provided:

16 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

- BGPP-UZLE-D-200-000-0-IN-SPE-00009 PLC Programmable logic controller

- BGPP-UZLE-D-200-000-0-IN-SPE-00018 Instrumentation on Package Unit

5.0 ARCHITECTURE OF THE ESD SYSTEM

The Emergency shutdown system is defined as a system designed to respond to conditions in the BGPP which
may be hazardous, if no action taken. The instrumentation for ESD system should include the followings:

 Emergency Shutdown (ESD) System initiates shut-down actions required by emergency situation and
applicable to blowdown zones or to the whole plant. The ESD system manages all process related inputs
and outputs relative to the different levels of ESD. All the ESD levels functions should be performed on
dedicated fail-safe PLC (Programmable Logic Controller)’s that will be referred to as “ESD systems” and
that will work independently from the DCS.

 Fire and Gas Detection System – shall monitoring and detection of fires and hazardous gases – initiate
shut down ESD-0 level with local blowdown to flare system.

The ESD system shall be designed with a high level of integrity (to be defined during HAZOP/SIL study). Safety
Integrity Level SIL 3 (IEC 61511 -1 Tables 3 & 4) shall be the minimum requirements for the ESD system. SIL
Codes for safety functions to be confirmed based on HAZOP & SIL studies results. It shall be completely
independent of the DCS and other systems which might compromise its reliability. It shall be a fail-safe, stand-
alone system with dedicated, hard-wired inputs and outputs and shall utilize a redundant programmable logic
controller. It shall be provided with a dedicated power supply.
It shall be possible to activate groups of shutdown devices to achieve the shutdown and isolation of specific items
of equipment and Plant. Activation shall be made only from the following:

 Push button in the Central Control Room (Physical)

 Push button in processing unit site

 From critical process parameters as defined in design.

The state of all trips functions within the ESD system shall be clearly displayed in the control room.
Сontrol valves should not serve as emergency shutdown valves (SDVs). Where applicable the SIS (Safety
Instrumented System) switches the control valves to the safe position by cutting off the instrument air by
solenoids. This function should be performed by ESD system only without involving DCS to maintain
independence of both systems.
Isolation valves in emergency shutdown, in general, shall not be provided with hand wheels or by-passes, it shall
be determined on a case by case basis. Should a by-pass be essential for start-up purposes, the by-pass valve
shall be locked closed during normal operation. It shall be considered that physical location of the emergency
isolation valve is as far as possible from the standard spacing of the equipment to avoid fire proofing.
More detail requirement and information refer to the document Technical Specification for Emergency Shutdown
System (ESD) BGPP-UZLE-D-200-000-0-IN-SPE-00008.

17 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

6.0 ATTACHMENTS

6.1 ESD hierarchy at cluster pads

Refer to BGPP-UZLE-B-100-000-0-PR-PHI-00003 regarding schematic of ESD hierarchy for cluster pads.

18 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1
 Construction of Boysun GPP

Safeguarding and ESD philosophy

6.2 ESD hierarchy at GPP (ESD-1, ESD-1A/B, ESD-2, ESD-3)

19 of 19

BGPP-UZLE-D-200-000-0-PR-PHI-00020-E-A1