Functional safety requirements of overfill prevention systems on explosive dangerous chemical
1 Scope
This document specifies the functional safety requirements of overfill prevention systems installed on dangerous chemical tanks.
This document is applicable to atmospheric tanks for petroleum and other dangerous chemical liquids fixed above the ground with a volume of more than 5 m3. It may be implemented as reference for fixed atmospheric tanks for liquid with a volume of 5 m3 or less.
This document does not apply to LPG/LNG tanks, dedicated buffer tanks, engine fuel tanks, heating tanks, and oil tanks that collect oil only from wheeled tankers (such as oil tank trucks or rail tank cars).
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20438.2-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
GB/T 20438.3-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 3: Software requirements
GB/T 21109.1-2007 Functional safety — Safety instrumented systems for the process industry sector — Part 1: Framework definitions system hardware and software requirements
GB/T 29639 Guidelines for enterprises to develop emergency response plan for work place accidents
GB 50093 Code for construction and quality acceptance of automation instrumentation engineering
3 Terms and definitions
For the purpose of this document, the following terms and definitions apply.
3.1
alarm
audible and/or visual indication to an operator in case of equipment faults, process deviations, or other anomalies requiring a timely response
3.2
alert
audible and/or visual prompt to an operator in case the operating condition defined by the operator reaches a certain value
Note: Alert is set to remind the user/operator of investigating or performing other corresponding actions.
3.3
atmospheric tank
tank with a designed pressure of less than 0.1 MPa, built on the ground, storing non-manually refrigerated, non-toxic petroleum, chemicals and other liquid media
3.4
level of concern; LOC
appropriate alert level, alarm level and automatic overfill prevention trigger level set by the owner or operator by calculating the medium level of the tank
3.5
maximum working level; MW
maximum level allowed for tank feeding during normal operation
3.6
critical high level; CH
maximum level that can be reached during the tank feeding without harmful influence, beyond which medium overfill or tank damage will occur
Note: In terms of engineering design, the critical high level is also called "tank design level".
3.7
high-high tank level; HH
level sufficiently below the CH to be able to terminate the feed or medium transfer before reaching the CH
3.8
high-high tank level alarm; LAHH
alarm triggered at high-high tank level
3.9
high tank level; H
level of concern set between the maximum working level and the high-high tank level to provide alert or alarm to operators
3.10
high tank level alarm; LAH
alarm triggered at high tank level
3.11
response time; RT
duration required from the start of the alarm trigger to the completion of the set action (which may be performed manually or by an automatic system)
3.12
final element
valve, pump or other device that can stop inflow and prevent tanks from being overfilled
3.13
overfill prevention system; OPS
protection system for preventing tank medium from overfilling
Note: OPS may be a technical measure, a management measure, or both.
3.14
manual overfill prevention system; MOPS
overfill prevention system operated by operators
3.15
automatic overfill prevention system; AOPS
overfill prevention system unnecessarily operated by operators
3.16
dangerous failure
failure of components and/or subsystems and/or systems with effects on the performance of safety functions, which may:
a) prevent a safety function from being performed if required (request mode), or lead to the failure of safety function (continuous mode), thus causing the EUC to enter a dangerous or potentially dangerous state;
b) reduce the probability that a safety function is performed correctly if required
[Source: GB/T 20438.4-2017, 3.6.7]
Foreword i Introduction ii 1 Scope 2 Normative references 3 Terms and definitions 4 Abbreviations 5 General requirements of OPS 5.1 General requirements 5.2 Classification of tank monitoring modes and instrumentation configurations of OPS 5.3 Functional safety requirements of OPS in the full life cycle 6 Safety management requirements for overfill prevention 6.1 General requirements 6.2 Requirements for management of level of concern and periodic review 6.3 Functional safety assessment requirements of OPS 6.4 Requirements of safety management system on overfill prevention 6.5 Safety procedure requirements of overfill prevention operation 6.6 Requirements of emergency response plan for tank overfilling accidents 7 Risk assessment on tank overfilling 7.1 General requirements 7.2 Requirements for implementation of risk assessment 8 Safety requirement allocation for OPS 8.1 General requirements 8.2 Requirements for implementation of safety requirement allocation 9 Design requirements for OPS 9.1 General requirements 9.2 Design of level of concern 9.3 Classification and composition of OPSs 9.4 Functional safety design of AOPS 9.5 Safety protection design of OPS 10 Installation requirements for OPS 11 Safety validation requirements for OPS 11.1 Installation validation requirements 11.2 Hardware validation requirements 11.3 Function validation requirements 11.4 Application validation requirements 11.5 Operation validation requirements 12 Acceptance requirements for OPS 13 Proof test and maintenance requirements for OPS 13.1 General requirements 13.2 Technical requirements 14 MOC requirements for OPS 14.1 General requirements 14.2 MOC requirements 14.3 Requirements for changed documents 15 Decommissioning requirements for OPS Annex A (Informative) Installation requirements for level detection instruments Bibliography Figure 1 General technical model of OPS Figure 2 Tank level of concern Table 1 Classification of tank monitoring modes and instrumentation configurations of OPS Table 2 Correspondence table of tank monitoring modes and level of concern setting Table A.1 Installation requirements for level detection instruments
Functional safety requirements of overfill prevention systems on explosive dangerous chemical
1 Scope
This document specifies the functional safety requirements of overfill prevention systems installed on dangerous chemical tanks.
This document is applicable to atmospheric tanks for petroleum and other dangerous chemical liquids fixed above the ground with a volume of more than 5 m3. It may be implemented as reference for fixed atmospheric tanks for liquid with a volume of 5 m3 or less.
This document does not apply to LPG/LNG tanks, dedicated buffer tanks, engine fuel tanks, heating tanks, and oil tanks that collect oil only from wheeled tankers (such as oil tank trucks or rail tank cars).
2 Normative references
The following documents contain provisions which, through reference in this text, constitute provisions of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
GB/T 20438.2-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
GB/T 20438.3-2017 Functional safety of electrical/electronic/programmable electronic safety-related systems — Part 3: Software requirements
GB/T 21109.1-2007 Functional safety — Safety instrumented systems for the process industry sector — Part 1: Framework definitions system hardware and software requirements
GB/T 29639 Guidelines for enterprises to develop emergency response plan for work place accidents
GB 50093 Code for construction and quality acceptance of automation instrumentation engineering
3 Terms and definitions
For the purpose of this document, the following terms and definitions apply.
3.1
alarm
audible and/or visual indication to an operator in case of equipment faults, process deviations, or other anomalies requiring a timely response
3.2
alert
audible and/or visual prompt to an operator in case the operating condition defined by the operator reaches a certain value
Note: Alert is set to remind the user/operator of investigating or performing other corresponding actions.
3.3
atmospheric tank
tank with a designed pressure of less than 0.1 MPa, built on the ground, storing non-manually refrigerated, non-toxic petroleum, chemicals and other liquid media
3.4
level of concern; LOC
appropriate alert level, alarm level and automatic overfill prevention trigger level set by the owner or operator by calculating the medium level of the tank
3.5
maximum working level; MW
maximum level allowed for tank feeding during normal operation
3.6
critical high level; CH
maximum level that can be reached during the tank feeding without harmful influence, beyond which medium overfill or tank damage will occur
Note: In terms of engineering design, the critical high level is also called "tank design level".
3.7
high-high tank level; HH
level sufficiently below the CH to be able to terminate the feed or medium transfer before reaching the CH
3.8
high-high tank level alarm; LAHH
alarm triggered at high-high tank level
3.9
high tank level; H
level of concern set between the maximum working level and the high-high tank level to provide alert or alarm to operators
3.10
high tank level alarm; LAH
alarm triggered at high tank level
3.11
response time; RT
duration required from the start of the alarm trigger to the completion of the set action (which may be performed manually or by an automatic system)
3.12
final element
valve, pump or other device that can stop inflow and prevent tanks from being overfilled
3.13
overfill prevention system; OPS
protection system for preventing tank medium from overfilling
Note: OPS may be a technical measure, a management measure, or both.
3.14
manual overfill prevention system; MOPS
overfill prevention system operated by operators
3.15
automatic overfill prevention system; AOPS
overfill prevention system unnecessarily operated by operators
3.16
dangerous failure
failure of components and/or subsystems and/or systems with effects on the performance of safety functions, which may:
a) prevent a safety function from being performed if required (request mode), or lead to the failure of safety function (continuous mode), thus causing the EUC to enter a dangerous or potentially dangerous state;
b) reduce the probability that a safety function is performed correctly if required
[Source: GB/T 20438.4-2017, 3.6.7]
Contents of GB/T 41394-2022
Foreword i
Introduction ii
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations
5 General requirements of OPS
5.1 General requirements
5.2 Classification of tank monitoring modes and instrumentation configurations of OPS
5.3 Functional safety requirements of OPS in the full life cycle
6 Safety management requirements for overfill prevention
6.1 General requirements
6.2 Requirements for management of level of concern and periodic review
6.3 Functional safety assessment requirements of OPS
6.4 Requirements of safety management system on overfill prevention
6.5 Safety procedure requirements of overfill prevention operation
6.6 Requirements of emergency response plan for tank overfilling accidents
7 Risk assessment on tank overfilling
7.1 General requirements
7.2 Requirements for implementation of risk assessment
8 Safety requirement allocation for OPS
8.1 General requirements
8.2 Requirements for implementation of safety requirement allocation
9 Design requirements for OPS
9.1 General requirements
9.2 Design of level of concern
9.3 Classification and composition of OPSs
9.4 Functional safety design of AOPS
9.5 Safety protection design of OPS
10 Installation requirements for OPS
11 Safety validation requirements for OPS
11.1 Installation validation requirements
11.2 Hardware validation requirements
11.3 Function validation requirements
11.4 Application validation requirements
11.5 Operation validation requirements
12 Acceptance requirements for OPS
13 Proof test and maintenance requirements for OPS
13.1 General requirements
13.2 Technical requirements
14 MOC requirements for OPS
14.1 General requirements
14.2 MOC requirements
14.3 Requirements for changed documents
15 Decommissioning requirements for OPS
Annex A (Informative) Installation requirements for level detection instruments
Bibliography
Figure 1 General technical model of OPS
Figure 2 Tank level of concern
Table 1 Classification of tank monitoring modes and instrumentation configurations of OPS
Table 2 Correspondence table of tank monitoring modes and level of concern setting
Table A.1 Installation requirements for level detection instruments
