The Emergency Shutdown (ESD) System is designed to protect the personnel, plant, equipment and the environment against pollution.
The purpose of the ESD system is to monitor process safety parameters and activate or shutdown the process system and/or the utilities if these parameters deviate from normal conditions.
Shutdown Philosophy
This is the most important document associated with the Combined Safety System in that it lays down the philosophy applicable to it. In this document are listed the hierarchical shutdowns.
One must not lose sight of the fact that although the system has the ability to implement very critical shutdown features it also implements less critical unit and process shutdowns.
For instance on offshore platforms the usual stages of shutdown are as follows:-
UNIT SHUTDOWN
This, the lowest level of shutdown, causes the individual units to stop.
PROCESS TRAIN SHUTDOWN
An individual Process Train will shutdown on occurrence of any applicable trip.
PROCESS SHUTDOWN
On this process shutdown occurrence, the complete process stops but utilities remain running, in effect it is a process ‘stop’ with NO BLOWDOWN in order to facilitate a easier startup on rectification of the problem.
EMERGENCY SHUTDOWN
This action results generally from fire or Gas being sensed on the platform, obviously a fire in the Galley or in a room in the accommodation does not cause a ESD but more serious events in the Process, Wellhead or other critical areas will result in an ESD.
An ESD is actually a Process Shutdown with Blowdown and isolation of the platform trunkline. The blowdown results in flaring of the gas component of the platform inventory whilst the liquid component is maintained within the various process vessels. When co-incident fire detection in the process or wellhead areas occurs one of the two strategically placed firepumps start and deluge occurs automatically.
On some platforms main power is shutdown and the emergency generator starts when an ESD occurs whilst on others main power is maintained by the generators switching to Diesel except when there is fire in a critical area such as the wellheads.
This approach is advocated in that maintaining lighting ensures that at night the firefighting crew can see what they are doing.
TOTAL PLATFORM SHUTDOWN
This shutdown hopefully will never require operation during the life of the platform since it usually is the result of abandonment.
There are generally only two or three TPSD pushbuttons which are under the control of the Platform Operations Manager.
The result of this action is total blackout of the platform including isolation of batteries except for some navaids which continue to run.
The intent of this shutdown is to maintain some battery power for when the ‘black start team’ reboard the platform.
A Safety Shutdown System shall be independent of and in addition to other systems and equipment used for normal operation, control and monitoring, and shall act as a safety barrier in case of malfunction or maloperation of these systems and equipment.
The Safety Shutdown System is logically divided into three main levels of shutdown:
Process Shutdown (PSD)
Emergency Shutdown (ESD)
Abandon Platform Shutdown (APS)
Basic system philosophy is that a shutdown on a certain level shall never initiate shutdowns on higher levels, but shall always include shutdowns on lower levels.