Over time, complexity and redundancy in BOPs stack functions have increased. This has been done to improve BOP functionality and reduce the likelihood of blowouts leading to major accidents. Application of the IEC 61508/61511 framework to safety-critical BOP functions is important. Doing so will ensure high reliability and performance throughout an asset lifecycle.
Subsea Blowout Preventers (BOPs) have evolved from simple stacks with limited redundancy to multiple ram configurations with complex redundant capabilities. Increasing the number of redundant capabilities for BOPs reduces the potential for loss of BOP functionality. As a result, you reduce the risk of major accidents. However, increasing the number of components also leads to an increased failure frequency, where each failure has the potential to result in having to pull the BOP stack. Pulling the stack has a significant cost impact due to the associated delays and increased rig time.
Principles for Functional Safety Management(FSA)
Based on the following principles, the application of the IEC61508/61511 approach on BOPs could be more beneficial than a general increase in redundant capabilities.
Functional Safety Management plans (FSMP) for BOPs will ensure that focus lies on the BOP performance throughout its lifecycle. All the way from concept design and engineering through operations.
SIL allocation will ensure that the safety requirement assigned for the BOP functions is commensurate with the design intent and the actual operation. In other words, the safety requirements cover the field-specific probability of kicks and blowouts and the potential consequence of these scenarios. Furthermore, the safety requirements should be based on the other barriers in place. This will increase transparency and ensure that redundant capabilities are sufficient, but at the same time not excessive for the operation in question.
Development of Safety Requirement Specifications for the BOP will ensure that requirements placed on the safety functions are clearly documented and specific for the operation in question.
Safety Integrity Level (SIL) verification of the BOP will ensure that the safety requirements placed on the BOP functions can be demonstrated with the stack design. Moreover, the output from the SIL verification may allow for adjustment of test intervals if it is allowed by regulations. Optimization of test intervals may reduce both operational time and OPEX. It may at the same time reduce the number of opportunities for human errors in connection with periodic tests and maintenance.
Applying NOG-070 for Drilling Safety Functions
On the NCS, the NOG-070 (OLF-070) guideline puts the following requirements on the drilling-related safety functions:
Shear seal ram function / Casing shear ram function
Sequenced shutdown function (emergency disconnect, autoshear)
Mechanical ram lock function
Additionally, the guideline puts SIL requirements on several workover-related functions such as PSD, ESD, and EQD.
Challenges with SIL verification of BOPS
However, when you compare SIL verification of BOPs to standard SIFs you will find there are several challenges:
The Human Factor – there is no sensor/automatic initiation of the safety function, hence estimating a failure rate for initiation of the SIF is difficult.
There are often multiple rams that may or may not provide redundancy, based on the operational circumstances.
There are no fail-safe positions for the final elements in the SIF. Hence, you shall include all auxiliary systems.
There are multiple passive components that you shall include in the SIF.
Limited failure data is available
Frequent testing and potential for a large contribution of test independent failures
ORS has extensive experience in assisting our clients in all phases of the IEC61511 / 61508 SIS lifecycle for BOPs, including:
Customized risk identification workshops
In-depth FMECA workshops to identify all components involved in the SIFs.
Classification of SIFs and SIL allocation
Development of SRS
Validation and SIL verification of the SIFs
Monitoring of SIF performance during operation including special assistance for collection and classification of BOP failure data.
Do you have any questions? Would you like to learn more about this topic? Or perhaps about any other topic such as HAZOPs, SIS, FMEA, RAM analysis, etc.? If so, feel free to contact us.