Shutdown Level Hierarchy & Shutdown Philosophy

What is Shutdown Level Hierarchy?
When a process condition on a process plant, or oil production platform deviates from normal e.g. high temperature in a vessel, then corrective action needs to be taken. This is achieved by the process control system.
However, if the process control system fails to correct the deviation and it continues until a potentially dangerous situation arises then the plant will "trip" the Emergency Shutdown System (ESD). The ESD system is designed to shut down the plant and prevent escalation of the situation thus protecting plant personnel, the plant itself (often refered to as the asset), and the environment.
How the ESD system achieves this will depend on many factors, and can be regarded as a balance between minimising the loss of production and inventory, and the requirements for achieving a safe state, e.g. an excessively high temperature in a pump motor winding may not require the whole plant to be shut down and inventory sent to flare. Therefore the concept of Shutdown Levels has been developed and the relationship between the levels is called the Shutdown Level Hierarchy.
 

Who decides the Shutdown Level Hierarchy?
The shutdown level hierarchy is defined in the Shutdown Philosophy document. This document, usually written by the chief process engineer, with input from the instrument group, is plant specific and though it may be similar to that for other plants it will be different.
The actions to be taken for each level of shutdown will be explained in general terms, and the interaction between levels will be defined. The basic system philosophy is that a shutdown on a certain level shall never initiate shutdowns on higher levels, but shall always include shutdowns on lower levels.
 

ESD System Interaction with Fire and Gas System
The shutdown philosophy will also define what action the ESD system will take if the main fire and gas (F&G) system detects a fire, or a gas release. In this instance the F&G system would "hand off" signals to the ESD sytem.
 

ESD System and Depressurisation (Blowdown)
When ESD valves are actuated, fluids will be trapped in the system. If these fluids remain in the system they could, due to pressure or temperature build up, become a potential danger. Therefore they must be released.
The type of fluid will determine how it is handled. Flammable gases will in general be routed to a flare system where they will be combusted. This is commonlly referred to as "gas blowdown".
This loss of inventory is both uneconomic and an environmental issue, so not all levels of shutdown will require a blowdown. Again, the Shutdown Philosophy document will define which shutdown levels will initiate blowdown.

 

 

How many Shutdown Levels are there?
All plants are different therefore the number of levels may differ, obviously a plant with a small physical size, and/or a single stand alone process unit will need fewer levels than a large onshore process plant or oil production platform. The number, as defined in the shutdown philosophy document will be determined by considering all safety factors to suit the needs and conditions of the plant under consideration. Although there may be fewer shutdown levels, the actions required will still broadly be the same therefore these actions will be promoted to occurr in a higher level.
Having said all this, it is usual to have between 3 and 5 levels of shutdown.
 

What are the Levels of Shutdown called?
The levels are ususally numbered, though it is not unknown for colours to be used.
Generally a lower number equates to a more severe shutdown i.e. a Level 0 shutdown will shutdown more items of plant than a Level 4 shutdown.
If colours are used it is usual for red to denote a more severe shutdown e.g. a red shutdown will shutdown more items of plant than a yellow shutdown.
 

What are the Levels of Shutdown?
As discussed above, all plants are different and therefore the shutdown initiators and actions for each level of shutdown will differ from plant to plant. Therefore the following should only be taken as a general guide:
 
Level 0 Shutdown - Abandon plant or platform
Level 1 Shutdown - Emergency shutdown and depressurisation of the overall plant
Level 2 Shutdown - Emergency shutdown for a process unit within the plant
Level 3 Shutdown - Total Process Shutdown
Level 4 Shutdown - Process Shutdown for a Process Unit within the Plant
Level 5 Shutdown - Process train shutdown within a unit
Level 6 Shutdown - Shutdown of Individual Equipment and Utilities
 

 

Technical Library

The following pages on Control and Instrumentation.com give more detail on other related control system, and safety related topics associated with safety shutdown systems:

 

Further Reading

For those who want to delve further into the complex, and sometimes confusing world of control system engineering, or just want to broaden their knowledge of the subject, then the following books will be of interest: