A tank overfill protection system is a Safety Instrumented System (SIS) application that provides an additional layer of protection over the basic tank gauging (control) system. As with all SISs, the actual Safety Integrity Level (SIL) needs to be established for the particular tank at the storage facility, taking into account all the operational risk factors, but typically these functions are SIL 1 or SIL 2.
It is important that the instrumentation used in the SIS is totally independent from that which is used in the tank gauging system so that it does not suffer interference from the latter or be subjected to common points of failure. It is expected that the overfill protection function automatically shuts off the input feed to the tank by isolating the pump and closing the input valve (ensuring that any resulting pipeline pressure surges are suitably dealt with).
Because many tank level sensors are exposed to demanding environments inside and outside of the tank, they are susceptible to rapid degradation over time. As a result, it is beneficial to use devices that offer level measurement diversification between your tank overfill SIS and your basic tank gauging system. Utilizing level sensors that incorporate different principles or methods of level measurement reduce common mode failure rates.
Why Logic Solvers Are a Logical Choice
People often assume a logic solver has to be a safety PLC (Programmable Logic Controller) to be employed in, for example, a tank overfill SIS. But in many cases a discrete logic device for each loop, which avoids the complications and expense of a complex programmable solution, is a sensible option. One of the objectives of functional safety is to engineer the protection layers so the complexity of safety-related functionality is minimized. This includes designing the overall concept for the minimum number of safety instrumented loops, avoiding the unnecessary use of more complex technology and reducing interdependency between loops and keeping safety and non-safety functionality separate.
Apart from the obvious savings in cost from a simpler architecture, perhaps the biggest gains with this approach are unseen. Consider that this straightforward approach avoids the development cost of application programming (plus associated costs such as of software maintenance, upgrades, configuration management, and back-ups) and the need for specialist competence in operation and maintenance of the programmable platform. Installation, validation and commissioning of complex programmable systems also require specific competence and procedures, which can make the functional safety management (FSM) system more onerous to set up and maintain.
Many safety-related applications in the process industry, such as tank overfill, are ideally suited to one or more single loop logic solvers because they are small scale, isolated, or located in remote locations. As mentioned, the simplified architecture of this approach can reduce the cost of hardware, software and procedural overheads.
Choosing sensors, logic solvers and final elements for any Safety Instrumented Function (SIF) requires a step by step analysis of the equipment’s failure data and applicability to the safety related function. As you see in the Table 1 below, each piece of equipment that will assist in the SIF has to be evaluated to ensure that it’s applicability meets the necessary requirements spelled out by the IEC 61508/61511 functional safety standards. The full white paper has detailed examples that help guide a safety practitioner through the process of implementing a SIL 1 and SIL 2 tank overfill protection system.
Get a copy of the complete white paper published by Moore Industries-International, Inc. here.
If this approach looks like it fits your process, consider the Moore Industries STA Functional Safety Trip Alarm as your Safety Instrumented System logic solver for tank overfill protection. The STA is simple to program and has an auxiliary analog output for retransmission to the local RTU. The STA is SIL 2/3 capable, approved by exida and suitable for installation in Class I Div 2/Zone 2 locations.
Learn more about the STA