While everybody in the plant is responsible for contributing to safe operation, safety analysis and safety engineering have developed into separate branches of knowledge. As such, I usually leave discussions of safety to experts in that field. Nevertheless, here, we will look at one situation in which the immediate response was, “Are you sure you really want to do that?”
A refinery client was replacing a vacuum crude distillation tower. This tower operates at high-feed temperatures (above 700°F) and feed-low pressures (< 1 psia). The replacement allowed the unit to be modified at a relatively low cost. The opportunity for modifications was taken, and the final proposed tower was no longer a replacement in kind.
The HAZOP analysis for the modified unit identified potential backflow from vacuum system failure as a significant possible event. The proposed layer preventing a serious incident was a new, 36-in. check valve in the tower feed line. This check valve modification prompted the question, “Are you sure you really want to do that?”
Will a Check Valve Increase Safety?
Let’s look into a few more details. The operating conditions are 700°F and ~0.6 psia with high-velocity (>250 ft/sec) of two-phase flow. At this temperature, some of the liquid will thermally crack and create coke if the residence time is long enough. A check valve in this service needs to operate for four-plus years and can’t be maintained or tested without shutting the plant down.
Safety features are meant to make the process safer. Failures in safety features range from situations where they don’t improve things at all to situations where they actually make things worse. From an analysis standpoint, the hardest case is when improvements in one area cause problems in other areas.
This situation falls into one of the easy cases. The check valve is unlikely to improve safety or create safety problems. It does nothing regarding safety and costs capital for installation, maintenance and operating costs.
To understand the safety implications, let’s first look at the event it’s supposed to protect against. The proposed failure was loss of steam to the vacuum system, causing the ejectors to stop working. The vent stream from the ejectors went to a heater firebox for combustion to prevent hydrogen sulfide emissions. If the ejectors stopped working, the concern was that gases in the atmospheric pressure firebox would reverse flow into the vacuum system and, eventually, the vacuum tower. The hot process in the vacuum tower plus the hot combustion gases would ignite and cause a fire in the vacuum tower, damaging the equipment. The safety concern was damage to the vessel, causing loss of containment.
Next, let’s look at the probability of the event happening. First, I have never seen a vacuum system loss cause loss-of-containment in the vacuum tower, never found someone else who has seen it and never found a documented case of it happening. The number of plants out there puts the occurrence at less than one in 100,000 operating years. It’s difficult to say something is impossible but the probability is very low. If someone has had this happen in their plant or seen documentation, I’d really like to hear from them.
Check Valve Failure Rates
Now, look at the operation of check valves. Sound data are difficult to get, but work done by the nuclear industry shows an overall failure rate of between 1/63 years to 1/438 years for individual valves. Very little data are available on failure rates of large valves (>24-in.), but failure rates appear to be much higher than the average rates for the larger valves. These failure rates are much higher than the likelihood of the base event occurring. To look at these specific valves, a nearly identical service that uses check valves is revealing. At every plant turnaround, the valve was coked and wouldn’t close. The plant didn’t know how long the valve took to reach inoperable conditions, but the minimum failure rate was 1/5 years.
Overall, the event was unlikely, and the proposed mitigation step was non-functional. An action that fails to achieve the desired outcome has no value. This is behind the question, “Are you sure you really want to do that?” Finally, there are alternate passive methods of preventing backflow from the vacuum systems. These passive methods are nearly 100% reliable. It may look like the alternate methods cost more, but because they work, they are preferred. A future column will look at these.
References
- McElhaney, K. L., 1997. 9707112–1: Failure Modes and Causes for Swing and Lift Type Check Valves. Online. Washington, D. C.: Oak Ridge National Laboratory for the Nuclear Regulator Commission. Available from: https://www.osti.gov/biblio/621557
- Hart, K.; McElhaney, K. L. and Casada, D. A., 1994. Efforts by the Nuclear Industry to Evaluate Check Valve Failures. In: NRC/ASME Valve and Pump Symposium.. Online. Washington, D. C. 18 July 1994. Available from: https://www.osti.gov/biblio/238449
