3.2.6.1 General
The principals of Fire Hazard Management promote a four-part strategy for dealing with the fire hazard, when that hazard cannot be eliminated by inherent safety approaches (see Section 2.7). In order of priority, the remaining steps of the strategy seek to:
1. Prevent or minimise fires at source 2. Detect fires early
3. Control fires
4. Mitigate against effect of fires
Sections 3.2.6 to 3.2.8 give an outline of the methods available in each of these four categories. In reality almost every offshore installation employs a mixture of all four methods.
Good design seeks out the best mix of prevention, detection, control and mitigation methodologies for the specific fire scenarios associated with an installation.
There are opportunities throughout the design of any installation to minimise the fire hazard using the four strategies above. Every engineering discipline involved in the design process should be aware of the interaction between their specific discipline input and the fire hazard management for the installation. It is the responsibility of the safety engineer in conjunction with the project manager to engage all the engineers in discussion of fire hazards from an early stage so that no cost-effective opportunities for improvement are missed.
This section outlines the options available for preventing or minimising the fire event at source.
Sections 3.2.7 and 3.2.8 cover the various options for detection, control and mitigation of fire events once they have already occurred.
3.2.6.2 Methods of fire prevention or minimisation at source
Given that the principal role of oil and gas installations is to produce large quantities of hydrocarbons, complete removal of the fuel source not an option. However there are opportunities for the designers to minimise the potential for large releases of fuel. These are described in the following sections.
3.2.6.3 Minimise inventories
The biggest inventories are in the reservoir, the pipelines attached to the installations and the process vessels. Engineers need to be briefed to consider minimisation of release potential in addition to consideration of production maximisation and cost. They should aim to:
• Minimise inventories between the wellhead and downhole valves;
• Provide suitably located topsides and subsea isolation valves on all import and export pipelines. Any non-provision of subsea isolation must be thoroughly justified.
Justifications must consider all lifecycle phases (especially for NUIs);
• Size pipelines, vessels and other process equipment to minimise inventory loss in a leak situation as well as meet process requirements;
• Provide adequate automatic isolation throughout the process system, backed up where necessary with accessible manual isolation valves;
• Minimise on-platform storage wherever feasible.
3.2.6.4 Optimise layout
Good layout is essential to the overall safety of the installation. Where separation of people from hazardous areas is not possible, provide protection by segregation behind firewalls and attention to escape/egress routes. Key points are:
• Keep living quarters and evacuation facilities away from the process;
• Wherever possible hydrocarbon containing vessels should be bunded and connected to hazardous drains or vents or flare systems designed to remove flammable liquids from the vessel;
• Ensure that the hazardous drain arrangements are capable of handling releases from the single largest vessel or source based on the range of reasonably foreseeable events;
• Locate risers as far as possible from the TR & evacuation point;
• Locate risers and riser valves where other fires or fire escalation cannot affect them;
• Review the locations and orientations of flanged joints to minimise the location of targets (SCEs or other flammable inventories) within the range of small and escalating jet fires;
• Small platforms such as Southern North Sea gas platforms cannot provide separation by distance therefore immediate safe egress/escape provision plus sheltered evacuation points are crucial for safety of personnel.
3.2.6.5 Minimise the potential for loss of containment events
• Minimise the number of potential leak points in the design, particularly flanges and instrumentation connections. However enough valves need to be left to provide for safe isolation for intrusive maintenance. Use of newer design of equipment such as high integrity flanges, valves with integral block and bleed and inherently safer wellheads should be considered.
• Design for future sand erosion and corrosion by providing for ease of detection, monitoring and replacement.
• Where facilities and access for routine test and maintenance are not provided on the understanding that such work will only be done during shutdowns, this should be highlighted on drawings and in manuals.
• Where emergency manual isolation is provided, make sure it is documented in emergency response plans, unambiguously labelled in the field and accessible in the relevant fire scenarios.
3.2.6.6 Providing an inert or non-flammable environment
• Determine the degree of containment to confirm whether an inert atmosphere is achievable in the specific application, for example:
o Completely contained within a pressurised vessel;
o Completely contained but within an open vented atmospheric vessel/tank.
• Determine the required supply of inerting medium, e.g. the degree of inflow and outflow required for all operating conditions, for example offloading requirements or inerting an area with opening/closing doors (such as filling a Temporary Refuge with lower oxygen content media, see next bullet point).
• Review the non-flammable media available for application, considering the use of the areas and volumetric flow rate requirements, the media may include:
o Nitrogen;
o Over-rich (i.e. above Upper Flammable Limit) fuel gas;
o Cleaned combustion gas;
o Low oxygen content media (such as Inergen, a proprietary product with insufficient oxygen to support combustion but adequate oxygen content to maintain life);
o Carbon dioxide.
• Consider the preferred delivery option, whether the media can be generated on the installation (e.g. Nitrogen Generator) or whether it is desirable to be brought on board.
• Review the media for their own hazardous effects in the context of the potential applications. Avoid all but the lower oxygen content media in areas where personnel without breathing apparatus may be, ensuring that the lower oxygen content media are suitable for occupied areas. Identify any time limits on occupancy or minimum health and fitness criteria with the media supplier.
• Confirm that the layout does not contribute to or exacerbate migration of the media to sensitive areas, for example carbon dioxide being heavier than air will flow down hill, therefore, recessed areas for valve or equipment access could capture the CO2, especially where personnel could access as part of recovery work after the emergency.
3.2.6.7 Minimise the time to ESD and blowdown
• ESD should be designed to occur immediately on detection of a release event. ESD should move the plant to a safer state. Designers need to check whether the ESDV locations minimise ignited release consequences rather than just reducing leak size.
• Rapid blowdown or draining of topsides process inventories in order to prevent escalation of a fire situation should be provided unless there are specific good reasons for not doing so (e.g. very small topsides process).
• The code-based design approach of providing blowdown to 7 barg or half design pressure in 15 minutes should no longer be automatically assumed adequate.
Blowdown should be designed in the light of the specific escalation times for each fire scenario and generally be as fast as feasible once activated, (see Sections 7.7.4 and 7.7.5 for more details on blowdown systems).
• Where only a manual blowdown capability has been used – the designer and Duty Holder must justify the choice of system with respect to the identified major accident hazards, the design and operating philosophy must be clearly recorded for the intended user and all operational and maintenance details must be documented or referred to in the emergency response instructions for the installation.
• Blowdown must be to a safe location with respect to personnel, bearing in mind the likelihood of spurious blowdown events as well as real emergency events, and
3.2.6.8 Minimise ignition sources
• All electrical equipment in hazardous areas shall be certified. This is to cater for
‘fugitive’ leaks in accordance with hazardous area design codes.
• The dispersion distances for such leaks, from which the hazardous zones are calculated, do not cater for major accident releases.
• A gas cloud from a medium or large leak can, and will, drift outside hazardous area limits. Therefore caution must be exercised in locating unclassified equipment such as generator sets, temporary pump skids, heating equipment etc in ‘safe’ open locations around the installation.
• The ignition-prevention philosophy for the platform should explain how the ignition risk is minimised.
• Plant should be suitably earthed and all operators trained in awareness of offshore static spark risks (a recurring cause of fires).
• Equipment which provides an ignition source and is unacceptably close to release sources should either be located inside an enclosure with ventilation ducts that close off automatically on detection of gas, or be provided with some alternative form of protection.
• Certified electro-mechanical equipment (e.g. diesel generators) requires careful maintenance in order to retain its certification and is a significant operating expense.