This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Integrated and safe operations in the offshore oil & gas industry

21 July 2015

A spokesman from ExxonMobil has said: “All the easy oil and gas in the world has pretty much been found. Now comes the harder work in finding and producing oil from more challenging environments and work areas.” Luis Duran of ABB in Houston, Texas, looks at how Integrated Operations can provide enhanced safety on the larger offshore platforms and facilities that are an increasing presence in the increasingly remote fields and basins now being bro

FPSOs can be prime beneficiaries of integrated control and safety systems
FPSOs can be prime beneficiaries of integrated control and safety systems

Oil is vital to industrial civilisation in its current configuration as it accounts for a large percentage of the world’s energy consumption, ranging from as low of 32% for Europe and Asia, up to a high of 53% for the Middle East.

As the productivity from traditional land-based installations decline, attention is switching to other unconventional sources, such as heavy crude oil, oil sands, oil shale and offshore. All options are more labour and resource intensive than land-based alternatives, particularly due to the remote and harsh environment of operation.

Offshore oil and gas challenges have driven innovations including the need to provide very large production facilities, implying a large investment, such as the Troll A platform standing on a depth of 300 metres; or other type of offshore platforms that may float with a mooring system to maintain it on location. While a floating system may be lower cost in deeper waters than a fixed platform, the dynamic nature of the platforms introduces other challenges for the drilling and production facilities as the ocean can add several hundred meters or more to the fluid column. The addition increases the equivalent circulating density and downhole pressures in drilling wells, as well as the energy needed to lift produced fluids for separation on the platform, putting pressure on the operation and increasing the criticality and its associated hazards.

Offshore manned facilities also present logistical and human resource challenges as they are a small community in themselves, with sleeping quarters, management, cafeteria and other support functions in addition to the actual production and storage facility. Today, much effort goes into relocating as many of the personnel as possible onshore, where management and technical experts are in touch with the platform using remote access technologies and video conferencing.

Integrated operations

An example of a floating system is a Floating Production, Storage and Offloading (FPSO) vessel, typically a tanker type hull with wellheads on a turret that the ship can rotate freely around (to point into wind, waves or current), operating at water depths between 200 to 2000 metres. The main process is placed on the deck, while the hull is used for storage and offloading to a shuttle tanker or in some cases pipeline transport. It’s clear that offshore operations have the complexity of any production facility, exponentially increased by limited space, weight capacity and harsh environment among other factors. The FPSO needs standard process control and safety system as found in any other installation plus an increased need for an efficient operations environment on board and accessibility from a remote operation centre onshore.

One emerging trend is Integrated Operations, characterised by increased cooperation, independent of location, between operators, maintenance personnel, electricians, production management as well as business management and suppliers to provide a more streamlined plant operation. The system is operated from the Central Control Room (CCR) with a combination of graphical process displays, alarm lists, reports and historical data curves. Console displays are often used in combination with a large wall mount display. With modern systems, the same information is available to remote locations such as an onshore corporate operations support center.

The goal is that, regardless of the technology used, operators in the CCR will access information seamlessly from a multitude of plant systems to run the plant in a safe and productive fashion where timely decision making in the case of abnormal conditions can prevent hazardous conditions, equipment malfunction and process downtime.

In this operating environment, the control system is designed to enable users to:

·  Access alarm and events from anywhere in the process (coming from the process control or safety systems)

·  React seamlessly to diagnostics

·  Assess initiating events from sequence of events data from the safety system in the context of other relevant information in the process historian

·  Create personalised work spaces for the operator to respond and make decisions

With an integrated control environment, the operator can sustain a high level of alertness and understanding of the progress through the production cycle. Real-time access to critical information in context enables operators to be able to make correct decisions immediately when circumstances dictate, or to get remote assistance from the experts onshore when required.

Integrated control and safety in oil and gas

From the conditions described above, it’s not surprising that safety is critical for Oil and Gas operations. According to the Automation Research Corporation (ARC), the escalation in Oil & Gas demand is causing the industry to explore and produce in more remote and difficult areas, creating the need for more safety systems. Oil & Gas is the largest industry sector for process safety systems, representing almost 40% of the market, and it is projected to be one of the fastest growing sectors in the next five years. This industry has both a strong potential for modernisation of existing installation as well as Greenfield opportunities for new installations.

A study published by Aberdeen Research in November 2011 shows that Global Best in Class companies, defined as such for their high percentage of Overall Equipment Effectiveness (OEE) and low injury frequency rate, continue to show strong initiatives around the safety of their operation, from executive sponsored programs at the corporate level by their leadership to the definition of proactive risk management strategies. All are investing in safety systems and processes; in most cases because safety is identified among the core values of those companies, at the core of their production process and among their key performance metrics, closely linked to their productivity.

Statoil's Troll A platform
Statoil's Troll A platform

Integrated control and safety systems are becoming much more accepted in offshore operating environments due to the significant operational and maintenance benefits that can be achieved. Current generation safety systems were built on modern technology (and according to the newer performance standards) and no longer rely on redundancy and voting for safety. The old paradigm of purchasing separate hardware from different vendors no longer applies.

Safety automation in an offshore oil production facility

There are several examples of Safety applications in Offshore Oil Production, such as Emergency Shutdown (ESD) and Process Shutdown (PSD) systems. Both will take action when the process goes into a malfunction or dangerous state. For this purpose, the system maintains set points for process values to provide process warning limits which alert the operator of process disturbances and alarm conditions and detects that the process is operating out of range indicating that there is a chance of undesirable events and malfunction.

Fire and Gas systems are used to mitigate the consequences of a hazardous occurrence to a lower level (not prevent the hazard) and are normally implemented using safety controllers to ensure proper documented risk reduction. The Fire and Gas System is not generally related to any particular process. Instead it divides into fire areas by geographical location in the FPSO. Each fire area should be designed to be self contained, in that it should detect fire and gas by several types of sensors, and control fire protection and fire fighting devices to contain and fight fire within the fire area. In case of fire, the area will be partially shut off by closing ventilation fire dampers.

800xA High Integrity

For years the process industries relied on independent protection layers to reduce process risk. The concept assumes that the Basic Process Control System (BPCS), process alarms, operator actions, safety instrumented systems (SIS), fire and gas (F&G) systems, and any other system intended to reduce risk in the processes are capable of acting independently from each other. This means each layer must perform properly without being influenced by one another and without failures that would potentially disable two or more of the protection layers (defined as Common Cause Faults).

The traditional approach for reducing common cause was to use totally different systems for the (BPCS) and the (SIS), using different hardware and software to reduce common cause failures. If these systems are purchased from different automation providers, common cause failures can probably be excluded because the user can assume that different development organisations, knowledge, manufacturing processes, as well as different installation, operation, and maintenance procedures were used in the logic solver’s manufacturing process. All of these, however, work against the goals of Integrated Operations found today in offshore oil & gas.

Diversity of design to eliminate Common Cause Failures

This new degree of integration required to fulfil the production targets in a FPSO challenges the common accepted practices of satisfying and demonstrating that the SIS is not subject to common cause failures with the BPCS. Furthermore, even though they are integrated, both systems can provide independent protection layers and meet the safety standard’s requirements.

ABB chose an alternative approach while designing 800xA High Integrity, which is to build such independence in the design process of the Integrated System. Independence is possible using diverse design engineering and programming teams provided with different software architecture specifications and guided by an overall concept for diversity from the start of the detailed design specifications.

Dangerous failure modes can be designed out and more than 99% diagnostic coverage can be provided to protect safety integrity without resorting to duplication. Technology has evolved to point where there are multiple options to address similar technical problems. For example, by using two or more of these technologies, diversity is embedded in the system design. Diversity can be achieved in the embedded software by using different operating systems and then using different teams to develop the software on multiple cooperating modules.

By combining two different technologies (such as Micro Processor (MPA) or Micro controllers and Field Programmable Gate Arrays (FPGA)) to perform the same functionality in parallel to each other, the design achieves a truly redundant and diverse implementation with a minimum of possible common cause failures. It is this diverse implementation with the System 800xA integrated control and safety system that makes it a powerful solution for the challenging requirements of the offshore oil & gas industry. Utilization of an integrated system not only meets the safety standards for diversity in layers of protection, but brings significant benefits and operations and maintenance over the system lifecycle.

Security in Integrated Control and Safety systems

With the advent of Integrated Control and Safety systems, security and safety have become inseparable. In addition to the implementation of access control, password protection and firewall configuration, logical separation can be added in the form of memory management. A memory management unit (MMU) can provide independency between different partitions of memory areas. These memory partitions are then connected to different executing processes of the CPU such as regulatory process control or safety instrumented function. This approach ensures that only the memory area belonging to that process is accessible while the CPU is executing one of its processes.

Security is not an isolated activity after the product development is completed but part of the design considerations early in the process, not only with threat modelling but also including security checkpoints in the code design and review. In a similar fashion, testing is not an isolated activity, “after the fact” but embedded with the functional testing. Independent teams or third party assessors or both can perform tests and issue certification as applicable.

The option of an interfaced approach instead of an Integrated Control and Safety approach will push the user to the following activities to satisfy the Security requirements:

·  Perform a full vulnerability assessment/threat modelling and testing of the different subsystems 

·  Define the best security mechanism for each of those subsystems to cover any identified gaps

·  Perform a full vulnerability assessment/threat modelling and testing of the entire interfaced architecture

·  Implement and maintain the security mechanisms throughout the system lifecycle

Based on all of these, the challenge that most users are facing is establishing a Security Management System of the interface architecture and supporting it over the system lifecycle.

Installing an integrated solution can help reduce the complexity of securing the control and safety systems while making it easier to maintain over time.

Experience Example - Peregrino FPSO

In 2008, with only one commercial voyage on its log books, the Nova returned to the shipyard for its conversion from a Very Large Crude Carrier (VLCC) to an FPSO vessel. At a cost of more than US $1 billion, the conversion was the largest unit investment in the history of the ship’s owner.

With a daily production capacity of 100,000 bbl, 350,000 bbl of liquids, and 7.3 MMcf of gas, the FPSO Peregrino has a storage capacity of 1.6 MMbbl of oil, equivalent to 16 days of round-the-clock production. The topside consists of two identical production trains and 15 modules for crude oil separation, water treatment, chemical injection, metering, power generation, power distribution, power and process control, and accommodation for 100 staff.

On the electrical side, the ABB solution for the FPSO and wellhead platforms distributes power for the entire production process, including the electric submersible pumps in the production wells below the seabed.

A multisystem automation solution, including field instrumentation and telecommunications systems, was supplied by ABB. The solution includes a process control system, power management system, production information management system, condition monitoring system, fire and gas system, and emergency shut-down system, all integrated within the same System 800xA Extended Automation platform and operating environment.

Each system is operated from a System 800xA Extended Operator Workplace (EOW-x) control room onboard the FPSO. EOW-x offers an ergonomic operator environment that facilitates operator decision making and produces measurable improvements in plant productivity, safety, information flow, and operator job satisfaction, according to ABB. Some 14,000 I/O on the vessel and platforms are controlled by AC 800M process controllers and AC 800M high-integrity controllers.


As shown in the example of Peregrino FPSO, technology has been a valuable asset to address the challenges of offshore oil and gas production facilities including seamless access to information, independent secure layers of protection and an optimal footprint. This case describes the application of an Integrated Control and Safety System (ICSS) to address the operational challenges that support both local and remote operations seamlessly using System 800xA.

Contact Details and Archive...

Print this page | E-mail this page