The case for mechanical key interlock systems
23 November 2012
Michael Fynes, Sales & Marketing Director at Smith Flow Control, looks at the use of key interlock systems as an effective safety management tool in extractive and processing operations.
As a general principle it can be said that operations which are safe when performed correctly can have catastrophic consequences when performed incorrectly.
Extractive and processing industries generally have a disciplined approach to design and operating practice, governed largely by recognised international standards and enforced by regulators and certification authorities. While good practice begins with good design, both are inevitably hostage to the ‘human factor’. 70% of reported incidents in the oil and gas industry worldwide are attributable to human error and account for in excess of 90% of the financial loss to the industry.
Risk and Responsibilities
The UK Health and Safety at Work Act (1974) places responsibilities on people who design, manufacture or supply equipment for use at work to ensure as far as is reasonably possible that it is safe, and European ATEX standards seek to reinforce those principles across the EU.
Internationally there are also strong indications of a fundamental shift of emphasis in safety legislation from prescriptive regulations to the risk management (goal setting) approach. This approach places primary legal responsibility on owners and operators to adopt ‘best available’ technology and methodology to ensure safety.
This evolving change ensures accountability but does not necessarily lead to accident prevention. Asset owners and operators are perhaps more liable than ever before and can no longer plead conformance to prescribed standards when things go wrong.
The UK led the way on this changing principle of legal responsibility by enacting the New Pipelines Regulations (1996) Act. In the US, Congress has been updating legislation along similar lines.
This legislative trend is set against an international trend of downsizing or contracting-out of key functions for commercial reasons and suggests a potential conflict of priorities. These contracting arrangements are characterised by a higher rotation of personnel because they tend to be in relatively short-term agreements. The ‘job-for-life’ which produced the 25-year dedicated company employee is disappearing and is being replaced by higher levels of process automation and increasing dependence on partnering with contractors.
This so-called 'casualisation’ of on-site labour inevitably increases the risk of accidents through human error and demands higher levels of applied safety systems to mitigate this risk.
Reliance on written safety procedures is an act of faith in the alertness and goodwill of the worker. Accident prevention and violation reduction requires physical systems that compel compliance – one such solution is mechanical key interlocking.
What are key interlocks?
QL valve interlock installed on host valve with inserted keys, A and B
Many routine procedures are potentially dangerous if executed incorrectly or in unsafe conditions, with the scope for injury and/or damage significantly increased when high temperature, high pressure or toxic/flammable product is present.
Key interlock systems are dual-keyed mechanical locking devices which operate on a 'key transfer' principle to control the sequence in which process equipment may be operated. They are widely accepted as an effective safety management tool and are being adopted by many of the world’s oil, gas and chemicals majors. Interlocks are also recommended in a number of internationally recognised
standards for specific process applications.
Key interlocks date back to the 1890s where they were first used in the French railway system to control track switching operations. Modern key interlock systems for oil and gas, chemical processing and pipelines systems did not emerge until the early 1980s. Since then, acknowledgement of their effectiveness has led to increasing levels of usage and growing recommendations within international standards and codes of practice. The hardware is relatively simple and is based on specialised mechani-cal locks designed as integral-fit attachments to the host equipment.
Typically they are applied to valves, closures, switches or any form of equipment which is operated by human intervention. The 'open’ or 'closed' status of an interlocked valve, or the 'on’ or 'off' status of an interlocked switch can only be changed by inserting a unique coded key; inserting the key unlocks the operating mechanism (e.g. handwheel or push-button) enabling operation of the valve or switch.
Operating the unlocked equipment immediately traps the initial (i.e. inserted) key; when the operation is complete, a secondary (previously trapped) key may then be released thereby locking the equipment in the new position. This secondary key will be coded in common with the next lock (item of equipment) in the sequence. By this simple coded key transfer principle a ‘mechanical logic' system is created which denies any scope for operator error.
In traditional Permit-to-Work, Lockout/Tagout procedures, 'car seals' or padlocks and chains provide a lock-off capability, they do not provide any control over the sequence of operations, nor do they assure or confirm the status of the equipment to which they are fixed. So, removing a key from a padlock ensures neither that the equipment is locked nor its ‘open/closed' or 'on/off' status. While a padlock and chain or ‘car seal’ may be suitable and sufficiently robust in low risk applications, they have virtually no mechanical integrity and are a minimal solution offering (at best) a visual restriction against unau-thorised operation.
Mechanical key interlock systems are ideally suited for integration with Permit-to-Work (PtW) procedures; indeed, the Cullen Report on the public inquiry into the Piper Alpha offshore rig disaster in the North Sea (1990) strongly recommended the use of locking systems integrated with PtW procedures, especially where routine procedures cannot be accomplished in the time-scale of a single work shift.
In the same vein, ongoing surveillance of the UK chemicals industry by the Health & Safety Executive (HSE) found that one third of all accidents in the chemical industry were maintenance-related – the most significant factor being the absence of, or an inadequacy in, PtW systems.
In addition to the standards referred to earlier, the Technical Guidance Notes (published by the HSE) supporting interpretation of the UK Pipeline Safety Regulations (1996) Act [PSR 1996] recommend interlocks as a suitable safety system in the operation of pig traps.
Primary and secondary safety systems
Whether a process module is of simple design with basic functions controlled by manually-operated valves, or of complex design controlled by sophisticated mainframe Distributed Logic Control (DLC) sys-tems, key interlocks can provide a totally reliable mechanical assurance of safe operating practice in which the operator's scope for error is eliminated.
Indeed, within DLC controlled systems, which invariably incorporate electrical interlocking ('trips'), these are usually limited to governing only the operation of high-criticality motorised valves (MOVs). Associated sundry services valves (e.g. for venting) may be manually-operated valves and will therefore not be recognised by the DLC management system. Correct operation of these valves may still be critical or semi-critical and may be dependent solely on the operator following written operating instructions.
In DLC-managed systems, key interlocks can form a vital link between managed and unmanaged valves. In these circumstances, the key interlocks are not intended as the primary safety system but as a secondary back-up system to the primary (DLC) system. Designs have been developed in recent years to provide key interlocking solutions that offer the only total form of interdependent control over the operation of MOVs and manually operated valves in one fully integrated system. When applied to MOVs, the interlock design ensures that the failsafe function of the valve is never compromised.
In process systems where the valving and/or control components are all manually-operated (i.e. not DLC controlled), key interlocks become the primary safety system. They are particularly suitable as the primary safety system for remote locations where power is unavailable.
Whether adopted as a primary or secondary safety system, key interlocks can be customised to intelligent format by electronic tagging of the individual keys. This is done by fitting each key with an ID chip which is read by a tag reader in the control room key cabinet. The key cabinet system incorporates a standard PC which manages the system software. This can be interfaced with the mainframe DLC system by a simple twin-wire connection.
Customised systems can be built to suit a process application or sequence encountered on process plants, including the supply of innovative control panels conforming to IP66 and Eexd and Eexd.e standards. Smith Flow Control can integrate interlock systems, such as valve control and signalling to the electronic control system (ECS) to ensure correct operation of valves, like those operated within a pig launcher/receiver system. These systems incorporate LED displays, switches, meters, push-button controls, heaters, rotary key operated switches and solenoid controlled interlocks to provide a safety system that suits each individual application in hazardous and challenging environments.
Case Study - Malaysian LNG facility
To prevent accidental product spillage while tankers are loading, Smith Flow Control supplied and installed a valve interlocking system for a Malaysia LNG installation at Bintulu in Sarawak, East Malaysia. One of the largest LNG facilities in the world, the LNG loading site features hydraulically actuated loading arms which are manoeuvred into place from a control station. Once connected, the supply valve is opened up allowing product transfer.
The specification of the safety interlock system comprises two trapped-key locking devices. A single key, two-position switch lock unit is fitted to the panel in the control station. A small valve lock is fitted to the hydraulic supply line on the LNG supply valve.
With the interlock key in place in the control station switch panel lock, the loading arm can be manoeuvred into place. Once the arm is connected to the ship, the key is released from the switch lock and used to unlock and open the Ball valve in the supply valve actuator. The supply valve can now be opened in the usual way. While the transfer takes place, the key remains trapped in the valve lock, preventing operation of the loading arm. Once transfer in complete, the supply valve is closed enabling release of the key, which is then returned to the control station, reinstating controls of the loading arm and allowing it to be retracted.
This simple, low-cost system eliminates the risk of human error or negligence in the tanker loading procedure which could lead to a vessel leaving the transfer area still connected to the on-shore facilities via a loading arm. Only one key is ‘free’ at any time which makes the system simple and operator friendly; the essence of a well designed key interlock system.
Contact Details and Archive...