Call directly: +31 (0)172 471339
Oct 10
Key interlocks for safe pigging operations

Key interlocks for pipeline safety

Pipeline operations in the oil and gas industry are safe if carried out correctly but can have catastrophic consequences if performed incorrectly, particularly if high temperature, high pressure or toxic/flammable product is present. The industry generally has a disciplined approach to pipeline design and operating practice, governed by recognized international standards and enforced by regulators and certification authorities. While good practice begins with good design, both are inevitably hostage to the ‘human factor,’ which is responsible for 70 percent of all reported incidents and accounts for 90 percent of financial loss. Human Factors Engineering (HFE) is the design of work processes and systems to ensure the safe and efficient functioning of workers by taking into account human capabilities, limitations and requirements. Pipeline valve systems must be designed for safety rather than placing sole responsibility on the operator. Distractions, misunderstandings, shift changes or simple accidents can all lead the operator to make catastrophic errors. Simply relying on operator adherence is not enough – safety must be applied to the process itself. Key interlocks enable accident prevention, not accident management.

Mechanical key interlocks

Mechanical key interlocks remove the ‘human factor’ by ensuring dangerous processes happen only in a designated sequence. They are simple mechanical locks designed as integral-fit attachments to the host equipment such as valves and pig traps – any equipment needing human intervention. Workers transfer specific keys from lock to lock (equipment to equipment) in a particular sequence. Each step in the process is only possible after the previous step has been completed and the sequence must be followed in the exact order to completion. An interlock is essentially a dual key device that locks the host process equipment in one or more conditions. The standard condition is with one key trapped in the interlock and the valve is locked in status ‘1’ with the second key elsewhere. To operate the valve to status ‘2’ the second key is obtained from a control room and inserted into the interlock. The valve is then operated to status ‘2’, releasing the initial key and trapping the second one. The released key can then be used to operate the next valve in the sequence or returned to the control room if this is the end of the sequence. When not in use the initiating key for each system should be kept in a locked key cabinet in a control room, with visual status indication at all times.

Recommedations of the Cullen report

Mechanical interlocks are ideally suited to integrate with permit-to-work procedures. The Cullen Report on the Public Inquiry into the Piper Alpha Disaster (1990) strongly recommended the use of locking systems integrated with permit-to-work procedures, especially where routine procedures cannot be accomplished in the time-scale of a single work shift. They ensure safety, rather than place responsibility on the operator. Well-designed key interlock systems are always operator-friendly – they require no additional effort than normal procedures would require and, most importantly, should never permit more than one key to be free (available) at any one time.

Primary and secondary safety systems

Whether a pipeline or process module is of simple design, with basic functions controlled by manually-operated valves, or of complex design controlled by sophisticated mainframe Distributed Logic Control (DLC) systems; key interlocks can provide a totally reliable mechanical assurance of safe operating practice in which the operator’s scope for error is eliminated. Within DLC controlled systems, which invariably incorporate electrical interlocking (‘trips’), these are usually limited to governing only the operation of high-criticality motorized valves. Associated miscellaneous services valves (e.g. for venting) may be manually-operated valves and will therefore not be recognized by the DLC management system. Correct operation of these valves may still be critical or semi-critical and may be dependent solely on the operator following written operating instructions. In DLC-managed systems, key interlocks can form a vital link between managed and unmanaged valves. In these circumstances, the key interlocks are not intended as the primary safety system but as a secondary back-up system to the primary (DLC) system. Designs have been developed in recent years to provide key interlocks that offer the only total form of interdependent control over the operation of motorized and manually operated valves in one fully integrated system. When applied to motorized valves, the interlock design ensures that the failsafe function of the valve is never compromised. In process systems where the valving and/or control components are all manually-operated (i.e. not DLC controlled), key interlocks become the primary safety system. They are particularly suitable as the primary safety system for remote locations where power is unavailable.

Typical specifications for valve key interlocks

Valve interlocks should be used in the following situations:

  • Where it’s possible to isolate a relief valve by means of a block valve
  • Where it’s possible to isolate the flare system
  • To ensure that a pig launcher or receiver is properly depressurized, vented and drained before the closure is opened and that no line valve can be opened when the closure is open
    for process reasons

All interlocks should adhere to the following:

  • They must be suitable for use in external, industrial environments that also may be a corrosive, tropical, desert or marine location
  • They must be durable, robust and easy to operate with gloves
  • They should be 316 stainless steel for strength and corrosion resistance
  • The internal mechanism should be free from galling and lubricated for life
  • All key entry points should contain a device to prevent the ingress of dirt and water
  • They must be fitted to the valve manufacturer’s standard supply valve without any alteration to the valve except to remove or modify the valve handwheel or lever
    They should be suitable for installing on an inline valve
  • All special tools for installing, commissioning or adjustment of key interlocks should be supplied with the interlocks, along with simple graphical installation instructions
    They should be maintenance-free and tamperproof
  • The key interlock body must be stamped with the appropriate tag number and tagged with the applicable key codes and reference letter
  • As the key interlock replaces the original valve operating lever or handwheel, it should be supplied with the nearest available lever or handwheel size to suit the interlock
    They must be coded to provide the operating sequences specified in the material

Keys

  • Operating keys should have a colored key tag bearing the system tag number and the key code reference
  • The key should be 316 grade stainless steel or better
  • It should be impossible for an interlock to be inadvertently operated by a key not coded for use with that interlock
    The key shall be easy to use even with gloves
  • With the exception of the system initiating key, which is held in the control room key cabinet, all other system operating keys will be trapped in their respective interlocks
  • At the owner’s discretion, spare or duplicate keys can be provided. These should have strikingly different colored key tags to any other keys on site

Key cabinet

  • The control room initiating key cabinet should be lockable and fitted with a synthetic glass window to allow easy visual assessment of the status of all of the interlock systems
  • Each interlock system should have its own dedicated position, bearing the system tag number and revealing “work in progress” when the key is removed
  • The color of the cabinet tags should contrast with those of the key tags
  • Key cabinets should be made from mild steel suitable for a protected indoor environment
  • If spare or master keys are required they should be housed in separate, lockable key cabinets with solid doors and contrasting cabinet tags

 

Conclusion

The global trend of contracting out site operations inevitably translates into the ‘casualization’ of labor, which in turn leads to an increased risk of accidents through human error or deliberate violations. Well-designed interlocking systems can mitigate these risks – either by eliminating error or by greatly inhibiting the potential for violations. They should always be operator-friendly,require no additional work effort from the operator than normal procedures would require and, most importantly, should never permit more than one key to be free at any one time. The message is, ‘keep it simple.’