An ESD (Emergency Shut Down System) is an emergency control system used to manage the start and stop sequences of a plant or machine.
In process plants, the function of emergency shutdown is to minimize the consequences of emergency situations, usually the leakage of hydrocarbons or the initiation of a fire in areas with hydrocarbons or the failure of power systems or essential components.
The purpose of the ESD is to protect people, facilities and to prevent negative environmental impacts. The ESD is one of the main safety systems in plant engineering and complex industrial applications.
An emergency stop system is also a method to block process operation, isolate incoming connections or current and quickly reduce the risk of an unexpected event. Emergency shutdown is a minimum requirement which must be implemented at all stages: design, production, testing and as a safety system requirement. The redundancy function is the most popular among ESDs. Usually, these systems are integrated in a closed loop and are connected to an independent shut-down system which can be redundant.
Typical actions implemented by ESDs are: stopping the flow of hydrocarbons, stopping the switch for rotating equipment, isolating hydrocarbon stocks, ignition sources, non-essential electrical equipment, activating fire protection systems, opening/closing blocking valves in safety position, blocking electric motors and package units, initiating depressurization and deactivation procedures of the plant, where available.
Once the shutdown is started, all the final elements used to ensure safety must remain active (safe state). A manual action will be required to restore the shutdown state. The ESD shall be designed in order to minimize the risk of accidental shutdown. It is necessary to consider the use of a logic solver on the activating elements (e. g. Gas detectors, manual buttons, etc).
Logics and levels
Generally, the ESD is based on PLC (Programmable Logic Controller) certified for safety applications, DCS (Distributed Control System) or BMS (Burner Management System) to work in case of malfunction or error, guaranteeing the safety of the plant. The ESDC is a system independent from the control units dedicated to the operational sequences of the plant. The shutdown may involve the entire plant if required or a part of it if the unit involved in the hazardous event can be brought to safety, while still maintaining the rest of the plant in operation.
The complete or partial shutdown of the plant can begin either by automatic sequences, by exceeding certain operating conditions, or by manual activation using the controls positioned in the field or in the control room, as necessary.
The starting sequence begins after the ESD reset. After a shutdown, the ESD levels must be reset individually and manually by the operator of the console. For field equipment, unless otherwise specified, shut down valves (SDV) are manually reset locally, while to start the equipment or process areas, some inputs to the ESD system must be blocked because, sensor signals may be in an abnormal state prior to start-up and cause a shutdown.
Such inhibitors are known as "start-up inhibitors". Each inhibition function is automatically reset by the sensor signal returning to normal state or after a predetermined delay time.
Typically, the ESD works in fail-safe mode, that is in a deactivated state of any digital sensor (input) or actuator (output). Therefore, the detection of failures of critical components of the system and field inputs/outputs must lead the plant to a safe condition.
In general, an ESD is designed as a hierarchical structure with several levels of protection, in increasing order of emergency.
For example:
ESD 0 – Abandonment of plant or platform
ESD 1 – Emergency shutdown and depressurization of the entire plant
ESD 2 – Emergency stop for a process unit within the plant
ESD 3 – Complete shutdown of the process
ESD 4 – Process stop for a single process unit within the plant