en English
en Englishes Spanishfr Frenchde Germanar Arabichi Hindiko Koreanru Russiannl Dutch

Analysis Of Key Points of Automatic Implementation Of the Whole Process Of API Production

By /

In recent years, there have been frequent production accidents in the chemical industry in Jiangsu Province, and the safety production situation is severe. The “Basic Requirements for Intrinsic Safety Diagnosis and Management” (Su Emergency No. 53) issued by the Emergency Management Department of Jiangsu Province put forward the requirements of “full process automation” in production. Manufacturers pose no small challenge. This paper analyzes some key points in the process of automatic implementation of the whole process of API production, for the reference of experts and scholars from pharmaceutical companies, design units, construction units or other relevant units.

 

API Production
API Production

 

Figure 1 Overview of the API Factory Automation Framework

 

In order to curb the frequent occurrence of production accidents, improve the intrinsic safety level of enterprises, and standardize the safety management of chemical production enterprises, the Emergency Management Department of Jiangsu Province issued the “Basic Requirements for Intrinsic Safety Diagnosis and Management” (Su Emergency No. 53) in June 2019. For the API product, the enterprises put forward new requirements. At present, the vast majority of API production enterprises are small and medium-sized chemical enterprises, and the production characteristics are mostly intermittent production and complex process routes, the degree of automation of the production process is low, and the relevant technical personnel are lacking. Su Emergency Document No. 53 clearly stated that by the end of September 2020, the upgrade and transformation rate of the automation control system of the “two key points and one major” in-service installations should reach 100%, and the automation control system equipment rate of new projects should reach 100%. At the same time, Su Emergency Document No. 53 put forward clear requirements for the automatic control of the whole process of production equipment and storage facilities. This paper sorts out and analyzes the key points of the automation implementation of the whole process of API production, especially some areas that are easily overlooked and ambiguous, in order to better help enterprises achieve compliance requirements and improve the efficiency of the whole process automation implementation of API production enterprises.

 

Safety Instrumented System

 

The “Guiding Opinions of the State Administration of Safety Supervision on Strengthening the Management of Chemical Safety Instrumentation Systems” (Safety Supervision Administration No. 3 [2014] No. 116) pointed out that from January 1, 2018, all new chemical plants involving “two key points and one major” and hazardous chemical storage facilities need to design safety instrumented systems that meet the requirements. The document points out this requirement, but does not specify the safety integrity level (SIL) of the safety instrumented system (SIS). The integrity level of the safety instrumented function (SIF) suitable for specific scenarios still needs to be clarified by the designer through some risk assessment tools and rating tools. At present, the commonly used risk assessment tool in the industry is the Hazard and Operability Analysis Method (HAZOP). HAZOP can be used to identify accident scenarios that require SIS. Once the scenario is identified, Layer of Protection Analysis (LOPA) can be used to clarify the SIL of the SIF loop in the scenario. It should be pointed out that all SIL levels are the integrity levels of the entire SIF circuit, not the levels of subsystems or components in the circuit. The same certification level of subsystems or components as the circuit does not ensure that the circuit integrity verification reaches the expected level; or a component certification rating lower than the loop rating does not imply that the loop integrity verification is not up to standard. The integrity level of the SIF loop is related to many factors, such as failure probability of component certification, redundancy method and voting mechanism, inspection cycle, etc. All SISs should be computationally validated to confirm that each SIF achieves the designed SIL level. The UK Health and Safety Agency has investigated 34 incidents directly caused by control and safety system failures, and the results show that 44% of incidents were caused by incorrect Safety Requirements Specifications (SRS), followed by post-investment caused by changes. From this, the importance of correct SRS preparation is obvious, all SIS systems recommend the preparation of SRS and ensure its correctness.

 

API production
Safety Instrumented System – API Production

 

Figure 2 Process Protection Layer

 

Redundancy And Hardware Fault Margin

 

Redundancy and hardware fault margin are very important concepts in automatic control systems, which play an important role in ensuring system stability and safe operation. “Petrochemical Safety Instrumented System Design Specification” (GB/T 50770-2013), “Signal Alarm and Interlocking System Design Specification” (HG/T 20511-2014) have clear requirements for the SIS system hardware fault margin, and the SIS system Design should refer to its regulations. At the same time, these two specifications require that the central processing unit load of the logic controller should not exceed 50% of the rated load, and its internal communication load should not exceed 50% of the rated load. “Petrochemical Safety Instrumented System Design Specification” also proposes that the communication load of the logic controller using Ethernet should not exceed 20%. For the basic process control system (BPCS), “Decentralized Control System Engineering Design Specification” (HG/T 20573-2012) requires that the I/O cards of the control loop and the I/O cards of important detection points should be redundantly configured; the CPU, communication interface, and power supply of the control unit should be in a 1:1 redundant configuration; the number of spare points of the control point should be 10% to 15% of the actual number of points, and the maximum load of the control unit should be less than 60%. Enterprises should reasonably configure the automatic control system according to the specification requirements and their own production needs to improve the use efficiency and reduce the investment cost.

 

Common Elements For Safety Interlocks And Process Operation

 

In practical engineering, many people often ask a question from the perspective of saving investment, whether the SIS system and the BPCS system share the same control valve? “Petrochemical Safety Instrumented System Design Specification” (GB/T 50770-2013) specifies the conditions for SIL1 level safety instrumentation function: in the case of ensuring the priority of SIS system action, the SIS system can share the control valve with BPCS; SIL2 level safety instrumentation Function: the SIS system control valve should be separated from the BPCS control valve. Although the specification states that SIL1 safety instrumented functions can be used with BPCS control valves, there are still limitations to sharing that it should be done with caution and is generally not recommended. First of all, sharing the control valve will reduce the independence of the SIS as an independent protection layer, increase the possibility of common failure (common mode failure, common cause failure, related failure), and increase the system risk. Secondly, after the control valve is shared, the demand frequency of the SIS system may exceed once a year. In this case, the usual low-demand operation mode (the failure probability is described by PFDavg) can no longer meet the requirements, and the high-demand operation mode should be used (failure probabilities are described in terms of PFH), which greatly increases the cost. For the interlock and process control in the basic process control system, the control valve can be shared, but it should be ensured that the interlock function takes precedence, and they are set separately under conditions.

 

Control Room Setup

 

Su Emergency Document No. 53 clearly stated that in principle, an enterprise should set up a regional control room or a plant-wide control room. “Code for Fire Protection in Architectural Design” (GB50016-2014) requires that the main control room of Class A and B workshops with explosion hazard should be set up independently. “Control Room Design Specification” (HG/T20508-2014) clearly points out that the central control room should be a separate building. Therefore, it is recommended to set up the main control room or the central control room independently for new projects. For the setting mode of the control room, there are mainly the following three types: one central control room (CCR) plus multiple field cabinet rooms (FAR) mode; multiple CCR plus multiple FAR mode; CCR mode only. For large and medium-sized API manufacturers, it is recommended to adopt the mode of 1 CCR plus multiple FARs; for small API manufacturers, it is recommended to adopt the CCR-only mode. Because the card parts and communication system of the control system are easily interfered by the complex electromagnetic environment, the specification recommends that the control room or the field cabinet room should be kept away from the strong electromagnetic environment, such as the power distribution room. If it cannot be avoided, corresponding electromagnetic shielding measures should be taken. In addition, for chemical plants with explosion hazard, the building and structure of the central control room building should be designed according to the calculation and analysis results of the anti-explosion structure, which is easily overlooked.

 

Alarm And Interlock Of Stirring Motor Current

 

Su Emergency Document No. 53 clearly requires that the reactor equipped with a stirring system and with the risk of overpressure or explosion should be equipped with a stirring current remote transmission indication. When the stirring system fails to stop, the feed and heat medium should be interlocked and cut off, and necessary cooling measures should be taken. This requirement applies to production units of critically supervised hazardous processes or other general process units. Reactor stirring current remote indication, alarm and interlock is a new requirement, which is different from the control points of traditional reactor motors, such as switch, frequency conversion, speed, running status, etc., which are often easily overlooked. It should be clear that the abnormal current alarm and interlock of the stirring motor should include two safety functions of low current and high current, and should not be confused. At the same time, the process package supplier should also be reminded that the R&D process package should include complete process operating parameters including stirring current.

 

Multi-hazard process automatic control system switching function

 

Su Emergency Document No. 53 clearly requires that when a reactor involves two or more different hazardous chemical processes, an independent automatic control system (including a safety instrumented system) or an automatic switching function should be set up respectively, and the security measures such as technology or management for replacement should be implemented. In the API production industry, multi-functional workshops are more common, and collinear production sometimes occurs. Different processes of several products may use the same reactor, or several processes of the same product may use the same reactor. In this case, the control configuration of the reactor should be able to switch between different processes. This increases the difficulty of the automatic control system design, configuration, programming, verification and routine maintenance of the reactor. Mismanagement can lead to confusion and even security incidents. Therefore, a preliminary assessment of the project should be carried out at the beginning of the project, weighing the benefits and disadvantages of collinear or shared reactors; in addition to safety risks (such as automatic control system switching), the disadvantages also include cross-contamination quality risks.

 

API production - 3

 

 

Figure 3 Part Of The Control Room Of An API Company

Automatic Switching Function Of Refrigerant And Heating Medium

 

Su Emergency Document No. 53 clearly requires that if the reaction process is designed to switch between refrigerant and heating medium, an automatic control valve should be set up with automatic switching function. Many API manufacturers equip each reactor with an independent heat exchange module (TCU) in the workshop, especially in the workshop with small batches, to adjust the temperature of the reactor. The principle is to use the direct refrigerant and heat medium (steam, hot water, frozen brine, etc.) to adjust the temperature of the medium in the TCU, then transport the medium in the TCU to the reactor, and then return from the reactor to the TCU, and so on to adjust the reactor temperature. This kind of operation is no problem under normal working conditions, but when the reactor becomes abnormally hot, there may be no cooling water available for emergency cooling in the reactor. At this time, the medium transported from the TCU may still be in a high temperature state, and it takes a long time to change from a high temperature to a low temperature state; this situation cannot meet the needs of emergency cooling of the reactor, nor can it meet the function of automatic switching of cold and heat sources. For the use of TCU, it is recommended to configure a spare TCU for emergency use, or to introduce a chilled water circulation pipeline for on-duty backup.

 

API production - 4

 

Figure 4 Part of the automatic control system of solvent distillation in an API enterprise

 

Emergency Interlock and Pressure Relief Facilities

 

Su Emergency Document No. 53 clearly requires that the reaction product which involves heating process due to acid hydrolysis, alkali hydrolysis (except for adjusting the pH value only), extraction, decolorization, evaporation and crystallization, and when the temperature of the heat medium is higher than the boiling point of the medium in the equipment , the reaction process should be equipped with automatic temperature detection, remote transmission and alarm. When the temperature is high, the alarm and the heat medium are interlocked and cut off and pressure relief facilities. It should be noted here that although this requirement is under the two major items of rectification and refining, the general reaction process should also meet this requirement as long as the above conditions are involved. Moreover, the pressure relief facility here does not refer to a traditional safety valve or a rupture disc, but an automatic control valve interlocked with the temperature in the kettle.

 

Public works system alarm and interlock

 

Su Emergency Document No. 53 clearly requires that frozen brine, circulating water or other cooling systems below normal temperature should be equipped with temperature and flow (or pressure) detection, and an alarm will be issued when the temperature is high and the flow (or pressure) is low. The circulating water pump shall be provided with a shutdown alarm of current signal or other signals, and an alarm when the pressure of the circulating water main pipe is low; the alarm signal and interlock shutdown signal when the circulating water main pipe pressure is low should be sent to its service device. In most cases, enterprises have set up local display of temperature and flow, but have not set up remote display and alarm when temperature is high and flow is low. At the same time, the enterprise is required to set the shutdown alarm of the circulating water pump, and the relevant alarm signal needs to be sent to its service device. Similar measures are recommended for other utility systems (eg compressed air systems, inert gas systems).

 

Coordination of automatic control system and information system

 

For enterprises, after implementing a full-process automation control system, the next step is likely to consider the implementation of an information system, extract process production data, eliminate data silos, build a transparent factory, and improve decision-making efficiency. This process is to ensure the efficiency and safety of API Production. In fact, at the regulatory level, Su Emergency Document No. 88 (Basic Requirements for the Construction of Safety Production Information Management Platforms for Chemical Enterprises in Jiangsu Province (Trial)) clearly put forward the requirements for the construction of safety production information construction platforms after the release of Su Emergency Document No. 53. On the other hand, the newly revised Drug Administration Law in 2019 requires drug manufacturers to build a traceability system. As the basis of the traceability system, the construction of informatization is the proper meaning. Therefore, the implementation of the information system is only a matter of time. When enterprises implement full-process automation, they need to plan forward-looking informatization construction and make various preparations for connection, including the prediction of relevant PLC, DCS, SCADA, MES, ERP and other architectures, the coordination of various communication protocols between systems, and the reservation of various interfaces.

 

Compliant and efficient implementation of full-process automation

 

Due to space limitations, the above only analyzes the points that are easily overlooked in the implementation of full-process automation. The requirement of full-process automation in the production process is a new challenge for API production for the manufacturers. It is recommended that enterprises increase relevant investment, carefully study relevant regulatory requirements, and combine the characteristics of the company’s production to complete the implementation of full-process automation in compliance with regulations and efficiency. Enterprises should realize that the implementation of production process automation is not only to meet the requirements of supervision, but also to improve the efficiency and competitiveness of enterprises in the future. Factors such as safety, compliance, quality and efficiency will ultimately become the core competencies of a business. In general, the requirement for automation of the whole production process will not only promote the improvement of the intrinsic safety level of various enterprises, but also will promote the transformation and upgrading of API production enterprises in Jiangsu Province, and promote the sustainable development of the industry. It should be noted here that although “full-process automation of production” is a regulatory requirement put forward by Jiangsu Province for chemical production enterprises in the province, this requirement also has certain reference significance for chemical or API production enterprises in other provinces across the country.

 

Scroll to Top