ISO 10418:2003

INTERNATIONAL ISO
STANDARD 10418
Second edition
2003-10-01
Petroleum and natural gas industries —
Offshore production installations —
Basic surface process safety systems
Industries du pétrole et du gaz naturel — Plates-formes de production
en mer — Analyse, conception, installation et essais des systèmes
essentiels de sécurité de surface

Reference number
©
ISO 2003
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.

©  ISO 2003
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO 2003 — All rights reserved

Contents Page
Foreword. iv
Introduction . v
1 Scope. 1
2 Normative references . 1
3 Terms, definitions and abbreviated terms. 1
3.1 Terms and definitions. 1
3.2 Abbreviated terms. 7
4 Symbols and identification for protection devices . 8
4.1 Objectives . 8
4.2 Functional requirements . 8
5 Safety analysis concepts . 9
5.1 Objectives . 9
5.2 General functional requirements. 10
5.3 Functional requirements for analysis using tables, checklists and functional evaluation
charts. 10
5.4 Functional requirements for analysis using structured review techniques . 12
6 Process safety system design. 13
6.1 Objectives . 13
6.2 Functional requirements . 13
6.3 Requirements when tables, checklists and function evaluation charts are used as the
analysis method . 19
6.4 Requirements when tools and techniques for hazard identification and risk assessment
have been selected from ISO 17776. 19
Annex A (informative) Component identification and safety device symbols . 20
Annex B (informative) Analysis using tables, checklists and functional evaluation charts . 25
Annex C (informative) Examples of safety analysis flow diagram and safety analysis function
evaluation (SAFE) chart. 71
Annex D (informative) Support systems . 84
Annex E (informative) Bypassing and annunciation. 92
Annex F (informative) Toxic gases . 94
Annex G (informative) Typical testing and reporting procedures. 98
Bibliography . 106

Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies
(ISO member bodies). The work of preparing International Standards is normally carried out through ISO
technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of technical committees is to prepare International Standards. Draft International Standards
adopted by the technical committees are circulated to the member bodies for voting. Publication as an
International Standard requires approval by at least 75 % of the member bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO shall not be held responsible for identifying any or all such patent rights.
ISO 10418 was prepared by Technical Committee ISO/TC 67, Materials, equipment and offshore structures
for petroleum, petrochemical and natural gas industries, Subcommittee SC 6, Processing equipment and
systems.
This second edition cancels and replaces the first edition (ISO 10418:1993), which has been technically
revised including the following:
 reference to IEC 61511 is made for instrumentation used as secondary protection;
 risk-based methods of analysis are included as an alternative to the use of safety analysis tables (SATs)
and safety analysis checklists (SACs);
 additional guidance is provided on the setting of safety integrity levels for fire and gas and ESD systems;
 additional guidance is provided concerning toxic gases and bypassing and annunciation.

iv © ISO 2003 — All rights reserved

Introduction
Effective management systems are required to address the health and safety aspects of the activities
1)
undertaken by all companies associated with the offshore recovery of hydrocarbons . These management
systems should be applied to all stages in the life cycle of an installation and to all related activities. Such a
[4]
management system, which has been developed for environmental issues, is described in ISO 14001 and
the principles contained in this International Standard can also be applied to issues relating to health and
safety.
One key element of effective management systems is a systematic approach to the identification of hazards
and the assessment of the risk in order to provide information to aid decision-making on the need to introduce
risk-reduction measures.
Risk reduction is an important component of risk management, and the selection of risk-reduction measures
will predominantly entail the use of sound engineering judgement. However, such judgements may need to be
supplemented by recognition of the particular circumstances, which may require variation to past practices
and previously applied codes and standards.
Risk-reduction measures should include those to prevent incidents (i.e. reducing the probability of occurrence),
to control incidents (i.e. limit the extent and duration of a hazardous event) and to mitigate the effects (i.e.
reducing the consequences). Preventative measures such as using inherently safer designs and ensuring
asset integrity should be emphasized wherever practicable. Measures to recover from incidents should be
provided based on risk assessment and should be developed taking into account possible failures of the
control and mitigation measures. Based on the results of the evaluation, detailed health, safety and
environmental objectives and functional requirements should be set at appropriate levels.
The level and extent of hazard identification and risk assessment activities will vary depending on the scale of
the installation and the stage in the installation life cycle when the identification and assessment process is
undertaken. For example:
 complex installations, e.g. a large production platform incorporating complex facilities, drilling modules
and large accommodation modules, are likely to require detailed studies to address hazardous events
such as fires, explosions, ship collisions, structural damage, etc.;
 for simpler installations, e.g. a wellhead platform with limited process facilities, it may be possible to rely
on application of recognized codes and standards as a suitable base which reflects industry experience
for this type of facility;
 for installations which are a repeat of earlier designs, evaluations undertaken for the original design may
be deemed sufficient to determine the measures needed to manage hazardous events;
 for installations in the early design phases, the evaluations will necessarily be less detailed than those
undertaken during later design phases and will focus on design issues rather than management and
procedural aspects. Any design criteria developed during these early stages will need to be verified once
the installation is operational.
Hazard identification and risk assessment activities may need to be reviewed and updated if significant new
issues are identified or if there is significant change to the installation. The above is general and applies to all
hazards and potentially hazardous events.

1) For example, operators should have an effective management system. Contractors should have either their own
management system or conduct their activities consistently with the operator's management system.
Process protection system is a term used to describe the equipment provided to prevent, mitigate or control
undesirable events in process equipment, and includes relief systems, instrumentation for alarm and
shutdown, and emergency support systems. Process protection systems should be provided based on an
evaluation that takes into account undesirable events that may pose a safety risk. The results of the
evaluation process and the decisions taken with respect to the need for process protection systems should be
fully recorded.
If an installation and the associated process systems are sufficiently well understood, it is possible to use
codes and standards as the basis for the hazard identification and risk assessment activities that underpin the
selection of the required process protection systems. The content of this International Standard is designed to
[8]
be used for such applications and has been derived from the methods contained in API RP 14C that have
proven to be effective for many years. Alternative methods of evaluation may be used, for example based on
the structured review techniques described in ISO 17776. Having undertaken an appropriate evaluation, the
selection of equipment to use may be based on a combination of the traditional prescriptive approach and new
standards that are more risk based.
Particular requirements for the control and mitigation of fires and explosions on offshore installations are given
in ISO 13702. General requirements for fire and gas and emergency shutdown (ESD) systems are also
included in ISO 13702.
This International Standard and ISO 13702 reference new standards on functional safety of instrumented
systems. This International Standard refers to IEC 61511-1, which is the process sector implementation of the
generic standard IEC 61508 that is referred to in ISO 13702. The relationship between the standards referred
to above is presented in Figure 1.
The approach described in this International Standard should be applied in an iterative way. As design
proceeds, consideration should be given as to whether any new hazards are introduced and whether any new
risk-reduction measures need to be introduced.
It should be recognized that the design, analysis and testing techniques described in this International
Stan
...