Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
API RP 1640-2013: Recommended Practice for the Design, Installation, and Maintenance of Emergency Shutdown Systems
A comprehensive technical guide for process safety professionals in the oil and gas industry
API RP 1640-2013, published by the American Petroleum Institute, is a globally recognized recommended practice that provides comprehensive guidelines for the design, installation, operation, and maintenance of emergency shutdown (ESD) systems in the petroleum and natural gas industry. This standard is essential for ensuring process safety, protecting personnel, and minimizing environmental impact during abnormal operating conditions.
Scope and Applicability
API RP 1640-2013 applies to emergency shutdown systems intended to reduce the consequences of hazardous events by automatically or manually initiating shutdown actions. The recommended practice covers all stages of the ESD lifecycle, from conceptual design through decommissioning, and encompasses both hardware and software components.
Applicable Facilities
- Onshore and offshore production facilities
- Refineries and petrochemical plants
- Natural gas processing plants
- Pipeline terminals and storage facilities
- LNG liquefaction and regasification plants
Exclusions
The standard explicitly excludes fire and gas detection systems as primary initiators for ESD, though it acknowledges their interface with the ESD logic solver. It also does not cover the detailed design of equipment-specific control systems (e.g., turbine or compressor controls).
Note: API RP 1640-2013 should be used in conjunction with other relevant API standards, such as API RP 14C for offshore production and API RP 554 for process control systems.
Technical Requirements
The standard defines technical requirements across multiple domains to ensure functional safety and reliability of ESD systems. These requirements are based on the principle of independent layers of protection.
Design Principles
The ESD system must be designed to achieve a target Safety Integrity Level (SIL) as determined through a formal hazard analysis. API RP 1640-2013 recommends a fail-safe design where the system defaults to a safe state upon loss of power or communication. Redundancy and diversity are key principles, especially for critical functions. The standard also emphasizes the importance of separation between control systems and safety systems to prevent common cause failures.
| ESD Level | Typical Function | Required SIL (Example) | Typical Response Time |
|---|---|---|---|
| Level 1 (Plant Emergency) | Shutdown entire facility | SIL 2 | < 60 seconds |
| Level 2 (Process Unit) | Isolate specific process unit | SIL 2 | < 10 seconds |
| Level 3 (Equipment) | Shutdown individual equipment | SIL 1–2 | < 5 seconds |
| Level 4 (Local) | Local equipment isolation | SIL 1 | < 2 seconds |
Logic Solver and Software
The logic solver must be a dedicated safety PLC or relay-based system certified for the required SIL. The standard mandates rigorous software documentation, including functional requirements specification, test procedures, and configuration management. It also requires that software modifications follow a management of change process.
Field Devices
All sensors and final elements must be selected based on process conditions, environmental factors, and the probability of failure on demand. The standard provides guidelines for component selection to minimize common cause failures, including the use of different technologies or vendors for redundant components.
Best Practice: Use well-documented failure mode data and ensure that field devices have a proven track record in similar service. Consider diagnostics such as partial stroke testing for valves to improve availability.
Testing and Documentation
API RP 1640-2013 emphasizes rigorous testing throughout the lifecycle, including factory acceptance tests (FAT), site acceptance tests (SAT), commissioning documentation, and ongoing proof testing. All testing must be documented and results recorded for audit purposes. Documentation should include cause and effect diagrams, logic diagrams, and a system description manual.
Implementation Highlights
Successful implementation of API RP 1640-2013 requires a systematic approach from design through operation.
Hazard and Risk Assessment
Conduct a process hazard analysis (PHA) and layer of protection analysis (LOPA) to determine required SIL levels and define the safety instrumented functions (SIFs). The results of these assessments form the basis for the ESD design specification.
Engineering Design
Develop a detailed ESD specification covering system architecture, cause and effect charts, alarm management, and testing procedures. The design should also consider human factors for manual ESD initiation stations.
Installation and Commissioning
The standard provides guidelines for installation including cable routing, segregation, and grounding to ensure immunity to electromagnetic interference. Commissioning must demonstrate that each SIF meets its intended functional and safety performance.
Operation and Maintenance
Ongoing maintenance must include periodic proof testing at intervals calculated during SIL determination, as well as response to diagnostic alarms. A maintenance management system should track testing schedules and results.
Compliance Note: Following API RP 1640-2013 can help demonstrate compliance with relevant regulations such as OSHA PSM, EU ATEX, and SEVESO directives when properly documented. Third-party certification may be beneficial for high-risk installations.
Compliance Notes
Compliance with API RP 1640-2013 is not a regulatory requirement in itself, but it is widely accepted as a recognized and generally accepted good engineering practice (RAGAGEP) in the petroleum industry.
- Regulatory Alignment: Many national and international regulations reference API recommendations. Using API RP 1640-2013 can demonstrate due diligence and support safety case development.
- Auditing and Verification: Internal and third-party audits are recommended to ensure consistent adherence to the standard. The standard includes checklists for design reviews and functional safety assessments.
- Training and Competency: All personnel involved in ESD system lifecycle activities should be trained in functional safety principles and the specific systems installed.
- Documentation: Maintain a complete and updated set of records, including cause and effect diagrams, logic solver programs, test results, and change management procedures.
Critical: Deviation from the design principles outlined in API RP 1640-2013 can lead to systematic failures, reduced safety performance, and potential regulatory penalties. Always justify any alternative design approach with a recognized equivalent standard.
Frequently Asked Questions
Q: What is the relationship between API RP 1640-2013 and IEC 61511?
A: API RP 1640-2013 is aligned with the functional safety standard IEC 61511 but provides specific guidance for the petroleum industry. It can be used as a sector-specific implementation of IEC 61511.
A: API RP 1640-2013 is aligned with the functional safety standard IEC 61511 but provides specific guidance for the petroleum industry. It can be used as a sector-specific implementation of IEC 61511.
Q: Does API RP 1640-2013 apply to existing ESD systems?
A: The standard can be applied to both new and existing systems. For existing systems, a gap analysis is recommended to identify modifications required to meet the current RP.
A: The standard can be applied to both new and existing systems. For existing systems, a gap analysis is recommended to identify modifications required to meet the current RP.
Q: How often should proof