Pump Overpressure Protection: Part 1
Efficiently deploying safety instrumentation at wellhead pumps.
United Electric Controls

Wellsite accidents can be attributed to various causes, such as overpressure conditions. A well-known international insurance company addresses the daunting subject of planning for an oil and gas well control emergency this way: “Operators within the oil and gas industry typically manage numerous operational risks. Failure to adequately manage exposures, such as the threat of oil spills, the challenge of finding qualified contractors and the need to protect new workers on the job, could drastically affect an operator’s production goals and bottom line. Though the severity of risk can differ among these exposures, no other threat has the potential to challenge an organization more than a well control event.” 1 

This article looks at how safety instrumentation can be used for pump overpressure protection, with a case study illustrating how a large petroleum company in South America adopted a novel approach to pump overpressure protection in remote oil fields.

IMAGE 1: SIL certified integrated instrumentation that combines the functions of a transmitter, logic solver, pressure switch and gauge in one device simplifies the cost and installation of an IPL or SIS. (Image courtesy of United Electric Controls)
IMAGE 1: SIL certified integrated instrumentation that combines the functions of a transmitter, logic solver, pressure switch and gauge in one device simplifies the cost and installation of an IPL or SIS. (Image courtesy of United Electric Controls)

Risk Reduction 

Risk reduction experts in upstream oil and gas production are focused on exploring techniques for reducing risk and maximizing uptime. Well control events, such as the over-pressurization of flow lines, is an area of strong interest, especially because of the impact on production and potential for environmental repercussions.

Risk and reliability experts Henry Johnston and Genebelin Valbuena prescribed several recommendations for safe wellsite operations in their 2015 white paper entitled, “An Integrated Approach to Design Hybrid Independent Protection Layers.”2 Some key takeaways from the paper include:

  • It is important to have reliable methods, such as Layers of Protection Analysis (LOPA), for assessing risk related to well control.
  • It is useful to have a combination of mechanical and instrumented systems used as safeguards. These are known as independent protection layers (IPLs). 
  • There exists a guided and innovative way of integrating mechanical and instrumented subsystems into a
  • single protection layer such that it provides sufficient risk reduction for the risk scenario. 
  • Innovative pressure instrumentation systems available in the industry today can contribute quantitatively and qualitatively to risk reduction.

Safety Integrity Level (SIL) Certified Instrumentation for Pump Overpressure Protection

While certified functional safety experts like Johnston and Valbuena exercise complex quantitative risk assessment and develop methodologies and innovative risk reduction approaches, instrument hardware manufacturers have been responding to industry needs by designing SIL certified instrumentation (e.g., pressure controls) that make the deployment of IPLs or safety instrumented systems (SIS) much easier and more cost effective. Some of these pressure controls integrate functions of a transmitter, switch and gauge in one device. 

These hybrid or integrated devices are solid state subsystems in hazardous area enclosures that combine the functions of a pressure transmitter, pressure switch and logic solver into a single standalone device. Integrated SIL certified instrumentation, such as what is seen in Image 1, can continuously monitor pump pressure at the wellhead through the 4 to 20 milliamp (mA) output and simultaneously control a final element directly, such as a shutdown valve, for immediate shutdown in the event of an overpressure condition. This shutdown is based on programmable thresholds and is executed through an embedded high-capacity relay without the need for a logic solver.

The emergence of these hybrid devices has been a game changer. Designing or upgrading an IPL or SIS for protecting flowlines or rotating equipment (like a pump) could involve multiple devices such as pressure transmitters, trip modules, pressure switches, central or remote programmable logic controllers (PLCs), wiring, conduit, stainless steel cabinets and sub-cabinets. Calculating failure rates and even a system’s response time would be a highly complex task. 

An SIL certified integrated device can help simplify the complexity as it combines multiple functions—analog 4 to 20 mA output, microprocessor-based programmable solid state high-capacity relay, hazardous area enclosure, additional soft digital output and complete diagnostics. Each output as a “safety variable output” has failure rate data documented so it can be utilized in a safety instrumented function. For designers looking for cost-effective solutions for valid risk reduction, such SIL certified integrated devices are worth designing into the system.

Stay tuned for Part 2 next month to read a case study of a large petroleum company based in South America that wanted to improve its production operations at the wellsite. 

Note: The author would like to thank Chan Reis, freelance technical writer.  


  1. travelers.com/resources/business-industries/oil-gas/planning-for-a-well-control-emergency
  2. “An Integrated Approach to Design Hybrid Independent Protection Layers” ISA 2015. Presented at ISA’s 61st International Safety Symposium, Huntsville, AL, isa.org