Systems-Theoretic Process Analysis (STPA) is a recently developed hazard identification technique that is based on control and systems theory. Previous studies on STPA emphasize two major strengths of the method: (1) STPA provides a systematic top-down approach that enables early identification of system flaws, and (2) STPA covers a wider scope of hazards compared to traditional methods. Despite these advantages, there are only a limited number of studies that have applied the method to subsea systems. It is therefore of interest to investigate how STPA can be used to formulate new or verify existing requirements to safety-critical systems for subsea facilities. One example is the isolation of subsea wells initiated by the platform emergency shutdown (ESD) system. The purpose of this paper is to apply STPA to this function, and to discuss opportunities, challenges and possible implications of the results obtained from the analysis.
The paper starts with a thorough literature study and includes an analysis of the insights and recommendations made from other industry sectors and application areas. This review is followed by the STPA analysis of the proposed system, with focus on the identification of the unsafe control actions and safety constraints for subsea well isolation. It is investigated how STPA is able to address specific design philosophies and subsea operating conditions, like fail-safe function of subsea ESD valves, long distance between top-side control system and subsea valves, and dynamic behavior of the control structure. The paper concludes with discussions and suggestions on how the STPA procedure may be improved for application to subsea systems.