Shutdown platform occurred during my site trip last year in one of the remote offshore wellhead platform.
ESD alarm on the operating console showed that the shutdown is triggered by one of the push button on the cellar-deck.
The the problem comes, every time the operator wants to reset the ESD logic. The push button fail safe mode which in de-energized status keep sending shutdown command and it cannot be re-setted.
Since the override command is only accessible to authorised maintenance personnel. the operator cannot access the overrides command and he started to panic
After several unsuccessful troubleshooting attempts to fix the push button in the field. I asked the operator to contact the instrument maintenance in control room for the password to access the maintenance laptop. After several discussions with the maintenance supervisor in the control room. They gave us the password and the push button can be overrided.
It took us about half an hour to start up the platform and the shutdown impact is disastrous. All of the processed fluid and gas is routed from the Compression platform to the Remote Well head by 16" pipeline and exported to onshore facilities. The unplanned shutdown was almost makes the onshore facilities shutdown due to lack of utilities gas supply.
The shutdown investigation found that water ingress inside the pushbutton cover and caused the pushbutton false shutdown signal occurred. It also found a lack of standard procedure for the operator to anticipate this shutdown scenario. Is fail safe design always the only solution?