RISK ASSESSMENT OF THE DEEPWATER HORIZON BLOWOUT PREVENTER (BOP) CONTROL SYSTEM
April 2000 - Final Report
Prepared for:
CAMERON CONTROLS CORP.
EQE INTERNATIONAL
Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00056391 Deepwater Horizon BOP Control System Risk Assessment April 2000 • 4. EVALUATION RESULTS As discussed in the introduction, the evaluation of the fault trees by boolean reduction results in the identification of the minimal cutsets, or the minimum combinations of failures that will result in the occurrence of the undesired event. Each of these cutsets is composed of one or more failures and each of the failures is assigned a probability of failure as discussed in Section 3. The product of the failure probabilities for all failure events in a cutset represents the probability of occurrence of the cutset. The sum of the cutsets for each fault tree model represents the probability of occurrence of the associated undesired event. In addition to these quantitative results, potential problem areas are often identified durmg the development of the model. These are discussed in Section 5. Table 4·1 summarizes the probability of occurrence of each of the undesired events. The number of cutsets shown in the table are those with a probability of occurrence greater than 1E-1 O. The overall potential for any of the events occurring which lead to the failure to perform the EDS function is 3.1 2E-4 (1183 cutsets). which is less than the sum of the individual events in Table 4-1. This is due to the fact that some of the cutset combinations result in failure of more than one of the functions but are correctly only counted once when looking at the overall likelihood. The • listing of the first 100 cutsets (or all if less than 100 cutsets exist above 1E-1 01 for each of the functions is shown in Appendix C. The relative dominance of the blue pod components should not be interpreted that the blue pod is more unreliable. The model was developed for the condit'lon with the blue pod in operation as representative. This same apparent dominance also appears in the importance measures presented in Appendix 0 but in fact there is no difference between the blue and yellow pods. The failure probability for the well control scenario is approximately an order of magnitude lower than for the emergency disconnect scenario.
The major contributor to the failure likelihood associated with the BOP control system results from the selected stack configuration. With only one shear ram capable of sealing the well in, it is extremely difficult to remove all the single failure points from the control system. The final shuttle valve, which supplies the hydraulics to the blind shear ram, represents such a single failure point for the disconnect function.
• 37
Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00056432 Deepwater Horizon BOP Control System Risk Assessment April 2000
• CDmmDn cause failure of all four pDd mDdems or all four • communication/power distribution panel modems As noted above, due to the selected stack configuration, the final shuttle valve which supplies the blind shear ram represents a single failure point and accounts fDr 56% Df the failure likelihood of the system to perform an EDS.
The failure of the four choke or kill valve pairs each cDntribute about 5 % of the failure likelihoDd Df the system for disCDnnect. This is a more significant contribution than has been found in past analyses due to their less frequent testing schedule (i.e., Dnce a week operation of the valves rather than the daily operation of the valves for other systems.
The dominant failure combinations associated with well control operations show that the additional diversity and redundancy available for well control provide additional reliability. The likelihDDd of failure for the critical functions for well control is almDst an order of magnitude below that fDr discDnnect. The dominant faults are a little wider distributed than in the disconnect case but still represent a small subset of the number of failure scenarios.
• Failure of the indication to identify need tD initiate well contrDI • actions or operator failure to initiate well control actions,
• CDmmDn cause failure of all four pod modems or all four communication and distribution cabinet modems,
• Inadequate precharge on the pod manifold regulator pilot and failure to switch to the inactive pod,
• Software error in the pod software or communication and distributiDn cabinet soHware, which are undetected.
Another result of the fault tree evaluation is the development of importance factors, The factors allow the analyst to focus in on the areas of risk which are important to system reliability, Two measures are typically calculated, the risk reduction measure and the risk increase measure.
For the evaluation of the BOP in terms of emergency discDnnect, the most important factor to both risk increase and risk reduction is the final shuttle valve • 39
Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00056434 Deepwater Horizon BOP Control System Risk Assessment April 2000
associated with the blind shear ram. Since this area of the system is a single failure point, the importance of the shuttle valve reliability is magnified. Care should be • taken to ensure the highest reiiability possibie from this valve. The maximum improvement in reliability possible by improvement of the shuttle valve is about a little more than a factor of 2. Conversely, if the reliability of the shuttle valve is underestimated either due to the limited data available or differences in the installed shuttle valve from the generic data sample, the reliability of the system may be severely impacted. The maximum increase in system unavailability due to an increased probability of shuttle valve failure is a factor about 3200. A specific data collection effort for the particular shuttle valve used in the Cameron system may remove some of the conservatism introduced by the use of generic data and reduce the dominance of this component. However care must be taken to ensure continued high reliability of the shuttle valve since it is extremely critical to the overall BOP disconnect operation. The final shuttle valve for the casing shear ram represents a similar potential problem, but it's importance with respect to the overall likelihood is reduced due to the smaller fraction of time that it's operability is required for a successful disconnect. Although the impact of failure of the casing shear ram is not as dominant, the same attention to its reliability should be paid as extended to the blind shear ram shuttle valve.
• Beyond the blind ram shuttle valve, the next most critical factor to risk decrease for disconnect is the reliabilitY of the choke and kill valves. The identified weekly valve exercise leads to a higher unavailability than if the valve were tested more frequently. Additional testing of the valves would lead, at most to a 5 % reduction in the risk. If the valves are actually cycled more than once per week under the current operating philosophy, the contribution would in reality be lower.
Beyond these items. the largest potential item for reducing the fisk (increasing the reliability) for both disconnect and well control operations is to ensure that the indication, recognition, and willingness of the operator to initiate the appropriate actions or to switch to the standby pod following failure in the active pod. The indication, recognition, and willingness of the operator to initiate the appropriate actions is also the next largest factor which can potentially increase the risk for failure to disconnect or failure of well control. Given the importance of the operator, it is essential that the indication availabie to him provides a clear picture
• 40
Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00056435 SINTEF REPORT
TITLE
SINTEF Industrial Management Deepwater Kicks and BOP Performance, Safety and Reliability Unrestricted version Address: N-7465 Trondheim, NORWAY Location: S P Andersens veg 5 Telephone: +47 73 59 27 56 Fax: +4773592896 AUTHOR(S) Enterprise No.: NO 948 007 029 MVA Per Holand (SINTEF/Exprosoft) and Pål Skalle (NTNU)
CLIENT(S)
Minerals Management Service (MMS)
REPORT NO. CLASSIFICATION CLIENTS REF. STF38 A01419 Unrestricted William Hauser, Michael W. Hargrove CLASS. THIS PAGE ISBN PROJECT NO. NO. OF PAGES/APPENDICES Unrestricted 82-14-01682-7 384240 107/1 ELECTRONIC FILE CODE PROJECT MANAGER (NAME, SIGN.) CHECKED BY (NAME, SIGN.)
\\Ntwm\ES201017\Final REPORT Unrestricted version.doc Per Holand Marvin Rausand FILE CODE DATE APPROVED BY (NAME, POSITION, SIGN.) 2001-07-24 Lars Bodsberg, Research Director ABSTRACT A reliability study of subsea BOPs was performed in 1999. This is a follow up study focusing on the deepwater kicks and associated BOP problems and safety availability aspects. The study is based on information from 83 wells drilled in water depths ranging from 400 meters (1312 feet) to more than 2000 meters (6562 feet) in the US GoM OCS. These wells have been drilled with 26 different rigs in the years 1997 and 1998.
A total of 117 BOP failures and 48 well kicks were observed in these wells. The main information source from the study has been the daily drilling reports.
Detailed kick statistics and parameters affecting the kick occurrence and kick killing operation are discussed. The occurrences of BOP failures as a result of wear and tear during the kick killing operations have been investigated.
The BOP as a safety barrier has been analyzed based on the relevant kick experience and the BOP configuration. An alternative BOP configuration and a BOP test procedure that will improve the safety availability and save costly rig time have been proposed.
KEYWORDS ENGLISH NORWEGIAN
GROUP 1 Reliability Pålitelighet
GROUP 2 Offshore Offshore
SELECTED BY AUTHOR Blowout Preventer Utblåsningssikring Kick Brønnspark Risk Risiko Deepwater Kicks and BOP Performance, Unrestricted version
Table 8.8 Blowout probability with the lower kill line outlet above LPR vs. the average BOP configuration Test strategy (see Table Average BOP configuration (results Lower kill line outlet above LPR 8.2 for details) from Table 8.3, page 90) Average proba- Ratio vs. Number of Average proba- Ratio vs. Number of bility of failing to base wells per bility of failing to base case wells per closeinakick case blowout closeinakick blowout Base test case (similar to 0.125 % 1.00 1382 0.111 % 1.00 1556 present regulations) Body test every two weeks, 0.134 % 1.07 1293 0.120 % 1.08 1444 in-between function test Body test every two weeks, but no in-between function 0.137 % 1.10 1258 0.124 % 1.11 1400 test Body test every week incl. 0.080 % 0.64 2152 0.073 % 0.66 2358 function test
As seen from Table 8.8, keeping the kill line outlet above the LPR will have a positive effect on the blowout probability with approximately 12 % reduction. Here it is important to note that the analysis only regards the ability to close in the initial kick. During the kick killing operations a line below the LPR is useful. This line is however regarded as a kill line and not a choke line. The line should therefore preferably only be used for pressure monitor and pure killing. It should not be used for circulation to avoid wear in the valve sealing area.
Discussion/conclusion
The lower pipe ram should preferably be equipped with a variable bore ram capable of sealing around all drillpipe/workstring diameters that shall be run into the well. If due to hang-off capacity problems a fixed ram is preferred, the size of the ram-blocks should be in accordance with the size of the drillpipe normally running through the BOP. If running small size work string in the well, the LPR should never have a fixed diameter ram-block to fit to this size. If such a ram-block is required for well operations it should be located in the MPR or UPR. As a general rule fixed rams with a diameter different from the most commonly used drillpipe diameter should not be used in a BOP stack. A variable bore ram that is capable of sealing around both the small diameter and the normal drillpipe should be used instead.
The use of two annulars does not give any significant improvement with respect to being able to close in the initial kick. But experience shows that when stripping is required as a part of the kick killing operation, this will cause that the annular is likely to fail afterwards (a failed annular preventer was observed after two of six stripping operations, described in Section 7.3.2 on page 81).
All subsea BOP stacks used for deepwater drilling should be equipped with two blind-shear rams. If replacing the upper pipe ram with a blind-shear ram, the effect of the detailed BOP pressure testing is eliminated. Body tests against the MPR and individual testing of the blind- shear rams against the casing will be adequate. Such a BOP configuration and testing will reduce the blowout probability compared to three pipe rams and the present BOP test strategy.
Page: 96
Engineering Services, Inc.
www.westengineer.com
MINI SHEAR STUDY
For
U.S. Minerals Management Service
Requisition No. 2-1011-1003
December 2002 6 Findings
WEST had experience with 14 rigs during the recent round of upgrades. Shearing data is included in Table 1 – Shear Data. As can be seen of the 14 rigs, only seven conducted shear testing. One rig did shear testing on new SQAIR 5”, 24.7 PPF, S-135 pipe. Included in the attachment is the Actual Shear Value (psi) that was necessary to shear the pipe. Thus, if the operating system pressure available has been exceeded, the pipe would not shear on the rig. As can be seen in the column “W/O Hyd Pass/Fail”, five rigs passed and two failed to shear the pipe on the surface (71% success) upon simple analysis of the testing data. This is shown below in Graph 2.
Graph 2 Shear Testing Results With Hydrostatic Pressures Considered Fail 50%
When the supplementary affect of hydrostatic pressure at maximum rated water depth is added to the surface shearing pressure, one rig should no longer be able to shear the pipe. Another rig drops out, as the actual shearing pressure was not in the WEST files. Thus, three of six rigs pass in this case (50%). This is graphically presented in Graph 3.
WEST Engineering Services, Inc. Page 13 of 13
Engineering Services, Inc.
Evaluation of Secondary Intervention Methods in Well Control
For
U.S. Minerals Management Service
Solicitation 1435-01-01-RP-31174
March 2003
4.4 Function/Pressure Tests:
Function/pressure tests are performed routinely to prove that the BOP stack works properly. The most critical secondary intervention system should probably receive the same attention to verify functionality if needed.
4.4.1 MMS BUREAU OF LAND MANAGEMENT 43 FR PART 3160
Requirements Well Control Requirements 1. “Blowout preventer (BOP) and related equipment (BOPE) shall be installed, used, maintained, and tested in a manner necessary to assure well control and shall be in place and operational prior to drilling the surface casing shoe unless otherwise approved by the APD.”
4.4.2 NPD Section 31 Requirements relating to blowout preventers with associated equipment “It follows from this provision that where the blowout preventer (BOP) has the function of a barrier, it must be designed in such a way as to ensure that the functioning of the valve as a barrier can be maintained.”
4.4.3 UK See Section 4.1.3
4.4.4 API RP 53, section 18.3.1 Function Tests “All operational components of the BOP equipment systems should be functioned at least once a week to verify the component’s intended operations. Function tests may or may not include pressure tests. Function tests should be alternated from the driller’s panel and from mini-remote panels.”
4.4.5 NORSOK 5.2 Procedures/limitations for the operations c. “This mode will include regular remote pressure testing of subsea barriers and routine inspection and maintenance by ROV, and well rate testing.”
WEST Engineering Services, Inc. Page 28 of 85
5.1.7 ROV Intervention
5.1.7.1 Summary Application MUX Function discreet, several Activation manual Commonality independent
5.1.7.2 Overview ROVs are the simplest and most effective means of secondary intervention in use today. One reason they are effective is that they are not automatic systems, but require a human action in order to operate, which makes them more trusted by the rig crew. This is true in spite of the fact that design and plumbing errors can cause malfunctions of the primary control system.
Capabilities of ROVs
After docking, an ROV has the capability to push, pull and rotate with a manipulator arm, but at only 4.5 gpm (average) – 6.7 minutes is needed to close shear rams requiring 30 gallons.
WEST Engineering Services, Inc. Page 65 of 85
Unfortunately, if an ROV is needed for well control, there is a good chance that it will be incapable of closing a ram for one or more reasons. As a result, reliance on ROV systems as the sole means of securing the well if the primary system has failed has a high probability of failure unless the ROV is docked at the appropriate ROV panel the during drilling.
Weather is often a factor in the ability to launch an ROV; if it can’t get in the water, it can’t do its job. Even if the weather cooperates and the ROV can get in the water, subsurface conditions might make it impossible to reach the stack. High currents prevent ROV operations, and they are virtually useless during loop currents, which can shut them down for weeks at a time. Even if the weather and water conditions were perfect, if turbulence from an uncontrolled well flow is present, the ROV would probably be unable to fly in close enough to the stack to successfully shut in the well.
Another weak area is the low pumping rate supplied by the ROV hydraulic pump. The pump rate ranges from about 1.5 to 9.0 gpm (gallons per minute), with the lower number most often found. A Cameron 18 ¾” 15,000 psi WP ram BOP requires 24.6 gallons to close fully. At 1.5 gpm, the time required to close the ram is over 16 minutes. Even at a mid range output of 4.5 gpm, over five minutes would be needed. While the sealing mechanism and cutting blades are more robust in some preventers than in others, it is considered highly unlikely that any preventer currently available would stand up to this punishment during an uncontrolled flow of wellbore fluid. However, no tests have been conducted to verify this.
There are currently no requirements to function test ROV circuits prior to running the stack, and this is often overlooked. In addition, there is no standardization concerning the stab connections, with each ROV company supplying their own equipment. Unless they are specifically requested to do so, the female stab receptacles on the stack are not replaced when the ROV comes on board, which results in incompatible equipment. A single design ROV stab should be adopted for use throughout the GoM, and all ROV operable circuits should be function tested prior to running the stack. Ram BOPs with ROV intervention capability should be wellbore pressure tested prior to running the stack after closing, locking and venting the ram with the ROV circuit. This would not require the use of the ROV, but could be done with a hydraulic pump using BOP control fluid.
WEST Engineering Services, Inc. Page 66 of 85
Engineering Services
www.westengineer.com
SHEAR RAM CAPABILITIES STUDY
For
U.S. Minerals Management Service
Requisition No. 3-4025-1001
September 2004 3. Discussion
3.1 Data Acquisition
Upon being awarded this study, WEST began efforts to obtain the data required. Accordingly, four manufacturers were contacted. There was a reluctance to share data for a myriad of reasons; therefore, much time and effort was necessarily spent in this area. Eventually, Cameron, Hydril and Grant Prideco provided their data and the MMS provided data that had previously been provided to them by Varco Shaffer. At that point we began sorting through and analyzing the data provided.
3.2 Understanding the Shear Function
The well control function of last resort is to shear pipe and secure the well with the sealing shear ram. As a result, failure to shear when executing this final option would be expected to result in a major safety and/or environmental event. Improved strength in drill pipe, combined with larger and heavier sizes resulting from deeper drilling, adversely affects the ability of a given ram BOP to successfully shear and seal the pipe in use. WEST is currently aware of several failures to shear when conducting shear tests using the drill pipe that was to be used in the well.
As stated in a mini shear study recently done for the MMS, only three recent new-build rigs out of fourteen were found able to shear pipe at their maximum rated water depths. Only half of the operators accepting a new-build rig chose to require a shear ram test during commissioning or acceptance. This grim snapshot illustrates the lack of preparedness in the industry to shear and seal a well with the last line of defense against a blowout.
Operators and drilling contractors do not always perform shear tests when accepting new or rebuilt BOP stacks. The importance of shear tests prior to accepting a rig is better understood by some that have experienced inadequate control system pressure when attempting to shear the drill pipe to be used in their project. Shearing problems found in testing have resulted in delays as the necessary equipment modifications are made before initiation of drilling.
Manufacturers cannot directly compensate for parameters such as mud weight and internal wellbore pressure in the shearing operation; but they do provide the additional compensating pressures required. There has also been little sharing of shear data that would allow for better understanding of shear requirements. Unfortunately, not all operators and drilling contractors are aware of the limitations of the equipment they are using. This study examines existing shear data, and inconsistencies in an attempt to better understand the likelihood that the rams will function as expected when activated.
3.3 Drill Pipe Evolution
As the drill pipe manufacturers have improved drill pipe technology over the years, the latest generation of high ductility pipe, known by various names, has been seen in some cases to almost double the shearing pressure compared to lower ductility pipe of the same weight, diameter, and grade. Higher ductility drill pipe can be evidenced mainly by higher Charpy impact values and slightly lower yield strengths with the Elongation % and hardnesses basically unchanged. See Table 4.1 below. Differences between the high and low ductility drill pipe cannot be visually discerned, although this data may be available on a case-by-case basis. Short of physical testing, only careful record keeping on a rig can determine which pipe is of what specification. Of equal concern, drill pipe tool joints and internal upsets can be quite problematic. Both tool joints and internal upsets are getting bigger and longer.
WEST Engineering Services Page 3-1
6 Additional Shearing Pressure Required
Additional pressures must be considered when shearing pipe, but are sometimes ignored. These include two major categories: net hydrostatic pressure at water depth and closing the rams against a wellbore kick. Hydrostatic pressure includes the net effect of the BOP hydraulic fluid, seawater, and mud weight.
Areas where mud, seawater, and BOP fluid pressures act on a BOP with a wedge type lock: 1 – Mud Pressure 2 – Seawater Pressure 3 – BOP Fluid Pressure plus hydrostatic head 4 – Seawater Pressure. Note: Area 4 and its pressure effects do not exist on BOPs without tailrods.
Closing against pressure in the wellbore increases the pressure required to close the rams by an amount equal to the pressure divided by the closing ratio of the ram BOP. This variable must be included since closing of the shear rams should be prepared for the worst case when there is wellbore pressure under the annular equal to its maximum working pressure. One BOP manufacturer stated that the working pressure of the ram BOP should be used, but it is difficult to determine a scenario where pressure could be contained under a shear ram while shearing is still needed. Another manufacturer lists wellbore pressures of 5,000 psi and 10,000 psi on some of their shear tables, which are presumably the working pressures of the annular BOPs in use.
Hydrostatic pressure includes those effects caused by BOP hydraulic fluid, seawater, and mud weight. The BOP hydraulic fluid pressure acts to close the ram while the mud acts to open the ram. The net effect is an increase in the pressure required to close the shear rams in order to overcome the opening forces of the mud. However, when the shear rams are closed and sealed and the pressure trapped between the shear ram and the annular vented, this wellbore pressure assists in maintaining the seal.
WEST Engineering Services Page 6-1
The total effect of these additive pressures can result in considerable increases in the shearing pressure established at the surface. These issues are not always considered when reviewing the capability of the control system to operate the shear rams and to shear the drill pipe. The following tables and graphs can be used to determine the added closing pressure for selected BOPs for 12 ppg mud and kick pressures from 400 to 2500 psi. This is provided to allow an idea of the magnitude of the pressure.
To assist understanding, here is one possible scenario and the additional pressure determined: Given: 18-3/4” 15K Hydril BOP with MPL and 19” operating pistons, 12 ppg mud, 6,000 ft water depth, 2000 psi kick pressure under the annular. From the tables and graphs: Closing ratio = 10.49:1 Additional pressure for the mud effects = 105 psi Additional pressure for the kick pressure = 190 psi Total additional closing pressure required = 295 psi
SHAFFER® Selected Closing Ratios
Model SLX & SL SL SL SL SL SL SL SL
Working 15,000 15,000 15,000 10,000 10,000 10,000 5,000 5,000 Pressure (psi)
Bore (in) 18-3/4 13-5/8 11 21-1/4 18-3/4 16-3/4 16-3/4 16-3/4
Piston 14 14 14 14 14 14 10 14 Size (in)
Closing 10.85 7.11 7.11 7.11 7.11 7.11 5.54 10.85 Ratio
WEST Engineering Services Page 6-2 •
2113660152 T-212 P.DOI/DD3 F-861
r.weoc~ to..tlIt lJI' B~o.""","eoo HOllSTON. TX17'Qlll Octob r 11, 2004 BP A 'co _tion Company 200 estlake Park Blvd.. Reust n, TX 77079 Ann: Mr. RAndy Rhoads Mail Coo. 1089 WL4 Re: Drilling ContraCt No. 980249 dated December 9, 1998 (as previously amended, "Contract") by and bctWeeD. R&.B Falcen Drilling Company, predecessor in interest to Transocean Holdings Inc. ("CODtractOr") and Vaslar Resources, Inc., predecessor in interest to BP America Production Company ("Company"), as amended for RBS·8D (now known as the "Deepwater Horizoo") Letter Agrumeat fOI" Coavtrsio. ofVBR to a Test Ram CONTRACTOR-SI2I-2002-ll11 executed by both parties below. this letter will document the aareement between Contractor and any for ConlrlCtor'S conversion (the "Conversion") ofan existing; variable bore ram ("VDR) into a " on the Deepwater Horizon's blowout preventer (the ·'BOP"). ordance with Articles 5 and 1 of the Contract, Company shall reimburse Contractor for the cost i'ted with the Conversion, which is estimated to be $135,000 based on the attached quote/ME ing the five percent (5%) handlina fee. NotWithsandina the foregoing, Contractor shall give y wrinen notice of any increase of more than ten percent (IOO/o) in the above: cost estimate and sue iDcreaJe shall be subject to Company's prior written approval Ifinstallation should require out-of· serv e timc, Company agrees to pay Contractor at the Standby Rate (as defined in the Contract) \lIltil oper OOns can be recommenced; provided sl,lch out-of-service time shall not exceed a maximum of twe -four (24) hours. Reimbursement for the Conversion shall be in the fonu ofa lump sum payment due payable within thirty (30) days ofreceipt of Contractor's invoice therefore. which invoice shall be t after the "lestnm" has been installed. pany acknowledges that the Conversion win reduce the built-in redundancy of the BOP, thereby . y increasing ContractOr's risk profile and corresponding cost structure. Therefore, after the crsion is compll:tcd, ifone ofthe two mnainina VBRs fails to "'test" on any wen for any mechanical n (as opposed. to abnormal wear or damaee caused by operations) and the MMS requires that ctor pull the BOP to replace the VBR.. Company agrees to pay ContrllCtor the Operating Rate (as in the Contract) for the rime req~d. to pull the BOP, replace the ram, and re-run the BOP; "",t-Jed,however, uotle ofthe two remaining VBRs fail& to ''test'' a subsequent time on the same well for y mechanical reason, after initially testing subsea, (as opposed to abnormal wear and damage cau e<1 by operations) and thIS MMS requires that Contractor pull the BOP to replace the VBR. the time req ired. to pull the BOP, replace the ram, and re-nut the BOP shall be considered Mechanical Downtime (as cd in the Contract). :Ex cpt as specifically lei forth above. all other term!> and conditions ofthe Contract, as amended to date, sh I remain uncbaDied. E: (832) 5eNI506 Oc -18-2004 Fra.-ep 2813660152 T-2T2 P.003/003 F-8ST 'C3 Production Company Letter ernent for Conversion ofVBR to a Te...t Ram OCtober 11. 2004 Pase 2 f2 Please' dicate yom agreement to tb~ terms of this letter by signing in the space provided below and I'et1w"ijlg an executed copy to us for our files. Ifyou have any further questions. please contact John Keelo at (832) 581-8533 or me 81 (832) 581-8506. Thank you for the opponuniry to be ofserv1ce. AGREED AND ACCEPTED: __-TIDS 1'1~ DAYOF~2004 8PAMERICAPRODVCTIONCOMPANY ~=.n~ TI1U Cedr.c.t .y«citJ.)gL O""'S I.:I/I-./D" P NE: (832) 587-8506 FAX: (832) 587-8754 EMAlL:[email protected] Oct 17 to Oct 31,2005 Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00063579 • DW Horizon Assessment - October• 14, 2005 to October 28, 2005 • 4.0 Asset Deficiencies Priority A ~ Critical equipmenl items :hal may lead to loss of life, a serious injury or environmental damage as a result ot inadequate use and/or failure of equipment Priority B = MajOr ;ferns that may iead to damage to essential eQwpmenl or have a detrimental effect on Ihe drilling operation as a resulf of inadequate use andlor failure of equipment Priority C : Minor items that may iead to a situation that contributes to an incident or 10 circumstances in which the required standaros of operation are not met. REF ASSET DESCRIPTION RECOMMENDATiON PRIORITY 124 Riser Tensioners # 6 riser tensioner leaks, change out with the spare riser tensioner after it is refurbished. C 125 Riser Tensioners Contract a Hydralift service engineer to assist in repairing the Riser Tensioner position transducers and in B solving the frequent failure rate problem. Only one out of six riser tensioner position transducers is currently working, These transducers supply rod position input to the Riser Recoil System, so a failure of this last remainin sensor could cause ma'or e ui ment dama e. 126 Annulars The upper annular is kept in the vent position due to a minor leak when left in the open position. The leak B is intermittent. Continue trouble shooting to fix leak as rig opportunity allows. 127 BOP Control Panel Intermittent alarms occur on unrelated functions when opening the lower inner choke with the yellow pod: C A choke/kill isolation valve close coil break, B choke/kill isolation valve close coil break, a choke/kill primar connector unlock, unlock coil break, lower outer choke close A&B coil break, wellhead connector gasket release A&B coil break. Investi ate and re air roblem, 128 BOP Control Panel When shifting to the yellow pod the regulators fluctuate several minutes before settling out. The event C logger showed one hydrostatic transducer in STM 1 with a 120 psi reading and the olher in STM 2 with 1800 psi in 4000 ft water depth. Investigate to determine cause of low pressure reading in STM1 and ra lace com onents as necessa . 129 MUX and Hotline Reels Replace the Hot Line due to frequent failures that have required splicing on four previous occasions. B During the assessment, the hot line was observed to be leaking badly during a rig move. The leak has not been repaired yet due to the fact that it is located deep in the reel. This is indicative of hose deterioration and this 'Item is critical when runnin and ullin the BOP stack, Ref ATP 186 130 Diverter The diverter. when closed, shock-loads the system. Raise an REA for Engineering to investigate a way of B lessening the severe shock loads (hammering) as this is detrimental to the equipment. The Enterprise was very successfUl on eliminating shock loading on the 1" BOP ram functions on the BOP stack by installing 1/2" restrictors in the 1" line. Prior to this the brackets were being torn off and tUbing connections were parting. 131 Mux Cable The yellow Mux Cable is damaged at 6500 ft. Ref ATP 291 C 132 Choke manifold Test the choke manifold to maximum working pressure, 15,000 psi., shell test. Valve # 9 was replaced, C -l connection points were broken and the choke manifold was tested. but only to 12.000 psi with the ;::0 Z Halliburton cement unit. Recommend this be included in the PM stem. Ref ATP 402 I 133 Coflexip Type Hose Send the Mud Boost and Conduit Supply Hoses for repair. The outer protective sheathing is broken and B I () unravelin . Ref ATP 166 m () I 0 0 0 (J) W Page 1 of 1 01 0 ~ () o :::J ::::!'! c.. CD • • • :::J P.O. Box 577 Tel: (281) 934-1500 =Q) ~\:/~~~ Brookshire, TX 77423 En 9 ine e rln 9 Fax: (281) 934-1600 --I U.S.A Ur1f~) Services [email protected] CD Q) ..... ISO 9001:2000 Certified 3 CD .....:::J ATP Generator-Revision 4 ;0 10112/2005 9:02 CD SM ..0 C CD .....(J) CD Prepared for Transocean c.. 0" '< Subject: Well Control System Assessment Testing Procedure --I W :::J Format for the Deepwater Horizon (J) o () CD Reference: Drill Through Equipment and Related Systems Q) :::J I o Dynamically Positioned Rig - GoM c.. :::J (0 WEST Job # 001 C (J) r r () C = Item Checked and in compliance X = Not in compliance, high risk of downtime / = Not in compliance, low risk of downtime o = Item Not Checked N/A = Item Not Applicable --I ;0 Note: Items that are found "Not in Compliance" are appropriately addressed in the Z I Summary ofRecommendations I () m () aI a a (J) eN (Jl...... WEST© I'V () o :::J ::::!'! c.. CD WEST Engineering Services Subsea ATP - Job # 001 C :::J • • • ..... "Deepwater Horizon" Transocean Q) f" r ,- -~ - . - I T - :'1 I 11'\ ' I --I ) j I I I I j , b>,;~" ~ _.t~"'"",.-...I" ~_.k'_' .~. ~. ~ ~""_ .;.IollJ.:""'-.~ "","""~"",;":,:,,,,,,",:r. CD ... __ ,_ '-' . ," ". , ' ." r.__ , • _ _ n __ __ ....j;...... __ __ ..._ Q) ..... Verify that weld repairs on drill through equipment are not * MI06 3 performed on the rig. WEST ITP # 57, Rev 6, CD Equipment Repairs .....:::J 43 o Welding ;0 CD API RP 53, 3rd Edition, ..0 C section 18.11.7 CD 44 Section E.2: BOP Stack Ins ection .....(J) CD 45 E.2.1: End Connections and Side Outlets (JA c.. 0" 401 '< Targets on the subsea valves, choke manifold and high pressure * WEST ITP # 75, Rev 3, --I W piping will be disassembled for visual inspection. Lead targets Target Flanges :::J 46 should have a positive retention mode, a counterbore, and be (J) o o drilled to reduce the tendency of wellbore pressure forcing the () lead out of its retention mode. Quiet zone targets are CD Q) acce table. Record findin s. :::J Hydraulic torquing equipment and a thread lubricant with a * API RP 53, 3rd Edition, I o known coefficient of friction (suggested to contain molybdenum section 18.11.4; and c.. 47 disulfide, e.g. NSW-5(3) shall be supplied. * MMS CFR Title 30, c :::J Chapter 11, Section (0 (J) 250.446 Para ra h a r Bolt preloading procedures for drill through connections and * API RP 53. 3rd Edition, r () side outlets shall be reviewed. Note: Close to YO'!() of the section 18.11.2; and 48 effects of embedment relaxation noted in API RP 53 can be * MMS CFR Title 30, c counteracted by re-torquing any newly made up connection after Chapter II, Section a full workin ressure test. 250.446 Para ra h a Connections broken in the last 6 months will be re-tightened to * API RP 53, 3rd Edition, prove preload accuracy. section 18.11.2; and 49 * MMS CFR Title 30, o Chapter II, Section --I 250.446 Para ra h a ;0 Z Hardened washers are recommended for use under the nuts on * API RP 53, 3rd Edition, I I the #5 clamps. section 18.11.2; and () 50 * MMS CFR Title 30, o m Chapter II, Section () aI 250.446 Para ra h a a a (J) eN (Jl I'V .j:::o,. ED tf).J - DETNoRSKE VERITAS Energy Report Beaufort Sea Drilling Risk Study Transocean Offshore Deepwater Drilling Inc. Report no EP004855/DNV ref no: 12A88QH-9 Rev. 1, July 31, 2009 Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00063077 DEl' NORSKE VERITAS Beaufort Sea Drilling Risk Study [I Trunsoceun Offshore Deepwater Drilling Inc, MANAGING RISK III ~ i~ep();1EI)66~48SS;i:~~,;~occa" Beaufort-Sea DET NORSKE VERITAS (USA) INC Drilling Risk Study ._.~.~._... _~~ 1400 Ravello Drive rf".r: AI Browning _._--~ ..---~-- Kaly, TX 77449 Transocean Offshore Deepwater Drilling Inc. Tel: (281) 396- 1000 PO Box 4255 Fax: (281) 396·1906 HOUSTON, TX 77210 4255 1-;-,---;--;:------1 http://www.dnv.com Account ref: ~~------ .~-- Date ofissue: July 31,2009 f~gtt no. ~ ______=rP0048~~~__ . ..._._- ._~ . Report No.: 1~2A88QH·9 Subject Group: Smnmary: Del Norske Verilas (U.s.A.), Inc. (DNV) was asked by Transocean Offshore Deepwater Drilling. Inc. to perfonn a drilling risk analysis to determine the likelihood ofexperiencing an uncontrolled flow ofhydrocarbons in which all control options thaI arc onboard the drillship hnve failed during exploration drilling in the Beaufort Sea in water depths of approximately 600 meters. This report includes the methodology used and steps taken to estimate the 6 resulting likelihood, which was calculated at 3.5 x 10- , or one uncontrolled flow event for every 285,000 wells drilled. Nallie Clndposltloll Prepared by: Slglla/ure ~~ ~ () Chris Boylan, Senior Consultant Prepared by: Nallle andpOS/(/OIJ Signa/lire PCI' Sollie, Principal Consultant A. ,\. '" ~i'-,. /' Verified by: Name and Position Signarj(~~ IIfr Anders 0fsdahl, Senior Consultant ( iii ~----~-_._- ..- IlL Verified by: Nallle lind Pusllion Signall ~.V Kuhan Sivathasan, Principal Consultant - .~ - Verified by: Nallle and Pos/lion ~g"at;t')r;N1 P.I;7r;x1.---- Susan Norman, Administrative Officer ---- Apprnved by: Name and{Jos/lion Signatllre Bryce Levett, Director of DNV Energy ~. Solutions North America .---.. __..., _._._~- .-_._--~- No distribution withollt pennissioll from lhe client or responsible r orgflnizationalunit (however, ffce distribution for internal use within Indexing terms . DNY after 3 )~e,,'"':::')~----,--,--c--,--c----,-,---+----,-----,---,--,--::-::,--- No dislribulion withollt pemlission from the client or responsible Key Transocean, Beaufort Sea, Drilling, r organizlltional unit words Exploralion, Blowout, J)eepwlltcr Service 1\7 Strictly conlhlclllinl Area SHE Hisk Manltgcmcnl -~~.~_._ ..~_ ..._-._--~~_. __ ... ~ ...._--~.. Markel r Unrestricted distribution Sector Deep and Ullmdeep Wuler "~'--'-~'--"-~-~' ------'---'------_.- --- Rev No: Reason fOr issue: Prepared by: Verified by: Approved by: -C~-~ .. _.. __. 0 Draft report CBOY, PERSO ANDOF, KUHAN BLEV I Pinal report CDOY, PERSO KUHAN DLEV C> 2009 Dcl Norske Yerilfls (U.S.A.), lllc. All rights reserved. Tllis publiclltion or pani ib~fcof may tlo! be reproduccd m lf~llsillitled ill11ny form or by lIny means, including photocopying m recording. ~~ the prior wrinen Consenl of Dc I Norske Vcrilils (U.S.A.), Inc. Reference to par! of this report which may lead to nllSlIltcrpretnhon IS nol pernHsslblc, 12A88QH·9 1TriUISOt:Cfln Offshore Deepwater Drilline Inc. 131/0712009 Page i Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00063078 DET NORSKE VERITAS Beaufort Sea Drilling Risk Study (I Transocean Off:<.;hol'e Deepwater Drilling Inc. MANAGING RISK _ Based on the reliahility figures in Table 4-7, the one-blind shear BOP reliability on demand (100% minus probability of failure on demand) is estimated to be 99.00% whereas the 2-blind shear BOP reliability on demand is estimated to be 99.32%. There is a slight improvement (+0.32%) in reliability for the two-blind shear design. This is because the reliability is driven by single point failures of the control system and wellhead connector leaks which affect both BOP configurations. 4.2.3 Incorporating BOP Reliability into Analysis In order to provide a valid comparison, the BOP reliability on demand must be rclated to the frequency of any event that requires the BOP to be engaged, including kicks and other minor events which are not included in the scope of SINTEF reporting. In order to maintain a conservative analysis, the loss of well control frequency as provided by SINTEF was adjusted to a higher staliing !i'equency by which to apply the BOP reliability to. The following section outlines the methodology and results of incorporating the added BOP reliability into the analysis. Based on the historical SINTEF data, of the 11 remaining loss of well control incidents, the BOP was able to close and securc the well in six ofthe incidents (6/11 = 55% success); hence five events (45%) are classified as failures of using the BOP stack to prevent uncontrolled flow. This equates 4 to an uncontrolled flow event frequency of 3.1 x 10. , or one event for every 3,205 wells drilled. The next branch in the event tree is shown in Figure 4-6 below. 55% 3.8 x 10~ Engage BOP in a Success loss of well control event 6.9x 10-4 45% 3.1 x 10" Failure , Figure 4-6 SINTEF Historical Uncontrollcd Flow Frcqucncy The historical data is assumed to be reprcsentative of one-blind shear BOP configurations; therefore the uncontrolled flow frequency and one-blind shear BOP reliability can be used to calculate the total !i'equency of events requiring the BOP to be engaged. This is shown in Figure 4-7. "'-'-'-'--' 99% 3.1 x 10.2 Success Ell"a"C BOP 3.1 x 10.2 1% 3.1 x 10-4 Failure Figurc 4-7 AdJustcd Frcqucncy Based on One-blmd Shear BOP RdCrcllc~ to pmt oftl\ls l"pOrl which Ill")' lead to misinterpretation is not pcnnisslbJc ]2A88QII.9 / Transocean Of1:~hore Deepwater Drilling Illc 131/07/2009 Page 20 Confidential Treatment Requested by Transocean Holdings LLC TRN-HCEC-00063103 SPE/IADC 119762 Pull Your BOP Stack-Or Not? A Systematic Method to Making This Multi.. Million Dollar Decision Jeff Sattler, WEST Engineering Services Gopynghl2009. SPEIIADG Drilling Conference and EXhibition 'Hus paper was prepared for presenlallon alilla $PEIIADC Drilling Conference and Exhibition held In Amslerdam, The Netherlands, 17--19 March 2009. 'HIls paper was selected for presenlallan by an SPEIIADC program cammilleelollowlng r.view 01 information contained in an abstract sUllmllled by the aUlhor(s). Conlents 01 the paper have not been reviewed by Ihe Soclely of Petroleum Engineers or the Internalional Association of Drilling Contraclors and are subjeci 10 correclion by tho ""Ihor(s}. Tile rmllenal does 110t necessarily reffect any positron of Iho Society of Pe1rolsurY'! Engineers Of lhe International Association of Drlmng Contractors, its officors, or members. Elec1ronic reproduclion, distribulion, Of slorage 01 any part of Ihis paper withoul 1M wrilten consent 01 th. Society of Petroleum Englne.rs or Ule IntelrlallOnal Association of Drming Conlractors IS prohibited, PermiSSion 10 reproduce in pnnl is reslricted 10 an ab.tracl of not more Ihan 300 wordS; illuslrallons may not be copied. The abslract musl conlaln conspICuous acknowleogmenl of SPEliADC copynght. 7 '5 , 1 Abstract Category: Deepwater Drilling or Case Studies Pulling your BOP stack, particularly in deep water, is one ofthe singularly most costly events in the drilling of a well if it occurs. While in most cases this course of action is correctly undertaken, occasions occur when the stack pull could have been avoided. These regrettable incidents occur for a variety of reasons, including inadequate information andlor staff training, unclear understanding of regulatory or company requirements, and non-availability of expel1s to assist in the decision making due to time zone differences, among others. This paper presents several case studies where planned stack pulls were circumvented or could have been, as well as a systematic protocol that can be developed prior to starting a well to define the decision making process 1'01' stack pulls for your specific program. Introduction Current deepwater rig downtime costs can easily approach $1,000,000 USD per day, allocated roughly equally between rig and spread costs, or about $700 per minute. The linancially signillcant cost of pulling your BOP stack, pal1icularly in deep water, is one that is always noticed when it occurs. Undoubtedly, this action is necessary most of the time. However, on those occasions when the stack pull could have been avoided, all pmiies to this action rightfully question how to take best advantage ofthe unfortunate learning situation. Avoidable stack pulls occur for a variety of reasons, inclUding: • Inadequate information about the situation or equipment, • Inadequate staff training, • Unclear understanding of regulatory requirements, • Unclear understanding ofcompany requirements, and • Lack ofaccess to experts who can assist in the decision making. This paper presents a systematic protocol that can be used prior to starting a well or during the drilling, if necessary, to help define the decision-making process for stack pulls for your specific program, In addition, it presents several case studies where planned stack pulls were circumvented, or might have been, with more preparation, experience, understanding or inspection. It is best to make some preparations before the drilling stalis. In the thick ofthe drilling process, when things stal1 to go wrong, time is much more valuable and results in an atmosphere of urgency that sometimes results in what is retroactively identified as a poor decision. Once a problem develops, you should take the time to identify the root cause, if possible, and then take the necessary steps to analyze the situation and decide ifdrilling can safely continue 01' not. This part of the process often requires the advice and experience of one or more experienced drilling experts, n'O!l1 within or outside the pal1ies directly involved in the drilling operation. Note: Much of the information presented here is commonly available in the drilling industry, but this paper strives to present it in a more structured framework, to encourage readers to do at least some of the preparation before starting the drilling program and to analyze the problem and potential solutions in detail before deciding on a course ofaction. Survey of Available Data on OCS Resources and Identification of Data Gaps development cost scenarios. Results of this economic analysis are called Undiscovered Economically Recoverable Resources (UERR). For the 2010-2015 Draft Proposed Program, UERR’s were generated using oil prices of $60/barrel (bbl), $110/bbl, and $160/bbl. Results are shown in Table 2 and indicate that approximately 53 percent of the total UTRR is economically recoverable on an oil-equivalent (BOE) basis, with an oil price of $60/bbl and corresponding gas price of $6.41/thousand cubic feet of gas (Mcf). This increases to about 78 percent with an oil price of $160/bbl and corresponding gas price of $17.08/Mcf. Table 2. Mean Undiscovered Economically Recoverable Resources of the OCS $60/bbl and $6.41/Mcf $110/bbl and $11.74/Mcf $160/bbl and $17.08/Mcf Region Oil Gas BOE Oil Gas BOE Oil Gas BOE (Bbo) (Tcf) (Bbo) (Bbo) (Tcf) (Bbo) (Bbo) (Tcf) (Bbo) Alaska OCS 4.45 7.20 5.73 11.45 30.01 16.79 15.46 50.78 24.50 Atlantic OCS 2.58 14.55 5.17 3.07 21.85 6.96 3.28 25.79 7.87 Gulf of Mexico OCS 36.75 165.94 66.28 41.04 203.43 77.24 42.56 214.87 80.79 Pacific OCS 8.38 13.16 10.72 9.29 15.14 11.98 9.49 15.60 12.27 Total U.S. OCS 52.16 200.85 87.90 64.85 270.43 112.97 70.79 307.04 125.42 (Bbo-billion barrels of oil; Tcf-trillion cubic feet of gas.) New areas in the Atlantic, Eastern Gulf of Mexico, Pacific, and Alaska OCS have been identified for inclusion in the 2010-2015 Draft Proposed Oil and Gas Leasing Program. Although leasing has not occurred in these areas for about 25 years, previous exploration has occurred in portions of these areas, and some of these areas contain active leases with producing oil and gas fields. Updated research and exploration regarding the likely location of energy resources and environmental impacts are necessary to fill in data gaps. Safety and the Environment Oil Spill Risks Oil spills are of major concern to the public, offshore industry workers, and Federal and State regulators. Spill prevention offshore is achieved primarily through required, extensive safety procedures and practices, and engineering requirements such as the use of downhole shut-off valves and blowout prevention devices. The record shows good results in preventing and minimizing spills. In 2003, the National Research Council reported (for the period 1990 through 1999) that offshore oil and gas development was responsible for only 2 percent of the petroleum found in the marine environment for North America. The MMS employs advanced oil-spill risk analysis to inform its environmental assessments of offshore activities. Spill prevention, mitigation, and response plans are required and tested frequently to maintain readiness offshore. 6 Survey of Available Data on OCS Resources and Identification of Data Gaps E. Key Challenges and Information Needs The following sections describe the key challenges and information gaps for each of the resources discussed in Section III.C above. The discussion is broken into geographic areas with some of the challenges and information gaps common to all areas discussed first. 1. All OCS Regions a. Key Challenges for Oil and Gas Development Seafloor Habitats: The key challenges related to seafloor habitats include the impacts caused by anchoring, infrastructure and pipeline emplacement, infrastructure removal, blowouts, drilling discharges, produced water discharges, and possible oil spills. Blowouts and oil spills are very rare. The basic approach to mitigate physical impacts to sensitive biological communities on the sea floor is to identify their location and avoid those areas by impacting activities. Effectiveness of this process is demonstrated at the Flower Garden Banks in the Gulf of Mexico, which coexists in close proximity to numerous oil and gas operations, while continuing to be one of the healthiest coral reefs in the western hemisphere. Coastal Habitats: For coastal habitats, key challenges are the placement of pipelines, increased usage of ship channels, a lack of existing onshore infrastructure capable of supporting the offshore activity, and oil spills. Careful site selection for onshore support bases, pipeline placements, and new channels required for OCS offshore access can be used to minimize damage to coastal habitats. Shore base development must be closely coordinated with the affected states’ Coastal Zone Management authority as well as the appropriate Federal resource and regulatory agencies (USFWS, NOAA, and Army COE) in order to assure that impacts to sensitive coastline features and wetland areas are avoided or minimized. Maximizing the use of existing onshore facilities for fabrication, staging, support base construction utility corridors or drainage rights of way as well as other previously disturbed areas for pipeline landfalls would minimize or eliminate damage to sensitive areas. Staging of oil spill response equipment and adequate response planning would minimize coastal impacts from oil spills. Marine Fish Resources: Key challenges for oil and gas development that are common to all OCS areas include the threat of accidental oil spills, space-use conflicts, habitat alteration, and seismic surveys. The threat of an oil spill and its effects both directly and indirectly on fisheries is central to the concerns about offshore oil and gas. There is extensive information on the detrimental effects of oil on fisheries in coastal and ocean situations (NRC, 2003). Much of this research was and continues to be funded by MMS. Space-use conflicts, at the dock or offshore, and habitat alteration, as pipelines are installed and come onshore, are important challenges that can be met by working closely with stakeholder groups including industry at the time of specific projects, encouraging multiple-use of infrastructure, and open consideration of alternative locations and routes. Seismic surveys are a challenge, as noise from such activity negatively affects fish resources, temporarily affects the ability to catch fish, and limits access to an area. Mitigations for seismic surveys on fisheries include timing and notification so that there is the least amount of interference with fishing, avoidance of fish spawning locations, spawning seasons, and areas of concentrated fishing activity, limitation to the smallest area III-34 IBlow-out Prevention EquipmentReliability JointIndustry Project H. Data Calculations The Athens Group audited the collection process executed by WEST from the point data was readyJor loading on the website. No data was used withouta 100% assurance ofaccurate source and quality.. The software. and techniques used for the analyses were documented and transparentto the liP technical committee. There were NO proprietary algorithms orapplication used to manipulate the data, All statistical analyses were executed using generally accepted industry practices. J Data Categorization - AIIData Collected The following data categorization is based on all data collected by WEST Engineering for the study. Figure 4-6 showsthe data provided for this report bast:d on bottom lease number and APlnumber. There were a total of4244 individual well test records. Those test records contained a totalof89,189testson individual pieces ofequipment. The goal ofthe data collectionwas to have a 95% plus confidence factor in the number ofwell collected and the amount ofdata validated. Base on the number ofindividual API wells, the confidence factor that enough data was collected andmade available for statistical analysis exceeded that factor byover4.6%, for a confidence factor of99,58%. Total Number ofMMS Subsea Wells 239 Total Number ofWells Recorded 238 Total NumberofWells Remaining 16 Total Number ofWell TestRecords 4,244 Average Well Tests Per Well 21 TotalNumber ofWell Tests 89,189 Average component Tests pet: Well 375 Current Confidence Factor 99.. 58% Figure 4-6 Data andStatistical Confidence I. Statistical Analyses· Because ofthe large number ofcomponent tests, 89,189 and the smallnumber offailures, 62, correlation analysesalltrend toward zero. Correlations can be drawn from the data as categorized by several variables. However, theymay not be statistically valid because the failure frequency is so low. Distribution across All Component Types The following Figures represent the distributions ofthe data among various independent variables that could be used for correlations and regression analyses for failure rate predictions. Note that NOT all graphs total 62 failures. This is because some ofthe independent variables had no entries inthe fields aggregated. Tables indicating the data on which these graphs are based maybe found in the appendix. Page 123 IBlow-out Prevention Equipment Reliability Joint Industry Project Asan industry, BOP pressure tests and function tests on the surface often do notreflect real world subsea conditions. Sometimes this is a conscious decision, (stump testing pressure may be dictated by the well plan} and sometimes this is due to the·design oftherig (testing must be accomplished using hot lines). This is especially true when a rig must splitthe BOPstackandLMRP while onthe deck. The flow path and flow rate the control fluid follows subseais significantlydifferentfrom operatingthe BOP on the surface with a Yzu hotline. Slower flow rates that generally occur when testing onthe surface can mask waterhammer issues; this wasone ofthelessons learned when 5thgeneration rigs began operations. Another significant difference on the surfaceinvolvesthe subsea accumulators. Often the pre-charge presstireis so high that no fluid ever enters the bottles when the BOPs are ondeck. While they do get pressure testedon the surfacethey hardly ever get flow tested. As anindustry, there has been no mandate to address these types ofissues although some rigs and/or drilling contractors have acknowledged these discrepancies in the surface testing procedures and are being proactive in addressing themby developingtesting procedures that will more closely simulate subsea conditions, Typically the normal operating pressure supplied to the BOP components via the manifold regulators is setat 1500 psi; however, nearly allthe equipmenthas a ratedoperating pressure of3,000psi. When the BOP is on the deck, the operating system may never see anything above 1,500 psL The , mentality maybethat "I don't want to find problems; 1 want tado the minimum necessary to obtain a good test".. Due to this and other issues,therig reality maydiffer greatlyfrom the maintenance.system planned bythe corporate experts andlor proceduresin place on that specific rig. Table 3 ioAPI RP53 sectionlS·offerssome guidance on stump tests yet, in many cases, this is notfollowed. The philol'ophicalapproach is seen to be shifting to do more to find hiddenfailures before the BOP is deployed; however, additional or more extensive testing will require more time prior to deploying the BOP stack. Often there is a great deal ofpressure to run the BOP stack before itisdeemed fit for purpose bythe experts who maintain and test the equipment. Pressure tocut comers can come from the operator, the drillingcontractor, or it can be imagined. Regardless ofwhere it comeS from, equipment reliabilityis compromisedifthe BOP is deployed prior to being fully tested in a manner designed to identify failures and simulate subsea conditions as closely as possible. Testing systems and components to the maximum rated pressures on surface should be considered the norm rather than the exception. As mentioned earlier, there may bea difference between the written maintenance system and the tasks executed. All computer based maintenance systems have the abilityto track tasks whichare notcompleted, yet there is no mandated industry standard for tracking orreporting tasks not completed. As noted, while it is notpossible to completely simulate the hydrostatic pressure the Bdp will be exposed to, there are a number oftesting procedures that would, ifimplemented, be a more realistic test ofthe BOP and simulate some ofthe conditions the BOP will be exposed to subsea. We suggest thatAPIRP 53 Table 3be modified to address these issues and be adoptedas protocol to avoid two week pressure testing. subsea. Appendix! provides an overview ofindustry corporate preventivemaintenance philosophies currently in effect for subsea stacks. B. Correlations ofdata from WESTs database Stump and initial installation tests were specifically excluded by the committee defining the project requirements. However, WEST considered itofinterestto evaluate the failure distributions identified by Page 135 FINAL REPORT Blow-out Prevention Equipment Reliability Joint Industry Project (Phase I- Subsea) 15 January 2010 ~1I~lF ENGINEERING ~SERVICES • • , Blow-out Prevention Equipment ReJiability Joint Industry Project-Subsea • The results ofthe test data included in this project indicate the following failure frequency, MTTF (Mean • Time To Failure) in units ofoperating days/failure: • Component/System MTTF, Operating days/failure • Annulars 4,595 • Rams • Fixed 00 • VBR 3,138 BSR 4,694 Casing shear 00 • Choke and kill valves 113,553 • Connectors 19,228 Control systems • Biased 847 • Piloted 658 • MUX 430 • Table 2-1 Equipment Failure Frequency • It is important to understand and focus on the fact that control system failures are the most likely category offailures on subseaBOP equipment and that they are identified by function tests. Accordingly, this • report recommends no change to the current weekly function test requirement. • Based on the data collected, increasing the existing testing frequency will not result in substantial changes to reliability. The recommendation to extend the 14-day pressure test requirement to 35 days maximum, • results from the combination ofeffective failure identification through other means, and industry standard • and mandated testing prior to running the stack and upon initial installation. • ps, (%) based on test • Component freclUenCY • 14 days 35 days Annulars 99.62 99.06 • Rams • Fixed 100 100 • VBR 99.78 99.46 • BSR 99.82 99.55 CasinJ;!; shear 100 100 • Choke and kill valves 99.99 99.97 • Connectors 99.93 99.82 • Table 2-2 BOP Stack Component Probability ofSuccess • • Page /6 of 119 • -..-0.,., '~_'''''''- ' _"~"' .• _. _.eO, • •••., , , ,'-.• ~ •• ; ~.' _ ~",'" "_•. ,, ~ __ _,... _ " ~ = h_ ,._ ,_" .. .~ SUBSEA SYSTEMS PER FOR 1\11 A f\J C bp Cameron Junk Shot (JS) Skid i:Jo!V P;Jc2 ~~- .----! April, 2010 RAISING PERFORMANCE. TOGETHERTM I eCAMERON • --.l"'I 'I CONFIDENTIAL TREATMENT REQUESTED CAM-HCNR00010678 ~, .'.' /;paiL 22 ~-----=- QI3 t/CB5OU.- _ 1J:k!v,u 0;)£~.:5T7J2P~~A/ I j A/o/ /2/,s/.::: .51tbn-/2~ (20 V /-.4 / ~ 61>H 3i'Cfi) fJsL ~l...j/ 3Oq/lZ.- ~'AjJl'J0if/ "(--.1- ,}HOO"ue-y SIW5/ - (}tL6t> 11;i/2rfr-15 I;£(;v /AJ L~ . flld7ri1 • (bM:>l22\J2 2)IO/AJ r/!.;/O m2~!V w~rt5?5Q;2:}/o /5:fV'''-'i ~412cJt/ -dly /YZeV-Ub ifh. a~L.cJZ:M:::/7?oo~ .5>~L_I/lT/Lfu:OU06 /20V--tJ;;}- ~ SSTui) iv !2u"u J.c;r:2/G5- /2/9/7/&r!7/(/j) 1Za/7X/ DIU j>/P()/~;;;L. .-- 5}-j-~12S . - (l)!LY8/tUf UN1-1 ,::2&l> oiZ 3/2.£>kC!/U. a;»1£i)5 ()/J W)l}q-T~) , ~Ux:Av1t:-7){) -112'5}11)}/ 'Il;2ff"-70e-72Sd/2 &~ ~ d- (JuMp:5 50 Lj/lZ-/nv. @ /qtIJZJ~T --# s#t85 ~ S/q~ cJ·12 i)u/JZ- -41 / /1 012 / fc/;I t/u131£X'j 80-;IV) ~ ~ 0/2 3t??l2uu pJ>2 .I9-fflf./Z)~/cIo>112:5 3 I20flzs/2rIc/c (l6Cl 97JZ . ~bh' -= «~J1L ~ '* r . Thursday 6th May 2010 Confidential Treatment Requested BP·HZN·CEC 018930 DatelTime Top of Fl •• Joint 5006 ft A 4/22/10 2:45 Cut electrical wtres to sImulate Deadman (blind shear rams) 4/2212010 07:30 Cut nrlng pIn for Autoshear (activates blinds shear rams) Up,", An...,., -----;~~=::::;--~ Choke line Loft, Annulu Riser Connector C 4122120101:15 Attempt 10 close by pumping Into ROV hot slab -lOW now rate 41261201011:00 Attempt 10 close with ROV • low now rate 4126/2010 22:00 Attempt 10 close with ROV with portable subsea accumulator· system leaks 4126/201024:00 Idenul'y and nx leak In control system 4127120104:00 Attempt 10 close wi ROV. Pressure u 8 lImes to 5000psl • no IndIcation of movement D 4127/2010 10:00 Cut hydraulic hoses 10 access casing shear ram 4127/2010 24:00 Attempt 10 close wilh coiled tubing unit - low flow rate 4128120104:00 Modify hoses 10 increase flow area 4128/2010 23:00 Attempt 10 close wi ROV Wand - a parenll moved shuttle valve, but system leaks ~~~--Ir~~-IB 4121/201018:00 Attempt 10 close by pumping Into ROV hot stab - ROV pump failure 4125120109:00 Attempt 10 close wllh ROV - only able 10 hold 2000 psi 4125/2010 22:00 Attempt 10 close wllh ROV with portable subsea accumulator - system leaks 4126120105:00 Identify and fix leak in conlrol syslem 4126/201011:00 Attempt 10 close with ROV with pressure up to 3500psl - no Indication of movement L1C ILOCI~ @] ~ ~r:H-:-r--=-4':::2-=8-:::'2:::0-;"1-:C0-=5--':0:-:0c---'R=-O=VC:-V1-=s-u-a--;IIy;-;I-ns-p-e-c-;"I-=-ta--=I:-I r-o-d;-p-o-s-;"lt-=-lo-n-of=-C=-h;-O--=kc-e-&:::--:CK:::II::-1::-lIn-e-va--=l-ve-s-.--=Ac-p-p-e-ar-co-rr-e-ctC------, ~ 4128120106:00 Thermal survey of choke & kill lines. No Indication fn w. Top ofW.llh.ad Version 3 10 Confidential Treatment Requested BP·HZN·CEC 018939 Drill Pipe Choke Line Kill Line / Upper Annular Lower Annular Lower Marine Riser Package Blind Shear Ram Casing Shear Ram Variable Bore Ram Blow Out Variable Bore Ram Preventor Test Bore Ram-----' -.: ? 21 Confidential Treatment Requested BP·HZN·CEC 018950