Fire and Gas Detection Philosophy for Industrial Process Installations

Author: Engineer Hub
Version: 3.0
Date: 2026

A Fire and Gas system is one of the few engineered barriers that has to work during the most chaotic minutes of an incident. Not during normal operation, not during a clean factory acceptance test, but when visibility is reduced, people are stressed, utilities are unstable, and multiple alarms arrive at once.

This whitepaper is written from the viewpoint that an F&G system is not “a detector list”. It is a set of decisions that connect credible scenarios to clear operator actions and, where justified, automatic actions. If those connections are not explicit, the system will look complete on drawings and still fail in the field.

What an F&G System Is, and What It Is Not

An F&G system is a fixed detection and logic function that detects hazardous gas and fire conditions and triggers alarms and predefined responses. It often sits between the control system and the emergency shutdown layer: it can inform operators, it can initiate local protective actions, and it can trigger shutdown sequences when escalation risk is high and response time is short.

It is not ATEX compliance. ATEX and hazardous area classification tell you where an explosive atmosphere may exist and what equipment is suitable there. Detection is a risk reduction measure that can reduce exposure time and enable early intervention, but it does not eliminate the presence of flammable atmospheres by itself.

It is not a replacement for safe design. The first barrier is containment integrity, ventilation design, segregation, and inventory minimisation. F&G is an early warning and escalation control barrier when those primary barriers degrade.

Start With a Scenario Register, Not With a Vendor Catalogue

The most valuable deliverable at the start of F&G design is a short scenario register. Not a long HAZOP reprint, just the few scenarios that actually drive detection and action.

Each scenario should be written in operational language, not only engineering language. For example:

• A flammable gas leak at a compressor seal, with potential accumulation at high points in an enclosure.
• A hydrogen release at a tube trailer connection during coupling, with release directionality and wind influence.
• A jet fire at a high pressure flange after loss of containment, with immediate escalation potential to nearby equipment.
• An electrical cabinet fire in an indoor room, where smoke detection can provide early warning before flame is visible.

For each scenario you define four things. If any of these are missing, the system is not engineered yet:

• What you want to detect, and what “detection” means in measurable terms.
• How fast you need detection relative to escalation time.
• What the operator is expected to do on each alarm level.
• What the system should do automatically, if anything.

This is where many projects quietly fail. They define detection, but not response. Or they define response, but not whether detection can occur early enough to matter.

Architecture That Survives Real Incidents

F&G architecture is often drawn as blocks: field devices, controller, outputs, HMI. In incidents, the weak points are almost always the interfaces and the “in-between” functions.

A robust philosophy explicitly defines:

• Where F&G logic is executed (dedicated F&G controller, SIS logic solver, separate fire panel, or a combination).
• What happens if communications fail between F&G and DCS.
• How alarms are presented and grouped in the control room.
• What outputs are hardwired and what outputs depend on networks.
• How overrides, inhibits, bypasses, and maintenance modes are controlled and audited.

Gas Detection: Selection Is About Failure Modes

Most discussions about gas detection focus on sensing principles. The better discussions focus on how sensors fail in the real environment.

A practical selection method starts with these questions:

• Is the target gas lighter or heavier than air, and where does it accumulate in the specific geometry.
• Is the hazard an accumulation problem, a jet release problem, or a boundary monitoring problem.
• Will the sensor face poisoning, inhibition, drift, condensation, dust, vibration, or wind washout.
• Can the sensor be calibrated and bump tested at the required interval without scaffolding and permit complexity.
• What is the expected background and what causes false positives or false negatives.

Common sensor categories and where they tend to fit:

• Catalytic detectors are widely used for many hydrocarbons, but require oxygen and can be susceptible to poisoning. They can be excellent when maintenance discipline is strong and the environment is understood.
• Infrared point detectors are strong for many hydrocarbons in air, often with good stability. They are not a universal solution and are not suited to every gas.
• Electrochemical sensors are typical for toxic gases and oxygen measurement, but are consumable devices with cross-sensitivities that must be managed.
• Open path detectors are powerful for boundary or corridor monitoring in open areas, but demand alignment, cleanliness control, and scenario suitability.

A subtle but important point: “best sensor” is not a meaningful term. The best sensor is the one that can be proof tested, maintained, and trusted on the day you actually need it.

Fire Detection: Decide Whether You Need Early Warning or Fast Escalation Control

Fire detection in process plants is not a single problem. A cabinet fire, a pool fire, and a jet fire are different detection problems with different consequences and different response windows.

In enclosed rooms where early warning matters, smoke detection is often appropriate. In open process areas where escalation is fast, flame detection is frequently used. Heat detection is robust in harsh environments but tends to be slower and should be matched to the consequence timeline.

Flame detection has its own reality:

• Line of sight matters more than any datasheet feature list.
• Congestion creates blind spots that are invisible on P&IDs.
• False alarm sources (welding, hot work, reflections, sunlight effects) must be part of the philosophy, not a footnote.
• Optics cleanliness is not a maintenance preference, it is a performance requirement.

Setpoints and Alarm Levels: Define Actions First

Setpoints are often debated in isolation. In practice, setpoints only make sense when they are tied to a response strategy.

A clean philosophy defines an alarm hierarchy with explicit intent:

• Low gas: early warning, investigate, restrict ignition sources, confirm ventilation, prepare isolation.
• High gas: escalation, local evacuation, automatic actions as defined (trip equipment, isolate sources, start extraction).
• Fire detected: immediate escalation control actions, area alarms, and clearly defined shutdown and firefighting interface.
• Fault: treat as loss of barrier, alarm it distinctly and manage it with urgency when risk is high.

Voting, Delays, Latching: The Truth About False Trips

Voting exists because spurious trips are costly. But voting can also reduce the probability of detection if coverage is weak or detectors are placed poorly.

A practical way to choose voting is to connect it to the scenario:

• If the consequence occurs faster than human response, you bias toward fast detection and decisive automatic action. Voting may be minimal and you compensate by improving detector reliability and reducing false sources.
• If false trips have major production consequences but escalation is slower, you can justify voting and short confirmation delays, but only if coverage and maintainability are strong.

Delays and latching should not be added “because we always do”. They should be justified:

• Delay can prevent nuisance trips during momentary disturbances, but it also increases time to action.
• Latching ensures the event is not missed and forces acknowledgement, but it can also create operational frustration if applied everywhere without discrimination.

Cause and Effect: Where Philosophy Becomes Real

The Cause and Effect matrix is the contract between hazards and actions. This is where good philosophies stand out: they are testable.

A good C&E row contains enough detail to execute a proof test without interpretation:

Notice what is not in the table: vague words. “Start ventilation” is not enough. Which fans, which dampers, what happens on power failure, what is permissive logic, and how is it tested. If you cannot test it, you cannot claim it as a barrier.

Detector Placement: Do Not Confuse Hazard Zones With Coverage Zones

Hazardous area zones show where explosive atmospheres may occur. Detector coverage zones show where a detector is likely to see a scenario above the alarm threshold within the time you need.

Those maps are related, but they are not the same object.

Practical placement thinking that survives audits and incidents:

• Gas detectors go where gas actually accumulates in the real geometry, not where it looks neat on a plan view.
• Fire detectors go where line of sight exists and where detection time beats escalation time.
• Every detector should be defensible by a scenario. If you cannot say which scenario it covers, it is ornamental.
• Every detector should be accessible enough to maintain its performance. If it cannot be tested without a project, it will not be tested.

Overrides and Inhibits: The Quiet Barrier Killer

Almost every real plant has inhibits. During commissioning, maintenance, hot work, process disturbances, or testing, you will inhibit alarms or outputs. This is normal.

What is not normal is unmanaged inhibits. A strong philosophy includes:

• Who can apply an override and under which permit.
• How overrides are displayed, alarmed, and logged.
• Time limitation and automatic reminders.
• Shift handover requirements and return-to-service steps.

Proof Testing and Lifecycle: Where Good Systems Stay Good

F&G systems rarely fail dramatically. They fail silently. Drift, contamination, optics degradation, calibration gaps, and neglected proof tests do not announce themselves until the day you need detection.

A philosophy is incomplete without an executable proof test concept:

• Test intervals per detector type and environment (not one blanket interval for everything).
• What “pass” means and what records are required.
• How you test not only sensors, but also outputs: sounders, beacons, relays, shutdown valves, deluge valves, fans, dampers.
• How inhibits are applied during testing and how restoration is verified.
• Competence requirements: who is allowed to calibrate, who signs off, who reviews trends and drift.

A simple operational reality check: if access is difficult, tests get skipped. If tests get skipped, your barrier is theoretical. Design for maintainability as early as you design for detection.

Hydrogen Specific Considerations

Hydrogen behaves differently from heavier hydrocarbons. This changes both where gas may accumulate and how fast a hazardous condition develops.

• Hydrogen rises rapidly and can accumulate under roofs, in ceiling voids, and under canopy structures in ways that are not intuitive from plan drawings.
• Jet releases can produce hazardous mixtures quickly, meaning detection needs to be positioned for fast recognition, not only for average accumulation.
• Hydrogen flames can be difficult to see, increasing the value of reliable flame detection and unambiguous annunciation.

The biggest engineering mistake in hydrogen projects is copying a hydrocarbon F&G concept without revisiting the scenarios. The words look the same, the physics does not.

Common Misinterpretations That Show Up in Audits

• “We have detectors, so the area is safe.” Detection is a barrier that must be maintained, tested, and managed. It can be unavailable.
• “F&G equals ATEX.” ATEX concerns explosive atmospheres and equipment suitability. F&G concerns detection, alarms, and response actions.
• “Voting always improves safety.” Voting reduces spurious trips but can reduce detection probability if coverage is weak or maintenance performance is poor.
• “We can retrofit later.” Retrofits tend to create inaccessible detectors and ugly bypass culture because testing becomes difficult.
• “A philosophy is complete when drawings are complete.” A philosophy is complete when proof tests can be executed and the C&E matches implemented logic.