SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Similar documents
Digital EPIC 2 Safety manual

100 & 120 Series Pressure and Temperature Switches Safety Manual

United Electric Controls One Series Safety Transmitter Safety Manual

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

Failure Modes, Effects and Diagnostic Analysis

STT850 and STT750 SmartLine Temperature Transmitter HART Communications Options Safety Manual 34-TT Revision 4 September 2017

Failure Modes, Effects and Diagnostic Analysis

Mobrey Magnetic Level Switches

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

PPA Michaël GROSSI - FSCE PR electronics

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S Rønde Denmark

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

Rosemount 2140:SIS Level Detector

Failure Modes, Effects and Diagnostic Analysis

Certification Report of the ST3000 Pressure Transmitter

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Certification Report of the ST 3000 Pressure Transmitter with HART 6

IEC61511 Standard Overview

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

SLG 700 SmartLine Level Transmitters Guided Wave Radar Safety Manual 34-SL Revision 4.0 December 2017

Failure Modes, Effects and Diagnostic Analysis

Session Ten Achieving Compliance in Hardware Fault Tolerance

SAFETY MANUAL. X2200 UV, X9800 IR, X5200 UVIR SIL 2 Certified Flame Detectors

IEC Functional Safety Assessment

FUNCTIONAL SAFETY OF ELECTRICAL INSTALLATIONS IN INDUSTRIAL PLANTS BY OTTO WALCH

Failure Modes, Effects and Diagnostic Analysis

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

FUNCTIONAL SAFETY CERTIFICATE. BG Break Glass Unit

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Technical Manual for the Manual Alarm Call Point BG

FMEDA Report. Failure Modes, Effects and Diagnostic Analysis. KFD0-CS-Ex*.54* and KFD0-CS-Ex*.56* Project: X7300

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Failure Modes, Effects and Diagnostic Analysis

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

Measurement of Safety Integrity of E/E/PES according to IEC61508

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Failure Modes, Effects and Diagnostic Analysis

Safety in the process industry

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

Functional Safety: the Next Edition of IEC 61511

Introduction. Additional information. Additional instructions for IEC compliant devices. Measurement made easy

New Developments in the IEC61511 Edition 2

Soliphant M with electronic insert FEM52

67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

Functional Safety Solutions

The SIL Concept in the process industry International standards IEC 61508/ 61511

Safety Instrumented Systems

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

IEC Functional Safety Assessment

SAFETY INTEGRITY LEVEL MANUAL. IEC and IEC XP95 and Discovery SIL Approved Product Range

Addressing Challenges in HIPPS Design and Implementation

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

Functional Safety: What It Is, Why It s Important And How to Comply

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

Safety Manual. XNXTM Universal Transmitter. Fault Diagnostic Time Interval Proof Test Proof Testing Procedure

HAWK Measurement Systems Pty. Ltd. Centurion CGR Series Safety Manual

Failure Modes, Effects and Diagnostic Analysis


FUNCTIONAL SAFETY MANUAL

Functional Safety Manual June pointek CLS500/LC500

InstrumentationTools.com

FUNCTIONAL SAFETY CERTIFICATE

430128A. B-Series Flow Meter SIL Safety Manual

SAFETY CERTIFIED MODEL FP-700 COMBUSTIBLE GAS DETECTOR

Safety Manual. XNX TM Universal Transmitter. Table of Contents SIL 2 Certificates Overview Safety Parameters

Pressure Transmitter cerabar M PMC 41/45 cerabar M PMP 41/45/46/48 with Output Signal ma/hart

SIPART. Electropneumatic positioner Functional safety for SIPART PS2. Introduction. General safety instructions 2. Device-specific safety instructions

Functional Safety Manual Oil Leak Detector NAR300 System

Topic MYTH FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT. Presented by : Arunkumar A

High Integrity Pressure Protection System

Functional Safety SIL Safety Integrity Level

Proservo NMS5- / NMS7-

ADIPEC 2013 Technical Conference Manuscript

Changes in IEC Ed 2

We reserve all rights in this document and in the information contained therein. Reproduction, use or disclosure to third parties without express

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

ACCURATE FAILURE METRICS FOR MECHANICAL INSTRUMENTS IN SAFETY APPLICATIONS

SAFETY MANUAL. IR5000 Open Path Hydrocarbon Gas Monitoring System

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Integrated but separate

Simply reliable: Process safety from Endress+Hauser

New requirements for IEC best practice compliance

Is your current safety system compliant to today's safety standard?

SAFETY MANUAL. Intelligent Sensors for H 2 S Gas Applications

Technical Manual for the Horn - DB1PUL DB1HP UL

Session Number: 3 SIL-Rated Fire (& Gas) Safety Functions Fact or Fiction?

Safety Manual. Eagle Quantum Premier SIL 2 Rated Fire & Gas System. 7.2 Rev: 8/

Transcription:

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators Rev 0, November 17 2015 Page 1 of 9

Table of Contents 1 INTRODUCTION 3 1.1 Terms and abbreviations 3 1.2 Acronyms 4 1.3 Product Support 5 1.4 Related Literature 5 1.5 Reference Standards 5 2 PRODUCT DESCRIPTION 5 3 DESIGNING A SIF USING MANUFACTURER PRODUCT 6 3.1 Safety Function 6 3.2 Environmental Limits 6 3.3 Application Limits and Restrictions 6 3.4 Design Verifications 6 3.5 SIL Capability 7 3.6 General Requirements 7 4 INSTALLATION AND COMMISSIONING 8 4.1 INSTALLATION 8 5 OPERATON AND MAINTENACE 8 5.1 Proof test without automatic testing 8 5.2 Repair and replacement 9 5.3 Useful Life 9 5.4 Manufacturer Notification 9 Rev 0, November 17 2015 Page 2 of 9

1 INTRODUCTION This Safety Manual provides information necessary to design, install, verify and maintain a Safety Instrumented Function (SIF) utilizing the Series MS hydraulic cylinders. This manual provides necessary user information and requirements for meeting the IEC 61508 and/or IEC 61511 functional safety standards. 1.1 Terms and abbreviations Safety Basic Safety Functional Safety Safety Assessment Element Fail-Safe State Fail Safe Fail Dangerous Fail Dangerous Undetected Fail Dangerous Detected Fail Annunciation Undetected Fail Annunciation Detected Freedom from unacceptable risk of harm The equipment must be designed and manufactured such that it protects against risk of damage to persons by electrical shock and other hazards and against resulting fire and explosion. The protection must be effective under all conditions of the nominal operation and under single fault condition The ability of a system to carry out the actions necessary to achieve or to maintain a defined safe state for the equipment / machinery / plant / apparatus under control of the system The investigation to arrive at a judgment - based on evidence - of the safety achieved by safetyrelated systems Part of a subsystem comprising a single component or any group of components that performs one or more element safety functions State of the process when safety is achieved Failure that causes the Series MS cylinders to go to the defined fail-safe state without a demand from the process. Failure that does not permit the SIF to respond to a demand from the process (i.e. being unable to go to the defined fail-safe state). Failure that is dangerous and that is not being diagnosed by automatic testing. Failure that is dangerous but is detected by automatic testing. Failure that does not cause a false trip or prevent the safety function but does cause loss of an automatic diagnostic and is not detected by another diagnostic. Failure that does not cause a false trip or prevent Rev 0, November 17 2015 Page 3 of 9

Fail No Effect Low demand mode High demand mode Continuous Mode the safety function but does cause loss of an automatic diagnostic or false diagnostic indication. Failure of a component that is part of the safety function but that has no effect on the safety function. Mode where the safety function is only performed on demand, in order to transfer the EUC into a specified safe state, and where the frequency of demands is no greater than one per year and no greater than twice the proof test frequency. Mode where the safety function is only performed on demand, in order to transfer the EUC into a specified safe state, and where the frequency of demands is greater than one per year or greater than twice the proof test frequency. Mode where the safety function maintains the EUC in a safe state as part of normal operation. 1.2 Acronyms EUC FMEDA HFT MOC PFDavg PFH SFF SIF SIL SIS Equipment Under Control Failure Modes, Effects and Diagnostic Analysis Hardware Fault Tolerance Management of Change. These are specific procedures to follow for any work activities in compliance with government regulatory authorities or requirements of a standard. Average Probability of Failure on Demand Probability of Failure per Hour Safe Failure Fraction, the fraction of the overall failure rate of an element that results in either a safe fault or a diagnosed dangerous fault. Safety Instrumented Function, a set of equipment intended to reduce the risk due to a specific hazard (a safety loop). Safety Integrity Level, discrete level (one out of a possible four) for specifying the safety integrity requirements of the safety functions to be allocated to the E/E/PE safety-related systems where Safety Integrity Level 4 is the highest level and Safety Integrity Level 1 is the lowest. Safety Instrumented System Implementation of one or more Safety Instrumented Functions. A SIS Rev 0, November 17 2015 Page 4 of 9

is composed of any combination of sensor(s), logic solver(s), and final element(s). 1.3 Product Support Product support can be obtained from: Cowan Dynamics Inc. 6194 Notre Dame West Montreal, QC, Canada H4C 1V4 Phone:514-341-3415 Fax:514-341-0249 WEB site : www.cowandynamics.com Email: SIL@cowandynamics.com 1.4 Related Literature Hardware Documents: Maintenance Manual for Hydraulic Cylinders Series MS Series MS Product brochure Guidelines/References: Practical SIL Target Selection Risk Analysis per the IEC 61511 Safety Lifecycle, ISBN 978-1-934977-03-3, Exida Control System Safety Evaluation and Reliability, 3rd Edition, ISBN 978-1-934394-80-9, ISA Safety Instrumented Systems Verification, Practical Probabilistic Calculations, ISBN 1-55617-909-9, ISA 1.5 Reference Standards Functional Safety IEC 61508: 2010 Functional safety of electrical/electronic/ programmable electronic safety-related systems IEC 61511:2003 Functional Safety Safety Instrumented Systems for the Process Industry Sector (or ISA 84.00.01 if it is more appropriate) 2 PRODUCT DESCRIPTION The Series MS are single-acting 3000 psi spring-return hydraulic linear actuators that feature a triple-seal design with dual wipers. Series MS cylinders are available from 1½ to 14 bore, up to 24 stroke and 72000 pounds of preload. Rev 0, November 17 2015 Page 5 of 9

See Installation and Maintenance Manual for additional setup and configuration details. 3 DESIGNING A SIF USING MANUFACTURER PRODUCT 3.1 Safety Function The safety function of the single acting spring return linear hydraulic actuator is to mechanically move the attached field device on application of pressure at its port and the return of the actuator on removal of pressure. The Series MS is intended to be part of a SIF subsystem as defined per IEC 61508 and the achieved SIL level of the designed function must be verified by the designer. 3.2 Environmental Limits The designer of a SIF must check that the product is rated for use within the expected environmental limits. Refer to the Maintenance Manual for Hydraulic Cylinders Series MS for environmental limits. 3.3 Application Limits and Restrictions The materials of construction of a Series MS are specified in the Cowan Dynamics Inc. Series MS Brochure. It is especially important that the designer check for material compatibility considering on-site chemical contaminants and air supply conditions. If the Series MS is used outside of the application limits or with incompatible materials, the reliability data provided becomes invalid. 3.4 Design Verification A detailed Failure Mode, Effects, and Diagnostics Analysis (FMEDA) report is available from Cowan Dynamics Inc. This report details all failure rates and failure modes as well as the expected lifetime. Assumptions made during the FMEDA are listed in the FMEDA report. The achieved Safety Integrity Level (SIL) of an entire Safety Instrumented Function (SIF) design must be verified by the designer via a calculation of PFD AVG or PFH, considering safety architecture, proof test interval, proof test effectiveness, any automatic diagnostics and worst case fault detection interval, average repair time and the specific failure rates of all products included in the SIF. Each subsystem must be checked to assure compliance with minimum hardware fault tolerance (HFT) requirements. The Exida exsilentia tool is recommended for this purpose as it contains accurate models for the Series MS and its failure rates. When using Series MS in a redundant configuration, a common cause factor of at least 5% should be included in safety integrity calculations. Rev 0, November 17 2015 Page 6 of 9

The failure rate data listed the FMEDA report are only valid for the useful life time of Series MS. The failure rates will increase sometime after this time period. Reliability calculations based on the data listed in the FMEDA report for mission times beyond the lifetime may yield results that are too optimistic, i.e. the required Safety Integrity Level will not be achieved. 3.5 SIL Capability 3.5.1 Systematic Integrity The product has met manufacturer design process requirements of Safety Integrity Level (SIL) 3. These are intended to achieve sufficient integrity against systematic errors of design by the manufacturer. A Safety Instrumented Function (SIF) designed with this product must not be used at a SIL level higher than the statement without prior use justification by the end user or diverse technology redundancy in the design. 3.5.2 Random Integrity The Series MS is a Type A Element. Therefore, a design can meet SIL 2 @ HFT=0 when the Series MS is used as the only component in a SIF subassembly. When the SIF consists of many components the SIL must be verified for the entire assembly using failure rates from all components. This analysis must account for any hardware fault tolerance and architecture constraints. 3.5.3 Safety Parameters For detailed failure rate information refer to the Failure Modes, Effects and Diagnostic Analysis Report for the Series MS. 3.6 General Requirements The system s response time shall be less than the process safety time. All SIS components including the Series MS must be operational before process start-up. User shall verify that the Series MS is suitable for use in safety applications by confirming the Series MS s nameplate is properly marked. Personnel using and performing maintenance and testing on the Series MS shall be competent to do so. Results from the proof tests shall be recorded and reviewed periodically. Rev 0, November 17 2015 Page 7 of 9

4 INSTALLATION AND COMMISSIONING 4.1 Installation The Series MS must be installed per standard practices outlined in the Installation Manual. The environment must be checked to verify that environmental conditions do not exceed the ratings. The Series MS location and placement must be accessible for physical and/or visual inspection and allow for manual proof testing. 5 OPERATION AND MAINTENACE Your Cowan Dynamics Inc. actuator has been designed to give you trouble free performance with a minimum of maintenance. Periodic inspection and replacement of seals, when required, is recommended in order ensure continuing product safety and reliability. Inspection and seal replacement intervals depend on your specific operating conditions. 5.1 Proof test without automatic testing The objective of proof testing is to detect failures within Series MS that are not detected by any automatic diagnostics of the system. Of main concern are undetected failures that prevent the safety instrumented function from performing its intended function. The frequency of proof testing, or proof test interval, is to be determined in reliability calculations for the safety instrumented functions for which Series MS is applied. The proof tests must be performed at least as frequently as specified in the calculation in order to maintain the required safety integrity of the safety instrumented function. The following proof test is recommended. The results of the proof test should be recorded and any failures that are detected and that compromise functional safety should be reported to Cowan Dynamics Inc. The suggested proof test consists of a full stroke of the valve, see Table 1. For the test to be effective the movement of the valve must be confirmed. To confirm the effectiveness of the test both the travel of the valve and slew rate must be monitored and compared to expected results to validate the testing. This test will detect 90% of possible DU failures in the Series MS. The person(s) performing the proof test of a Series MS should be trained in SIS operations, including bypass procedures, valve maintenance and company Management of Change procedures. No Special tools are required. It is recommended that a physical inspection (Step 3 from Table 1) be performed on a periodic basis with the time interval determined by plant conditions. Rev 0, November 17 2015 Page 8 of 9

Table 1: recommended proof test Step Action 1. Bypass the safety function and take appropriate action to avoid a false trip. 2. Interrupt or change the signal/supply to the actuator to force the actuator and valve to the Fail-Safe state and confirm that the Safe State was achieved and within the correct time. 3. Re-store the supply/signal to the actuator and inspect for any visible damage or contamination and confirm that the normal operating state was achieved. 4. Inspect the valve for any leaks, visible damage or contamination. 5. Remove the bypass and otherwise restore normal operation. 5.2 Repair and replacement Repair procedures in the Maintenance Manual for Hydraulic Cylinders Series MS must be followed. 5.3 Useful Life A useful life period of approximately 10 years is expected for the Series MS. Based on general filed data a product life of approximately 20 years is expected for the Series MS if the lower level components are renewed before the end of their useful life and the device is maintained per manufacturer s instructions. 5.4 Manufacturer Notification Any failures that are detected and that compromise functional safety should be reported to Cowan Dynamics Inc. Please contact Cowan Dynamics Inc. customer service. SIL@cowandynamics.com Rev 0, November 17 2015 Page 9 of 9

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback