The SIL Concept in the process industry International standards IEC 61508/ 61511

Similar documents
SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Digital EPIC 2 Safety manual

The agri-motive safety performance integrity level Or how do you call it?

Applying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD

High Integrity Pressure Protection System

100 & 120 Series Pressure and Temperature Switches Safety Manual

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

IEC61511 Standard Overview

Functional Safety: the Next Edition of IEC 61511

ADIPEC 2013 Technical Conference Manuscript

INTERNATIONAL STANDARD

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

Measurement of Safety Integrity of E/E/PES according to IEC61508

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

United Electric Controls One Series Safety Transmitter Safety Manual

InstrumentationTools.com

Reliability and Safety Assessment in Offshore and Process Industries

Safety in the process industry

Safety Instrumented Systems

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

2015 Functional Safety Training & Workshops

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

FUNCTIONAL SAFETY OF ELECTRICAL INSTALLATIONS IN INDUSTRIAL PLANTS BY OTTO WALCH

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

INTERNATIONAL STANDARD

Addressing Challenges in HIPPS Design and Implementation

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Functional Safety Application of IEC & IEC to asset protection

Functional Safety: What It Is, Why It s Important And How to Comply

Fire and Gas Detection and Mitigation Systems

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

IEC an aid to COMAH and Safety Case Regulations compliance

Safety Manual. XNXTM Universal Transmitter. Fault Diagnostic Time Interval Proof Test Proof Testing Procedure

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

INTERNATIONAL STANDARD

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY


Value Paper Authors: Stuart Nunns CEng, BSc, FIET, FInstMC. Compliance to IEC means more than just Pfd!

Is your current safety system compliant to today's safety standard?

Case Example SIL Classification

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

HIPPS High Integrity Pressure Protection System

INTERNATIONAL STANDARD

HIPPS High Integrity Pressure Protection System

Strathayr, Rhu-Na-Haven Road, Aboyne, AB34 5JB, Aberdeenshire, U.K. Tel: +44 (0)

Functional safety. Essential to overall safety

Functional Safety of Machinery: EN ISO Stewart Robinson. Overview of the presentation. References. TÜV SÜD Product Service

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Proof Testing Level Instruments

Y. ORMIERES. Fire risk analysis method for nuclear installations

New requirements for IEC best practice compliance

PPA Michaël GROSSI - FSCE PR electronics

Certification Report of the ST 3000 Pressure Transmitter with HART 6

Applying Layer of Protection Analysis (LOPA) to Accelerator Safety Systems Design. Feng Tao

Failure Modes, Effects and Diagnostic Analysis

IEC PRODUCT APPROVALS VEERING OFF COURSE

2015 Honeywell Users Group Europe, Middle East and Africa

Changes in IEC Ed 2

Functional Safety Solutions

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

Certification Report of the ST3000 Pressure Transmitter

innova-ve entrepreneurial global 1

New Developments in the IEC61511 Edition 2

NEW CENELEC STANDARDS & CSM-RA NEW CENELEC STANDARDS & CSM-RA 2017

Practical Methods for Process Safety Management

The evolution of level switches and detectors

risk management and assessment for business Lessons Learned from Real World Application of Bow-tie Method 2010 International Symposium

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities

LOPA. DR. AA Process Control and Safety Group

Achieving Functional Safety with Global Resources and Market Reach

Safety Instrumented Systems The Smart Approach

Martin Huber 26September 2017 F&G SOLUTIONS FOR THE PROCESS INDUSTRY

Session Ten Achieving Compliance in Hardware Fault Tolerance

The Use of an Operator as a SIL 1 component in a Tank Overfill Protection System

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

Fully configurable SIL2 addressable Fire & Gas Detection solutions

Failure Modes, Effects and Diagnostic Analysis

BRIDGING THE SAFE AUTOMATION GAP PART 1

Fire protection of emergency electrical devices: effect on the level of risk a case study of a rail tunnel

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Integrated but separate

Hazardous goods management Latest trends in petroleum industry. C. Sasi Assistant Vice President Total LPG India Limited

Failure Modes, Effects and Diagnostic Analysis

Control and Safety in Gas and Oil Complex Industries. Turkey, Istanbul, Wyndham Grand Istanbul Levent. Training Course :

Session Number: 3 SIL-Rated Fire (& Gas) Safety Functions Fact or Fiction?

ULT NE WORKSHOP ON THE PREVENTION OF WATER POLLUTION DUE TO PIPELINE ACCIDENTS

Safety Manual. XNX TM Universal Transmitter. Table of Contents SIL 2 Certificates Overview Safety Parameters

INTERNATIONAL STANDARD

Industrial Safety And Emergency Preparedness: NTPC Perspective Shivam Srivastava GM-Safety NTPC Limited

Transcription:

The SIL Concept in the process industry International standards IEC 6508/ 65 Chris M. Pietersen MSc Safety Solutions Consultants BV (SSC) Director pietersen@safety-sc.com th Urea Symposium 9- May 008, Noordwijk Netherlands Introduction The safety provisions of a process plant need to be related to the level. Until a few year ago, no adequate standard did exist for the determination of the necessity and assessment of the required reliability of the safety provisions. How safe is safe enough? With the introduction of the IEC 6508 standard [] and the related process industry related IEC 65 standard [] this gap has been filled. A based approach is given, resulting in a Safety Integrity level (SIL). The standards are prescribing the requirements for Safety Instrumented Systems, depending on the SIL level (-4). These international standards also indicate the requirements for a management system to ensure that these are maintained through all lifecycle phases. The IEC standards are increasingly used worldwide. All major companies are complying with this SIL concept. It means that the safety approach for the plant designs are fully in line with the international best practice based on the IEC 6508 standard. The SIL concept has a number of important benefits for plant safety: A systematic, transparent and verifiable way of reduction to an acceptable level. An optimum cost benefit situation: 'fit-for-purpose' safety and minimum nuisance shut downs or disturbances in the plant. The design of Safety Instrumented Systems (SIS) is based on the SIL requirements. This includes redundancy requirements as well the test interval. A worldwide harmonised approach. This paper describes the essence of the SIL approach and its benefits.

Two large accidents in 005 The importance of the safety through a systematic approach of safety provisions can best be illustrated in showing accident causation processes of two recent large accidents in the process industry in which the lack of the implementation of the SIL concept have contributed to the causation of the accidents. Two accidents in 005 are briefly described below. The direct cause of both accidents was overfilling of a vessel/ column with hazards, flammable/ explosive material. The resulting explosions and fires were devastating.. Texas City (USA) Refinery Explosion, March 005 ifteen people died, more than 70 people were injured. This accident has been thoroughly investigated by different independent parties []. Safety management was not adequate, resulting (a.o) in an inadequate hazard identification (HAZOP) and insufficient safety instrumentation for overfill prevention.. Buncefield Depot (UK), December 005 Over 40 people were injured; fortunately there were no fatalities. A devastating explosion occurred and the resulting fire burned for several days, destroying most of the site. The investigations [4] showed that both the Tank level gauging system (monitoring the level) as well as the (automatic) overfill protection (switch) system failed. The investigation of the accidents resulted in a number of important lessons about Safety management. In the framework of this paper: the reports show important evidence of the lack of implementation of the international IEC 65 standard principles: Lack of systematic hazard identification resulting in a thorough overview of the need for safety instrumentation Lack of a proper assessment of the levels, resulting in the required SIL level for the automatic safety systems. Lack of proper implementation in the IEC described safety Management system. In particular: the lack of proper testing and maintenance as required for a certain SIL. The impact in the industry of both accidents is large. It is noted that even more companies started to implement the IEC SIL principles as the way to deal with safety. Regulatory bodies also requires this increasingly. The IEC 6508 standard How safe is safe enough? How many protection systems of which type do you need and how reliable do they need to be? What is really determining the safety of the plant and how do we continuously, over all activities of the lifecycle act accordingly? This paper focuses at the integrated approach for lifecycle safety as introduced in the international standards in relation to Lifecycle Safety of process installations: IEC 6508 (overall) and the IEC 65 (same principles for the process industries). It describes the necessary reliability of Safety Instrumented Systems (SIS) in relation to the required reduction of the plant. It is clear that for that purpose you need to know:

The of the plant The non- SIS related reduction (e.g. relief/check valves) The acceptable level The reliability of the safety system and its influence on the availability of the installation for production The standard sets out a generic approach for all safety lifecycle activities for systems comprised of electrical and/or electronic and/or programmable electronic components (electrical/electronic/ programmable electronic systems (E/E/PESs)) that are used to perform safety functions. In most situations, safety is achieved by a number of protective systems which rely on many technologies (for example mechanical, hydraulic, pneumatic, electrical, electronic, programmable electronic). Any safety strategy must therefore consider not only all the elements within an individual system (for example sensors, controlling devices and actuators) but also all the safety-related systems making up the total combination of safety-related systems. Therefore, while the standard is mainly concerned with electrical/electronic/programmable electronic (E/E/PE) safety-related systems, it also provides a framework within which safety-related systems based on other technologies need to be considered. No further distinction is therefore being made below between the different technologies. The IEC 6508 standard: adopts a -based approach for the determination of the safety integrity level requirements. See figure and. uses Safety Integrity Levels (SIL) for specifying the target level of safety integrity for the safety functions to be implemented by the safety-related systems. See figure. sets numerical target failure measures for safety-related systems which are linked to the safety integrity levels (see table ). According to the IEC concept, all steps need to be verified, documented, auditable and embedded in a proper (safety) management system. SIL Classification: Risk analysis/ reduction The target levels for the safety integrity (probability of failure) of the safety instrumented systems are determined with a systematic analysis. The IEC standard covers personnel safety. However, the practice in the industry shows that also classification schemes are used for environmental s and/or economic damage (see below). The necessary reduction is indicated in figure in a general way. igure presents the most frequently used analysis method, called the Riskgraph. It leads to the required Safety Integrity Levels (SIL). These levels depend on the parameters indicated in the figure. The graph requires as input: The frequency of occurrence of the accident scenario (without SIS); shown as W, W, and W The potential extent of human injury in case the SIS fails on demand (shown as C- factor).

Exposure duration in the hazard zone (shown as -factor). Possibility to avoid the hazard (shown as the P factor). The transparent, verifiable documented choices of the parameters above will lead to the numbers shown in the figure: SIL a, SIL -4, SIL b. The IEC 6508 standard only give requirements for SIL -4. SIL a (no specific requirements, can be implemented in the control system and SIL b (normally redesign is required) however are used in practice. Economic SIL considerations If the SIS fails on demand the following related costs can occur: Process failure Lost production or "downtime" Additional emergency maintenance Replacement power Catastrophic failure Major damage to capital equipment which leads to major capital expense Injury to plant personnel These costs need to be balanced against the lifecycle cost of a SIS: Life cycle cost of a SIS consists of all the costs of owning and operating a safety instrumented system (SIS). Components of life cycle cost include: Design, specification, and procurement * Installation * Training * Operation & maintenance The economic SIL level shows that it will be economical to invest in the Life Cycle Cost of a SIS to reduce the frequency of the SIS failure. SIL verification Once the requirement of the SIL levels has been determined, the Safety Instrumented System (SIS) which will perform the safety function need to be designed accordingly. The system normally comprises of initiating devices (sensors, transmitters), a logic solver (trip amplifiers, safety interlocks, fail safe output) and final elements (e.g. valves). Probabilistic requirements The complete SIS need to comply with the requirements for the Probability of ailure on Demand (PD) depending on the SIL, as shown in table below. In the IEC standard, different PD assessment methods for assessing the SIL level of a certain SIS are described. Two of the more common techniques described are Reliability Block Diagrams and Markov models. The modelling needs failure rates of all components used in the SIS, test intervals, the percentage of diagnostic coverage, repair times etc. 4

Table Safety integrity levels (SIL) Safety Low demand mode of operation integrity (Average probability of failure to perform level (SIL) its design function on demand) 4 0-5 to < 0-4 0-4 to < 0-0 - to < 0-0 - to < 0 - Architectural requirements Depending on the type of components used and the Safe ailure raction, components need redundancy. This is also described as Hardware ault Tolerance (HWT). or details, see [] and []. Conclusions The international standards IEC 6508 and the related IEC 65 are increasingly used worldwide as the best practice for a systematic approach for design/ operation of Safety Instrumented Systems (SIS). Accident data shows the need for a systematic approach in design, operation and maintenance of Safety Instrumented systems. This approach is available with the IEC 6508/ 65 standards. The use is increasingly stimulated by the regulators. The SIL concept provides a means of systematic reduction to a level that is acceptably low. It answers the question: how safe is safe enough in a transparent and verifiable way The target SIL sets design requirements for the SIS: probabilistic requirements (Probability of ailure on Demand) and architectural (redundancy) requirements. Literature [] unctional safety of electrical/electronic/programmable electronic safety- related systems. IEC 6508; www.iec.ch [] unctional safety Safety instrumented systems for the process industry sector IEC 65. www.iec.ch [] Investigation report Refinery Explosion and fire; U.S. Chemical Safety and Hazards Investigation Board, march 007. www.csb.org [4] http://www.buncefieldinvestigation.gov.uk/index.htm 5

Residual Tolerable EUC Necessary reduction Increasing Actual reduction Partial covered by other technology safety-related systems Partial covered by E/E/PE safety-related systems Partial covered by external reduction facilities Risk reduction achieved by all safety-related systems and external reduction facilities igure Risk Reduction requirements C A X W W W a --- --- Starting point for reduction estimation C B A B X X a --- a Generalized arrangement (in practical implementations the arrangement is specific to the applications to be covered by the graph) C C C D A B A B X 4 X 5 X 6 4 b 4 C = Consequence parameter = requency and exposure time parameter P = Possibility of failing to avoid hazard parameter W = Probability of the unwanted occurrence --- = No safety requirements a = No special safety requirements b = A single E/E/PES is not sufficient,,, 4 = Safety integrity level igure Determination of SIL levels 6

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback