Simply reliable: Process safety from Endress+Hauser

Similar documents
Safety in the process industry

Proof Testing Level Instruments

Products Solutions Services. Safety by Design. Ask questions, get answers! Slide 1 06/15/2017. Ngo

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Failure Modes, Effects and Diagnostic Analysis

Only a safe plant is economical

Failure Modes, Effects and Diagnostic Analysis

100 & 120 Series Pressure and Temperature Switches Safety Manual

PPA Michaël GROSSI - FSCE PR electronics

Measurement of Safety Integrity of E/E/PES according to IEC61508

Soliphant M with electronic insert FEM52

IEC61511 Standard Overview

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Pressure Transmitter cerabar S PMC 731/631 cerabar S PMP 731/635 with ma output signal

Failure Modes, Effects and Diagnostic Analysis

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

Digital EPIC 2 Safety manual

Liquiphant S, Nivotester FDL60/61, FTL670

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

Differential Pressure Transmitter deltabar S PMD 230/235 deltabar S FMD 230/630/633 with ma output signal

United Electric Controls One Series Safety Transmitter Safety Manual

Proservo NMS5- / NMS7-

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

Pressure Transmitter cerabar M PMC 41/45 cerabar M PMP 41/45/46/48 with Output Signal ma/hart

FMEDA Report. Failure Modes, Effects and Diagnostic Analysis. KFD0-CS-Ex*.54* and KFD0-CS-Ex*.56* Project: X7300

Certification Report of the ST3000 Pressure Transmitter

Failure Modes, Effects and Diagnostic Analysis

Functional safety manual Liquiphant M/S with FEL57 and Nivotester FTL325P

Certification Report of the ST 3000 Pressure Transmitter with HART 6

Safety Instrumented Systems

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Integrated but separate

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

How E+H instrumentation can improve process safety

Addressing Challenges in HIPPS Design and Implementation

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Failure Modes, Effects and Diagnostic Analysis. PR electronics A/S Rønde Denmark

Failure Modes, Effects and Diagnostic Analysis

FUNCTIONAL SAFETY CERTIFICATE

New Developments in the IEC61511 Edition 2

Failure Modes, Effects and Diagnostic Analysis

Session Ten Achieving Compliance in Hardware Fault Tolerance

Failure Modes, Effects and Diagnostic Analysis

SAFETY MANUAL. Electrochemical Gas Detector GT3000 Series Includes Transmitter (GTX) with H 2 S or O 2 Sensor Module (GTS)

Applying Buncefield Recommendations and IEC61508 and IEC Standards to Fuel Storage Sites

Technical Report Proven In Use SITRANS P500

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Failure Modes, Effects and Diagnostic Analysis

ADIPEC 2013 Technical Conference Manuscript

FUNCTIONAL SAFETY OF ELECTRICAL INSTALLATIONS IN INDUSTRIAL PLANTS BY OTTO WALCH

Siemens Process Automation End-user Summit- 2011

67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

SAFETY MANUAL. PointWatch Eclipse Infrared Hydrocarbon Gas Detector Safety Certified Model PIRECL

Session Number: 3 SIL-Rated Fire (& Gas) Safety Functions Fact or Fiction?

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

Functional Safety Solutions

Functional Safety: the Next Edition of IEC 61511

Technical Manual for the Manual Alarm Call Point BG

Functional Safety Manual Oil Leak Detector NAR300 System

SAFETY MANUAL. Intelligent Sensors for H 2 S Gas Applications

Practical Methods for Process Safety Management

Failure Modes, Effects and Diagnostic Analysis

Introduction. Additional information. Additional instructions for IEC compliant devices. Measurement made easy

IEC Functional Safety Assessment

Functional Safety of Machinery Presented by Greg Richards Manufacturing in America 02/22-23/2017

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

SITRANS. Temperature transmitter Functional safety for SITRANS TW. Introduction. General safety instructions 2. Device-specific safety instructions

Mobrey Magnetic Level Switches

SAFETY MANUAL. FL4000H and FL4000 Multi-Spectral Infrared Flame Detectors

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

Failure Modes, Effects and Diagnostic Analysis

INTERNATIONAL STANDARD

Fire and Gas Detection and Mitigation Systems

The SIL Concept in the process industry International standards IEC 61508/ 61511

Changes in IEC Ed 2

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

Functional Safety of Machinery: EN ISO Stewart Robinson. Overview of the presentation. References. TÜV SÜD Product Service

Operating Manual MS220DA

Cerabar S PMC71, PMP71, PMP75

Value Paper Authors: Stuart Nunns CEng, BSc, FIET, FInstMC. Compliance to IEC means more than just Pfd!

HAWK Measurement Systems Pty. Ltd. Centurion CGR Series Safety Manual

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

SAFETY MANUAL. Multispectrum IR Flame Detector X3301

IEC Functional Safety Assessment

Technical Manual for the Horn - DB1PUL DB1HP UL

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Is your current safety system compliant to today's safety standard?

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Failure Rate Data, Safety System Modeling Concepts, and Fire & Gas Systems Moderator: Lori Dearman, Webinar Producer Thursday, May 16th, 2013

Tech days Edmonton. Next Level Instrumentation. Products Solutions Services. By Ing. Rob Vermeulen, Bec

SAFETY MANUAL. X2200 UV, X9800 IR, X5200 UVIR SIL 2 Certified Flame Detectors


Safety instrumented systems

2015 Honeywell Users Group Europe, Middle East and Africa

2015 Functional Safety Training & Workshops

Transcription:

Products Solutions Services Simply reliable: Process safety from Endress+Hauser Safety by choice, not by chance: Functional Safety Slide 1

Oil & Gas industry Hai-Thuy Industry Manager Oil & Gas Slide 2

Oil & Gas industry Global responsibility for Oil & Gas Visited countries for Oil & Gas business Slide 3

Oil & Gas industry Since 2005 working for Endress+Hauser Hai-Thuy Slide 4

4 day functional safety training (April 2013) TUV: functional safety for safety instrument system professionals (IEC61511) conducted by Risknowlogy Including 4 hour exam. Slide 5

Table of contents Functional Safety Safety by choice not by chance Failures in electronics and software Safety and availability The safety life cycle Conclusion Slide 6

Where did this here happen? Buncefield incident UK 2005 Slide 7

Safety systems protect you. Slide 8

Recent incidents in the Oil & Gas industry Future: Safety by choice, not by chance Deep Water Horizon offshore platform Set up a 20 billion USD relief fund 11 people killed Buncefield incident estimated total costs exceeding 1 billion (~1.5 billion USD) five companies were fined a total of 9.5 million Let us help you to make your facility a little bit safer. Slide 9

Products Solutions Services Functional Safety SIL requirement is only one piece to achieve a IEC61511 compliant safety instrument system Slide 10

What is functional safety? A safety instrumented system is 100% functionally safe if all random, common cause and systematic failures do not lead to malfunctioning of the safety system and do not result in Injury or death of humans Spills to the environment Loss of equipment or production 100% functional safety does not exist, but risk reduction SIL 1, 2, 3 or 4 does. Slide 13

Risk reduction to tolerable level Freedom of unacceptable risks (ISO/IEC guide 51) There is always a remaining minimum risk Slide 14

Risk assessment is country/customer specific Slide 15

Risk graph to determine SIL / Occupancy Slide 16

IEC 61511: Functional Safety Management by end-user Organization, Quality management, Safety plan Lifecycle Management Hazard identification and analysis Risk analysis Definition of the safety requirements specifications Design and Engineering of the safety instrumented system Definition of responsibilities and competencies Measures for Software development ( V-Model ) Management, Documentation, Verification, Assessment Audits, Validation Operation and maintenance Periodic proof tests Fault monitoring of Safety Instrumented Systems Modification management Slide 17

Overall Safety Life-Cycle acc. IEC 61511 Management of Functional Safety and Functional Safety Assessment and Auditing Safety Lifecycle Structure and Planning Hazard and Risk assessment Allocation of Safety Functions to Protection Layers (Quantification) Safety Requirements Specifications for the Safety Instrumented System Verification Design and Engineering of the Safety Instrumented System Design and Development of other Means of Risk Reduction Installation, Commissioning and Validation Operation and Maintenance Modification Decommissioning Source: DIN EN 61511-1 Fig. 8 Slide 18

Layers of protection Mitigation Plant emergency response Embankment Relief valve, rupture disk, F+G system Emergency response layer Passive protection layer Active protection layer Safety instrumented system Emergency Shutdown Isolated protection layer Trip level alarm Prevention Alarm & operator intervention Basic process control system or DCS Plant and process design Wild process Normal process Process control layer Process control layer Inherent safe plant design Slide 19

Risk Reduction by Safety Instrumented Systems Sensor Safety Instrumented System (SIS) Communication e.g. 4 20 ma Logic unit Communication e.g. 4 20 ma Actuator Process interface Process interface Process Residual Risk Slide 20

PFDavg - Integration of the complete loop SIL 1: 10-2 <10-1 Controller 15% SIL 2: 10-3 <10-2 Actuator 50% Sensor 35% SIL 3: 10-4 <10-3 SIL 4: 10-5 <10-4 Common values for the distribution of PFD avg to subsystems Slide 21

Safety Integrity Levels (SIL) SIL PFD avg Safety Availability Risk Reduction 1 0.1-0.01 0.9-0.99 10-100 2 0.01-0.001 0.99-0.999 100-1000 3 0.001-0.0001 0.999-0.9999 1000-10000 4 0.0001-0.00001 0.9999-0.99999 10000-100000 PFDavg Liquiphant is SIL3 capable Average probability of failure of a safety function working in low demand mode of operation Slide 22

Two regulations: One common target 1. Generic standard Valid for all relevant sectors 2. Application standard Implementation for Process industries Safety IEC 61508 Regulations IEC 61511 ISA 84.01 Supplier and manufacturers System integrator/ Operator/User Common Target - Plant Safety! Slide 23

Separation of process instrumentation and safety instrumentation according IEC 61511 Product 1 Product 2 Safety Functions PI LS Safety related system PI LI TI Process instrument. Basic Process Control System (BPCS) Safety Instrumented System (SIS) FT Product

11.2.10 of IEC 61511 part 1 11.2.10 A device used to perform part of a safety instrumented function shall not be used for basic process control purposes, where a failure of that device results in a failure of the basic process control function which causes a demand on the safety instrumented function, unless an analysis has been carried out to confirm that the overall risk is acceptable. However API2350 and Buncefield report are asking for strict separation of safety function and inventory monitoring. Slide 25

Products Solutions Services Safety by choice not by chance Slide 26

Something to think about Analysis of 34 incidents, based on 56 causes identified Source: HSE - UK Slide 27

Proper instrument selection your safety fundament THE tool for instrument selection : APPLICATOR (www.endress.com/applicator) Slide 28

Proper instrument selection by industry applications Complete basket for your application! Slide 29

Applicator: A detailed view on application conditions Slide 30

Applicator: Corrosion warning and database Make a proper choice right from the beginning. Slide 31

Safety by choice not by chance We find the best method that serves your application in a best way We have best materials and most robust concepts to ensure reliability and availability We want your plant to run safely and efficiently! Safety measures should not unnecessarily impair operations Slide 32

Products Solutions Services Safety and availability The value of redundant architectures in SIS Slide 33

Single Channel System Example: single channel overfill prevention Sensor Logic Actuator SIL 2 PFDav= 0,35x10-2 SIL 3 PFDav=0,05x10-2 SIL 2 PFDav=0,4x10-2 Design rules SIL S, SIL L, SIL A SIL system PFD S +PFD L +PFD A < 10 -SIL system Sensor Logic Actor System SIL 2 3 2 2 PFD av 0,3x10-2 0,05x10-2 0,4x10-2 0,705 x 10-2 System = SIL 2 Slide 34

Architecture of Multi-Channel Systems Safety 1oo4 Fundamental Safety Parameters PFDav HFT SFF for the complete system must be evaluated (e.g. Markov Model) 1oo3 1oo2 2oo3 Which multi-channel system is safer than 2oo3? 1oo1 2oo2 3oo3 4oo4 Availability Slide 35

Approximation formula (Source: VDI/VDE 2180, Sheet 4) Options of Circuit Approximation formula for PFD av 1oo1 1oo2 1oo3 1oo4 PFD 1oo2 2 1 PFD DUT 1oo1 DUT 3 3 This is simplified. T 1 2 DUT 2 DU 1 DUT1 PFD1 oo3 Use MARKOV method 4to calculate 2 4 DUT1 DUT1 the PFD more PFD1 oo4 accurate. 5 2 1 2oo2 PFD 2oo2 DUT1 2oo3 2oo4 PFD PFD 2oo3 2oo4 DU DU T 1 T 1 2 3 DUT 2 1 DUT 2 1 DU = dangerous undetected, = Common cause Factor, T 1 = Time interval for proof testing [h] (1 Jahr = 8.760 h) Slide 36

Complex calculation example(1) Target: SIL 2 Subsystem Sensor Subsystem Logic Unit Subsystem Actuator Sensor 1 Interface 1 Sensor 2 Interface 2 Sensor 3 Interface 3 2oo3 Control Module 1 Control Module 2 1oo2 2oo2 Interface 4 Interface 5 Actu. 1 Actu. 2 l DU = 500 FIT (per line) b=10%, T 1 =1 year, SFF= l DU = 50 FIT (per Module) b=2%, T 1 =1 year, SFF= l DU = 1200 FIT (per line) b=10%, T 1 =1 year, SFF= Formula for für 2oo3 Formula for für 1oo2 Formula for für 2oo2 PFD av (S) = 2,4 10-4 PFD av (LE) = 4,4 10-6 PFD av (A) = 1,1 10-2 Result: PFD av (System) = PFD av (S) + PFD av (LE) + PFD av (A) = 1,3 10-2 SIL 1 FIT = Failures In Time, 1 FIT = 10-9 1/h Target not achieved! What to do?

Complex calculation example(2) Action 1: Reduce Proof-Test Intervall from 1 year to ½ year Additional Cost! Subsystem Sensor Subsystem Logic Unit Subsystem Actuator Sensor 1 Interface 1 Sensor 2 Interface 2 Sensor 3 Interface 3 2oo3 Control Module 1 Control Module 2 1oo2 2oo2 Interface 4 Interface 5 Actu. 1 Actu. 2 l DU = 500 FIT (per line) b=10%, T 1 =½ year, SFF= l DU = 50 FIT (per Module) b=2%, T 1 =½ year, SFF= l DU = 1200 FIT (per line) b=10%, T 1 =½ year, SFF= Formula for 2oo3 Formula for 1oo2 Formula for 2oo2 PFD av (S) = 1,1 10-4 PFD av (LE) = 2,2 10-6 PFD av (A) = 5,5 10-3 Result: PFD av (System) = PFD av (S) + PFD av (LE) + PFD av (A) = 5,6 10-3 SIL 2

Complex calculation example(3) Action 2: more redundancy (here: Actuator) additional costs! Subsystem Sensor Subsystem Logic Unit Subsystem Actuator Sensor 1 Interface 1 Sensor 2 Interface 2 Sensor 3 Interface 3 2oo3 Control Module 1 Control Module 2 1oo2 1oo2 2oo2 1oo2 Interface 4 Interface 5 Interface 6 Interface 7 Actu. 1 Actu. 2 Actu. 3 Actu. 4 l DU = 500 FIT (per line) b=10%, T 1 =1 year, SFF= l DU = 50 FIT (per Module) b=2%, T 1 =1 year, SFF= l DU = 1200 FIT (per line) b=10%, T 1 =1 year, SFF= Formula for 2oo3 Formula for für 1oo2 Formula for 1oo2/2oo2 PFD av (S) = 2,4 10-4 PFD av (LE) = 4,4 10-6 PFD av (A) 1,2 10-3 Result: PFD av (System) = PFD av (S) + PFD av (LE) + PFD av (A) 1,5 10-3 Slide 39 SIL 2

Complex calculation example(4) Action: Correct selection of components from the beginning (here: Actuator) Subsystem Sensor Subsystem Logic Unit Subsystem Actuator Sensor 1 Interface 1 Sensor 2 Interface 2 Sensor 3 Interface 3 2oo3 Control Module 1 Control Module 2 1oo2 2oo2 Interface 4 Interface 5 Actu. 1 Actu. 2 l DU = 500 FIT (per line) b=10%, T 1 =1 year, SFF= l DU = 50 FIT (per Module) b=2%, T 1 =1 year, SFF= l DU = 800 FIT (per line) b=10%, T 1 =1 year, SFF= Formula for 2oo3 Formula for 1oo2 Formula for 2oo2 PFD av (S) = 2,4 10-4 PFD av (LE) = 4,4 10-6 PFD av (A) = 7,4 10-3 Result: PFD av (System) = PFD av (S) + PFD av (LE) + PFD av (A) = 7,6 10-3 SIL 2

Safety in the process industry Safety data sheet on www.endress.com/sil Slide 41 Jana Kurzawa / Hai-Thuy

One example of a Multi-Channel System Overpressure protection Pressurized process Subsystem Sensor Sensor 1 Subsystem Logic Unit Subsystem Actuator Actuator 1 Sensor 2 2oo3 PLC 2oo2 Sensor 3 Actuator 2 Slide 42

Redundancy: Homogeneous or diverse? Homogeneous Redundancy (same instruments) SIL 2 SIL 2 + z.b. 1oo2 SIL 33? Advantage of homogeneous system Control Endress of random + Hauser faults offers multiple Simple stock instruments management, which commissioning, are SIL2/3 maintenance capable. Note: Systematic Integrity You reach SIL 3 even in (e.g. Software) can not homogeneous redundancy. be enhanced! Diverse Redundancy (different instruments) SIL 2 SIL 2 + z.b. 1oo2 SIL 3 Advantage of diverse system Control of random and systematic faults (device + process) systematic integrity can be enhanced Slide 43

Safety Integrity Level (SIL) / Functional Safety Theory Homogeneous Redundancy: SIL2 + SIL2 = SIL3? SD PMP41 + = SIL2 PMP41 Hardware: SIL2 Software: SIL2 PMP41 Hardware: SIL2 Software: SIL2 SD FMG60 FMG60 Hardware: SIL2 Software: SIL3 + = SIL3 FMG60 Hardware: SIL2 Software: SIL3 Slide 44 Dept. GT / Thomas Fritz

Safety Integrity Level (SIL) / Functional Safety Theory Diverse Redundancy: SIL2 + SIL2 = SIL3? SD PMP71 SD PMP41 + = SIL3 PMP71 Hardware: SIL2 Software: SIL3 PMP41 Hardware: SIL2 Software: SIL2 SD PMD75 SD FMR51 + = SIL3 PMD75 Hardware: SIL2 Software: SIL3 FMR51 Hardware: SIL2 Software: SIL3 Slide 45 Dept. GT / Thomas Fritz

Products Solutions Services Failures in electronics and software Failure mode and effect analysis Slide 46

Failure Mode and Effect Analysis (FMEA) Example: Component failure modes Short circuit Interruption Drift Failure mode effect on safety function? Additionally: FMEA of mechanical Components (z. B. Sensor) Slide 47

Failure Mode and Effect Analysis (FMEA) First step: determine safety path (e.g. 4 20 ma output) determine accuracy under fault condition ( e.g. ± 2 %) Different failure modes: Probability of failure modes Detected faults Undetected faults Safe faults l sd l su Dangerous faults l dd l du tot = su + sd + du + dd (+λ not relevant ) PFD MTBF = 1/ tot Slide 48

Absolute number of failures are more important than SFF SFF 95 % Internal diagnostics improves SFF Safe Failure Fraction (SFF) (in %) SFF= sd + su + dd tot SFF 85 % Slide 49

Accuracy under fault condition No tolerance required +/- 2 % +/-2%, +/- 5%,??? No fault condition tolerance for the vibronic fork Competitor With continuous overfill prevention instrument, you have to reduce the maximum level by the fault condition tolerance With Liquiphant you can fill up safely until the specified level. You can use the complete specified capacity of your tank. Slide 50

Safety in the process industry Proof test coverage: Quantity is important!!! Proof test coverage is a measure of how many undetected dangerous failures are detected by the proof test. Which instrument gives you better safety? Proof Test Coverage Dangerous Undetected Failures Failures remaining unrevealed after proof test Instrument A Instrument B 90% 50% 40 FIT 2 FIT 4 FIT 1 FIT Slide 51 Jana Kurzawa / Hai-Thuy

Safety in the process industry Proof test coverage: Quantity is important!!! Proof test coverage is a measure of how many undetected dangerous failures are detected by the proof test. Which instrument gives you better safety? Proof Test Coverage Dangerous Undetected Failures Failures remaining unrevealed after proof test Instrument A Instrument B 90% 50% 40 FIT 2 FIT 4 FIT 1 FIT Slide 52 Jana Kurzawa / Hai-Thuy

Proof test coverage: : Quantity is important!!! Instrument A Instrument B Dangerous failures 100 FIT 100 FIT λ DD 10 FIT 90 FIT λ DU 90 FIT 10 FIT PTC 80% 80% λ DU converted to λ DD 72 FIT 8 FIT Never detected λ DU 18 FIT 2 FIT Slide 53

Proof test coverage: : Quantity is important!!! Instrument A Instrument B Dangerous failures 100 FIT 100 FIT λ DD 10 FIT 90 FIT λ DU 90 FIT 10 FIT PTC 80% 80% λ DU converted to λ DD 72 FIT 8 FIT Never detected λ DU 18 FIT 2 FIT Slide 54

Level of Concerns (LOC) according API2350 4 th Edition Critical high (CH) Automatic overfill prevention system (AOPS); Level may be equal to HH High-high tank (HH) LAHH Maximum working (MW) Slide 55

Maximum filling height for LAHH with radar e.g. 2% fault tolerance E.g. 98 % Critical high (CH) Automatic overfill prevention system (AOPS); Level may be equal to HH High-high tank (HH) LAHH Maximum working (MW) Better tank capacity utilization with point level sensor. Slide 56

Maximum filling height for LAHH with Liquiphant Critical high (CH) 100 % Automatic overfill prevention system (AOPS); Level may be equal to HH High-high tank (HH) LAHH Maximum working (MW) Slide 57

Products Solutions Services The safety life cycle Maintain your safety at the highest level Slide 58

Probability of a failure on demand - PFD Example: Safety component with low demand frequency (~1/a) PFD du t ( t << 1) SIL 0,1 du Ti PFD SIL 1 0,01 PFDav ½ du Ti 0,001 0,0001 Ti = Proof test interval PTC= Proof test coverage = λ du* / λ du (λ du* =failures revealed by the proof test) Ti PTC=100 % Ti Operation time Ti SIL 2 SIL 3 SIL 4 Slide 59

Functional Safety in the Process Industry Partial Proof Testing (PTC < 100%) SIL 1 Single channel system 1oo1 PFD SIL 2 PFD av SIL 3 PTC < 100 % Ti operation time t PFDav ½ λ du x Ti x PTC + ½ λ du x LT x (1-PTC) LT PTC= Proof test coverage (1=100 %) Ti = Test interval LT= life time Slide 60 Klotz-Engmann

Functional Safety in the Process Industry Partial Proof Testing + Full Proof Test PFD SIL 1 full proof test Single channel system 1oo1 SIL 2 PFD av SIL 3 PTC<100 % PTC=100 % Tj Ti operation time t PFDav ½ λ du x Ti x PTC + ½ λ du x Tj x (1-PTC) LT PTC= Proof Test Coverage (1=100 %) Ti = Test interval (<100 %) Tj = Test interval (100%) Slide 61 Klotz-Engmann

ASFM - Fuel for thought Easy and convenient proof test on the tank 4% of all devices, which are proof tested, get damaged during reinstallation!!! According to a study of Akzo Chemical customer in Rotterdam. Of course, this does not happen in the Oil & Gas industry Slide 62

Total Proof test coverage according to IEC 61508 Max Total coverage FTL80/81/85+ FTL825 (DC+PTC) Wet test 99% (Procedure IA MAX/MIN) Simulation (in situ testing!) 97 % (Procedure IB) Via test button Smart proof testing procedures reduce effort, increase safety and minimize shut down times. Min Slide 63

New: Liquiphant Fail Safe FTL 8x SIL3 MIN/MAX 4..20mA + LIVE-Signal Liquiphant FailSafe FTL80/81/85 Nivotester FTL825 PLC Safety function 4 20 ma output with life signal (every 3 seconds self checking procedure) SIL 3 capable in single device min/max safety function proof test simulation with push-button proof test interval can be extended up to 12 years! 4..20mA + LIVE-Signal Optional Liquiphant FailSafe FTL80/81/85 Slide 64

Proof testing without dismounting the device Not necessary to interrupt or manipulate the production process for partial proof test. Recommended proof test interval 12 years 3 years 2 years Slide 65

Partial proof test with Fieldcheck Fieldcheck Simu-Box Simulation of sensor signal Current output Freq./puls output Service Sensortestbox + Adapter Sensor test (MID/Coriolis) Proof test coverage via verification: 90 % Slide 66

Products Solutions Services Ensuring mechanical integrity Robust principles and materials Slide 67

Vibronic level switches: 300.000 pieces/year Measuring Principle Liquiphant in practice Liquiphipant in safety Click the blue box Oil detection in pipes/sump pits Leakage detection presentation Slide 68

Sealing concept in Liquiphant Failsafe Welded gastight feedthrough (second line of defense) Helium leakage test Pressure test (approx. 80 bar) sealed after test with sealing pin, welded in and verified by radiographic test Slide 69

Manual overfill protection system (MOPS) Slide 70

Automatic overfill protection system (AOPS) Slide 71

Assessed by external third party safety consultant Complete standardized engineered solutions by Endress+Hauser Time saving Cost saving Reliable safety system Reduced documentation efforts Proven in use Slide 72

Clear and detailed alarm notification and remedy info Digital proof-testing avoids staff in dangerous areas (e.g. on the tank) SIL3 vibronic fork is a fail safe device and reliable Independence and diversity of safety loop and inventory control loop offers the most reliable safety system. Easy digital proof testing process motivates the operator to perform the proof test Slide 73

Most comprehensive SIL portfolio Complete range of SIL devices: pressure, temperature, level, ph, flow including system components www.endress.com/sil Slide 74

Conformity assessment acc. IEC 61508 SIL SIL 1 SIL 2 SIL 3 SIL 4 Minimum degree of independence (IEC61508) Independent Person Independent department Independent organisation Independent organisation Endress+Hauser: SIL 2 : Independent 3rd party assessment + Manufacturer Declaration SIL 3: Independent 3rd party assessment + certificate Third party certificate not required for SIL2, but Endress + Hauser create and publish it. Slide 75

TÜV Certified Functional Safety Management Slide 76

Products Solutions Services Conclusion Endress + Hauser: State of the art technology and solutions for your process safety Slide 77

Improve safety with state of art technology - Liquiphant Explosion and fire at Buncefield Oil Storage Depot - Five companies to face prosecution http://www.buncefieldinvestigation. gov.uk/press/b08002.htm Failed!!! Slide 78

Level measurement in Oil & Gas Furthermore, Safety Integrity Level Slide 79

Need of record on site and a different location Slide 80

Proof test documentation with W@M Your 24/7 life cycle management platform: All safety manuals, technical information and certificates and proof testing reports available at your fingertip Upload of Data to W@M The spare-part recommendations for the specific device, which you have installed on site. Slide 81

Instrument Task Overview e.g. Proof testing Indication of the status of the task (e.g. planned, overdue, warn etc.) Upload of attachment e.g. proof test reports Testing Interval Slide 82

Summary Installing just a SIL device is not enough to comply to IEC61511 Endress + Hauser offers an instrumentation portfolio for hazardous areas and safety applications which is second to none. Robust measuring principles and material ensure reliability in harshest processes Smart concepts to improve mechanical integrity are simulated, implemented and tested in order keep your process safe under any circumstances Hard- and software developed according IEC61508 and high diagnostic coverage reduce dangerous, undetected failures to a minimum and help to extent proof test interval Redundancy improves safety and availability Smart proof test procedures significantly safe cost Document your safety life cycle with W@M Slide 83

And never forget Liquiphant FailSafe: THE safety switch for highest demands. A unique device: SIL 3 and 12 years proof test interval. Highest safety at minimum effort! Slide 84

Complete SIL instrumentation portfolio up to SIL3 Slide 85

That s it relax now it was not that difficult :-D Slide 86

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback