IEC61511 Standard Overview

Similar documents
InstrumentationTools.com

Process Safety - Market Requirements. V.P.Raman Mott MacDonald Pvt. Ltd.

100 & 120 Series Pressure and Temperature Switches Safety Manual

Fire and Gas Detection and Mitigation Systems

United Electric Controls One Series Safety Transmitter Safety Manual

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Safety Instrumented Systems Overview and Awareness. Workbook and Study Guide

SIL Safety Guide Series MS Single-Acting Spring-Return Hydraulic Linear Actuators

Digital EPIC 2 Safety manual

Failure Rate Data, Safety System Modeling Concepts, and Fire & Gas Systems Moderator: Lori Dearman, Webinar Producer Thursday, May 16th, 2013

Safety Instrumented Systems

INTERNATIONAL STANDARD

Addressing Challenges in HIPPS Design and Implementation

2015 Functional Safety Training & Workshops

Safety in the process industry

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

Practical Methods for Process Safety Management

ADIPEC 2013 Technical Conference Manuscript

Overfill Prevention Control Unit with Ground Verification & Vehicle Identification Options. TÜVRheinland

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

Options for Developing a Compliant PLC-based BMS

The agri-motive safety performance integrity level Or how do you call it?

Functional Safety Solutions

Safety Transmitter / Logic Solver Hybrids. Standards Certification Education & Training Publishing Conferences & Exhibits

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

Integrated but separate

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

INTERNATIONAL STANDARD

Reliability of Safety-Critical Systems Chapter 1. Introduction

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Changes in IEC Ed 2

The Use of an Operator as a SIL 1 component in a Tank Overfill Protection System

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD

Tank protection example using Simatic

User s Manual. YTA110, YTA310, YTA320, and YTA710 Temperature Transmitters. Manual Change No

Failure Modes, Effects and Diagnostic Analysis

White Paper. Integrated Safety for a Single BMS Evaluation Based on Siemens Simatic PCS7 System

Is your current safety system compliant to today's safety standard?

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

This document is a preview generated by EVS

PPA Michaël GROSSI - FSCE PR electronics

67 th Canadian Chemical Engineering Conference EDMONTON, AB OCTOBER 22-25, 2017

Session Number: 3 SIL-Rated Fire (& Gas) Safety Functions Fact or Fiction?

New Developments in the IEC61511 Edition 2

Siemens Process Automation End-user Summit- 2011

The SIL Concept in the process industry International standards IEC 61508/ 61511

High Integrity Pressure Protection System

, CFSE, Senior Manager, ABB Taiwan;, 2011/9/2. Functional Safety. ABB Group September 5, 2011 Slide 1

Safety Instrumented Systems The Smart Approach

This document is a preview generated by EVS

Functional Safety Application of IEC & IEC to asset protection

Failure Modes, Effects and Diagnostic Analysis

SIL DETERMINATION AND PROBLEMS WITH THE APPLICATION OF LOPA

Strathayr, Rhu-Na-Haven Road, Aboyne, AB34 5JB, Aberdeenshire, U.K. Tel: +44 (0)

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Session Ten: The importance of a clear Safety Requirements Specification as part of the overall Safety Lifecycle

Karl Watson, ABB Consulting Houston LOPA. A Storage Tank Case Study. ABB Inc. September 20, 2011 Slide 1

New requirements for IEC best practice compliance


AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Failure Modes, Effects and Diagnostic Analysis

Certification Report of the ST3000 Pressure Transmitter

Failure Modes, Effects and Diagnostic Analysis

Safety lnstrumentation Simplified

Certification Report of the ST 3000 Pressure Transmitter with HART 6

Safety Instrumented Fire & Gas Systems

LOPA. DR. AA Process Control and Safety Group

2013 Honeywell Users EMEA Nice. Johan School. Concepts and Implementation of Process Risk Management using Safety Manager

IEC an aid to COMAH and Safety Case Regulations compliance

This document is a preview generated by EVS

Proof Testing Level Instruments

Simply reliable: Process safety from Endress+Hauser

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

USER APPROVAL OF SAFETY INSTRUMENTED SYSTEM DEVICES

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

Implementing Safety Instrumented Burner Management Systems: Challenges and Opportunities

Functional Safety Manual June pointek CLS500/LC500

HIPPS High Integrity Pressure Protection System

Measurement of Safety Integrity of E/E/PES according to IEC61508

Why AC800M High Integrity is used in Burner Management System Applications?

Soliphant M with electronic insert FEM52

innova-ve entrepreneurial global 1

Functional safety according to IEC / IEC Important user information. Major changes in IEC nd Edition

This is a preview - click here to buy the full publication

NEW CENELEC STANDARDS & CSM-RA NEW CENELEC STANDARDS & CSM-RA 2017

INTERNATIONAL STANDARD

Mechanics issn Transport issue 1, 2009 Communications article 0342

FUNCTIONAL SAFETY: A PRACTICAL APPROACH FOR END-USERS AND SYSTEM INTEGRATORS

HIPPS High Integrity Pressure Protection System

Rosemount Functional Safety Manual. Manual Supplement , Rev AF March 2015

Beyond Compliance Auditing: Drill til you find the pain points and release the pressure!

Functional Safety: the Next Edition of IEC 61511

Session Number: 3 Making the Most of Alarms as a Layer of Protection

IEC Functional Safety Assessment

Failure Modes, Effects and Diagnostic Analysis

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. February Valves

Managing the Lifecycle of Independent Protection Layers

Transcription:

IEC61511 Standard Overview Andre Kneisel Instrumentation Engineer Chevron C.T. Refinery SAFA Symposium 2011 August 5 th, 2011

Presentation Overview Provide some understanding of the key aspects of Functional Safety and the applicable standards - IEC61511. Attempt to explain some of the associated terminology and acronyms which are frequently used. Answer the question: How do we determine if a safety function is required, and if it is required how reliable it should be? Answer the question: How do we calculate the reliability of a given safety function? 2

Presentation Overview Explore what the impact is of including explosion protection devices (such as IS Isolators) in the reliability calculations. Explore the impact of including the probability of ignition in the SIL selection process. 3

INTRODUCTION What is Functional Safety? It is the application of systems to maintain or achieve a safe state for a process and its associated equipment. For the purpose of this presentation we are referring to automated Safety Systems which generally operate without operator intervention. We are not referring to mitigation systems such as deluge systems or emergency response systems. These are largely outside the IEC61511 standard. 4

IEC 61511 Overview What is IEC-61511? The Newly Released International Standard for the Design, Implementation, Operation, Maintenance, Testing & Decommissioning of Safety Instrumented Systems for the Process Industries. Performance vs. Prescriptive Based Standard Focus on Management of Functional Safety & Design Lifecycle Focus on SIS Design / Performance that Mitigates Risk Appropriately Accepted by CENELEC (European Committee for Electrotechnical Standardization) as European standard in 2003. Accepted by ANSI (American National Standards Institute) as United States standard, ANSI/ISA 84.00.01-2004 Parts 1-3 (IEC 61511 modified). 5

IEC61511 WHAT IT IS NOT IEC61511 is not a prescriptive standard in terms of prescribing what safety functions should be implemented. An engineer would not find a list of recommended safety functions for a particular process or type of equipment in the standard. The standard also does not provide a guide for the required reliability (SIL) of safety functions. It is, in fact, quite possible for two different companies both implementing the same process and equipment to arrive at different target SIL values for the same safety functions. 6

IEC 61508 SAFETY-RELATED SYSTEMS Process Industries IEC 61511 Safety Instrumented Systems Manufacturing Industries IEC 62061 Industrial Robots Machine Tools Transportation Railway Signaling Braking Systems Lifts Medical Miscellaneous Electro-medical apparatus Radiography IEC 61508 is the umbrella standard that covers different industrial sectors. Each sector can develop its own standard using its terminology, but must follow the framework and core requirements of IEC 61508 7

Relationship between IEC 61508 & IEC 61511 PROCESS SECTOR SAFETY INSTRUMENTED SYSTEM STANDARDS Manufacturers and suppliers of devices IEC 61508 Safety instrumented systems designers, integrators and users IEC 61511 ANSI/ISA- 84.00.01-2003 (IEC 61511 Mod) 8

IEC 61511 Overview (cont d) Functional Safety: Safety Instrumented Systems for the Process Industry Sector Part 1-Framework,defintions,system, hardware and software requirements Part 2-Guidelines for Part 1 Part 3-Guidance for determining required Safety Integrity Levels 9

IEC 61511 Overview : SIS Lifecycle (cont d) FUNCTIONAL SAFETY MANAGEMENT Management of Functional Safety and Functional Safety Assessment and auditing Safety Lifecycle Structure and Planning Safety Requirements Specification for the Safety Instrumented System Clause 10 & 12 3 Design and Engineering of Safety Instrumented System Clauses 11 & 12 4 1 Hazard & Risk Analysis Clause 8 Allocation of Safety Functions to Protection Layers Clause 9 2 Installation, Commissioning and Validation Clauses 14 & 15 5 6 Operation and Maintenance Clause 16 HAZARD & RISK ANALYSIS DESIGN BASIS Design and Development of Other Means of Risk Reduction Clause 9 EPC Detailed Engineering Verification EPC Engineering, Procurement & Construction (Includes Implementation, Commissioning, and Validation). O&M Operations and Maintenance including provisions for Management Of Change (MOC) Clause 5 Clause 6.2 7 Modification Clause 17 O&M Clause 7,12.4, & 12.7 10 11 8 Decommisioning Clause 18 9 10

TERMS AND DEFINITIONS SIS SAFETY INSTRUMENTED SYSTEM A SIS is an instrumented system used to implement one or more safety functions. A SIS is composed of input sensor(s), logic solver(s) and final element(s). Typically a single SIS implements multiple safety instrumented functions and is normally independent of the control systems. In the past SIS were known as Emergency Shutdown Systems (ESD) or as Safety Systems. Typically the Logic Solver is a high reliability programmable system with redundant power supplies, CPU s and IO modules. However, the logic solver may also just be a simple system comprising of relays and contacts used to implement some tripping logic. 11

TERMS AND DEFINITIONS SIS- Typical Configuration LOGIC SOLVER Power Supply CPU Output Module Input Module PT 3 REACTOR FINAL ELEMENTS SIS TT 1 INPUT SENSORS PT 1 PT 2 Power Supply TT 2 TT 3 CPU Output Module BPCS Input Module 12

TERMS AND DEFINITIONS SIF Safety Instrumented Function A SIF is a function implemented by a safety instrumented system which is intended to achieve or maintain a safe state for the process with respect to a specific hazardous event. Different SIFs can use the same final elements. It is common for different hazards to cause the shutdown of the same unit in which case the final elements are shared between different SIFs. It is possible, but less common, for the input sensors to be shared between different safety functions. 13

TERMS AND DEFINITIONS SIF Typical Configuration 14

TERMS AND DEFINITIONS PFD Probability of Failure on Demand PFD is the likelihood (between 0 and 1) that a safety function will fail to perform as required. Examples: Sensor fails to detect a dangerous condition due to an internal fault. Block valve fails to close due sticking. The PFD of a safety function increases over time as shown on the following slide. 15

TERMS AND DEFINITIONS PFD Probability of Failure on Demand The PFD of a safety function increases over time as shown below. 16

TERMS AND DEFINITIONS SIL Safety Integrity Level The SIL of a safety instrumented function is the measure of the reliability of the function, i.e. the probability of the function performing its intended function and is based directly on the average PFD of the safety instrumented function over its intended life span. The SIL value is a discrete value 1 to 4, with 1 being the least reliable and 4 being the most reliable. For instance a PFD AVG of 5x10-3 would equate to a SIL 2. 17

TERMS AND DEFINITIONS SIL Safety Integrity Level SIL Safety Availability Range PFD Average Range (chance of failing) Risk Reduction Factor 1 0.9 to < 0.99 10-1 to > 10-2 10 to < 100 2 0.99 to < 0.999 10-2 to > 10-3 100 to < 1,000 3 0.999 to < 0.9999 10-3 to > 10-4 1,000 to < 10,000 4 0.9999 to < 0.99999 10-4 to > 10-5 10,000 to < 100,000 18

TERMS AND DEFINITIONS SIL Safety Integrity Level Key Concept: A SIL value is normally associated with an entire safety function, however individual SIF components may be certified in terms of IEC51508 to have a SIL value. For instance a Logic Solver may be certified SIL 3. This means that the logic solver may be used as part of a SIL 3 safety instrumented function. It does not mean that any safety instrumented function using this logic solver will automatically meet SIL 3. 19

TERMS AND DEFINITIONS Proof Tests These are tests which are carried out to ensure the functioning of a safety instrumented function. Key Concept: The PFD AVG of a safety instrumented function is directly related to the proof test frequency. Consequently the SIL of a safety instrumented function is also directly related to the proof test frequency. 20

TERMS AND DEFINITIONS Annual Proof Test 21

TERMS AND DEFINITIONS Proof Test Every Four Years Same SIF 22

SIL SELECTION In the past when deciding what Safety Functions to implement, engineers either based their decisions on prescriptive standards (where available) or in many cases based their decisions on good engineering practice or past experience. IEC61511 requires that a company should follow a SIL selection process as part of the Hazard and Risk Analysis Phase. The standard is not prescriptive with regard to what SIL selection method to use, but does propose some example methods: Risk Graph Method Risk Matrix Method Quantitative - Layer Of Protection Analysis (LOPA) As Low as Reasonably Practical (ALARP) 23

SIL SELECTION Key Concept: The target SIL of a SIF is based on the amount of Risk Reduction needed to reduce the risk of the consequence scenario to an acceptable level (as determined by company policy). TARGET SIL = Total Risk Reduction needed risk reduction by non-sis protection layers. 24

SIL SELECTION LOPA EXAMPLE 25

SIL SELECTION LOPA EXAMPLE Using the LOPA example of the previous slide: If the company's risk policy states that the maximum loss per hazard may not exceed 1x 10-5 fatalities per year or R100,000 per year, then the risk must be reduced by a minimum factor of 7.175 which equates to an additional SIL1 safety function (RRF 10-100). If, on the other hand, the company's risk policy states that the maximum loss per hazard may not exceed 1x 10-4 fatalities per year or R100,000 per year, then no additional safety function is required! 26

Decreasing Likelihood SIL SELECTION RISK MATRIX EXAMPLE RR=6 5 4 3 2 1 1 Likely NR (0) 1 2 3 NS (4) NS 2 Occasional 7 6 5 4 3 2 NR (0) NR (0) 1 2 3 NS (4) 8 7 6 5 4 3 3 Seldom NR (0) NR (0) NR (0) 1 2 3 9 8 7 6 5 4 4 Unlikely NR (0) NR (0) NR (0) NR (0) 1 2 10 9 8 7 6 5 5 Remote NR (0) NR (0) NR (0) NR (0) NR (0) 1 10 10 9 8 7 6 6 Rare NR (0) NR (0) NR (0) NR (0) NR (0) NR (0) Consequence Indices Decreasing Consequence/Impact 6 5 4 3 2 1 Incidental Minor Moderate Major Severe Catastrophic The probability of ignition must be taken into account when selecting the likelihood. 27

SIL SELECTION RISK MATRIX EXAMPLE If, in the example on the previous slide, the likelihood (with all protection layers present and enabling events accounted for, but no safety function allowed for) of a severe consequence occurring is assessed as seldom, then the risk matrix indicates that an additional SIL2 safety function is required. 28

SIL CALCULATION FAILURE RATES Reliability data for SIL rated equipment is normally provided in terms of Failure Rates λ S, λ DD, and λ DU. (e.g. failures per hour) λ S = Safe Failure Rate. This is the rate for the equipment failing to a safe state. For instance, a block valve failing into the closed position. λ DD = Dangerous Detected Failure Rate. This is the rate for the equipment failing into an unsafe state, however with diagnostic notification which will ensure that operators are made aware of the failure. λ du = Dangerous Undetected Failure Rate. This is the rate for the equipment failing into an unsafe state, without diagnostic notification. For instance, a block valve stuck in the open position or a relay with contacts welded in the closed position. THIS IS THE FAILURE RATE USED FOR CALCULATING THE PROBABILITY OF A FAILURE ON DEMAND (PFD). 29

SIL CALCULATION PFD CALCULATION 30

SIL CALCULATION INCORRECT METHOD Sensor Interface IS Isolator Logic Solver Interface IS Isolator Final Element PT XV SIL2 SIL4 SIL3 SIL3 SIL2 SIL2 FOR THE WHOLE SAFETY FUNCTION Key Concept: The safety Integrity Level (SIL) of the whole safety function is not equal to the lowest SIL of the components. This is a common mistake. 31

SIL CALCULATION CORRECT METHOD Note: The PFD of the whole safety function can be influenced by the inclusion of intrinsic safety components which are used for explosion protection. Sensor Interface IS Isolator Logic Solver Interface IS Isolator Final Element PT XV Key Concept: To calculate the SIL of the whole safety function it is necessary to combine the PFD s of the individual components to calculate an overall PFD and overall SIL value. 32

SIL CALCULATION 33

SIL CALCULATION Methods to Increase SIL of Safety Function Use voting architectures. Typically 2oo3 voting or 1oo2 voting is used to increase the achieved SIL value. Note that 2oo2 voting actually decreases the achieved SIL value. Use higher reliability components. In most cases the limiting component is the final element. Increase the proof testing frequency. 34

SIL CALCULATION Using Voting Architectures Sensors Interface IS Isolator Logic Solver Interface IS Isolator Final Elements PT XV 1 out of 2 2 out of 3 Voting PT XV Voting PT Note: When using voting architectures it is necessary to use more sophisticated calculation methods or software tools such as exsilentia to perform SIL calculations. 35

CONCLUSION The IEC61511 standard provides a framework for the activities required to implement Safety Instrumented Systems in the process industries. The hazard analysis and SIL selection processes form a fundamental part of the safety lifecycle and must be performed in the initial stages of the lifecycle. The SIL selection process and risk tolerance parameters must be prescribed by the company s or organization s policy. 36

CONCLUSION The selection of a safety instrumented function s SIL can be strongly influenced by the probability of ignition. Measures to reduce the probability of ignition reduce the requirement for high SIL safety functions. When calculating the actual achieved SIL of a safety instrumented function, it is important to take the PFD of all components into account. This means that in applications where Intrinsically Safe barriers or isolators are used for explosion protection, these components should be included in the calculations. It should be noted that these components generally have low PFD values in relation to other components. 37

Questions? Andre Kneisel Tel: 021-508-3044 Cell: 083-300-2022 Email: aypk@chevron.com 38

ABBREVIATIONS ESD Emergency Shutdown IPL Independent Protection Layer PCS Process Control System (such as DCS or PLC) PFD Probability of Failure on Demand PHA Process Hazards Analysis SAT Site Acceptance Test SIF Safety Instrumented Function SIL Safety Integrity Level SIS Safety Instrumented System SRS Safety Requirements Specification 39

REFERENCES International Electrotechnical Commission IEC61511-1 Standard Chevron Corporation CVX-SIS-101/102/201/202 Training Manuals Exida exsilentia Integrated Safety Lifecycle Tool 40

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback