Addressing Challenges in HIPPS Design and Implementation Valve Manufacturer s Association Afton Coleman, CFSP March 11, 2016
Agenda SIS and SIL basics HIPPS Purpose Increased demand for HIPPS, why? The Challenges faced Challenges on a product level A Solution addressing all challenges/phases Questions
Functional Definition of SIS Safety Instrumented System : A system composed of sensors, logic solvers and final elements designed to: Automatically take the process to a safe state when specified (dangerous) conditions are violated Permit a process to move forward in a safe manner when specified conditions allow (permissive functions); or Take action to mitigate consequences of an industrial hazard Safety Instrumented Function : SIF Safety function which is necessary to achieve functional safety Safety Integrity Level : SIL Level of risk-reduction provided by a safety function, or to specify a target level of risk reduction RRF (Risk Reduction Factor) PFD avg (Probability of Failure on Demand = 1/RRF) SIL (Safety Integrity Level) 100000 to 10000 >=10-5 to <10-4 4 10000 to 1000 >=10-4 to <10-3 3 1000 to 100 >=10-3 to <10-2 2 100 to 10 >=10-2 to <10-1 1
High Integrity Pressure Protection System Purpose: To protect downstream equipment against overpressure by closing the source
Increased demand for HIPPS, Why? The increased demand for HIPPS is driven by different factors. Environmental issues Regulatory Directives Reduce Flare Reduce CAPEX (Down rate piping) Reduce OPEX (test of relief valves)
The Challenges faced Monitor and test with system in service? (Fast closing) What if failures are detected by diagnostic? Consider random as well as systematic integrity Lack of Standards Regulations are a moving target EPA, API, ASME Clean Air Act ISA S84 / IEC 61511 & 61508 Compliance with current functional safety legislation for all elements of the SIF Defining SRS and ensure requirements are followed through Handling of multiple vendors / consultants Validation of SRS
Challenges Engineering a HIPPS - The causes of failure and the answers All components of any solution can fail dangerously Systematic failures Occur due to: Designed in Engineered in Procedural Reduced by: Better processes Regular verification Consistent behavior People make mistakes Random failures Occur due to: Inappropriate application Bad design Fatigue Reduced by Material quality Consistent appropriate design Performance monitoring Everything breaks eventually
Increasing risk The causes of failure and the answers Systematic failures Answer - The safety lifecycle Ensure structure and management of all activities Identify activities and objectives Manage verification steps Control the effect of people in every activity Random Failures Answer Safety Integrity Levels Measure risk Risk inherent in the process Quantify instrumented risk reduction target SIL Match design to SIL Other PFD risk etc reduction Monitor performance, measures adjust design Residual risk Control the effect of dangerous failures Risk reduction by Safety Instrumented System Tolerable risk region
Certified SIS Products and Processes IEC 61508 Certified Products: required to provide safety as good as or better than a traditional relief system IEC 61508 Certified or Proven in Use products IEC 61511 Certified Processes: Provide a single, worldwide framework for consistent designs All Integration Centers should be fully certified to IEC 61511 Analysis Implementation Operation
Challenges on a product level - Final Control Valve Application Needs High safety integrity and redundancy required Closing Speed < 2-3 seconds for gas <6-8 seconds for liquids Tightness reliability Inertia Drive train design (Ball to Stem) Seat Design Material selection/overlay Valve Actuators pneumatic spring-return
Addressing Final Control Challenges Fast Acting ESDV applications Test entire valve shut down circuit while in service High Diagnostic Coverage Volume Booster tested as part of PST Solenoid testing without moving the valve Diagnose friction build-up Diagnose valve shaft shear
Challenges on a product level Pressure Sensors Installation Considerations High safety integrity and redundancy required Number of tappings Single tapping susceptible to plugged impulse line Testing requirements Need safety availability during test
Addressing Pressure Sensor Challenges Diagnostic Capabilities Plugged Impulse line diagnostic Systematic Capability: SC3 High Integrity Manifold 3 tappings Block-Bleed-Block for test Single Isolation Key for 3 sensors ATEX Junction Boxes
Challenges on a product level Logic Solver Software Considerations Shutdown loop needs to perform on demand Consistent configuration necessary Work practice needs Proof test procedures Device testing procedure/method Communication protocols Installation Considerations Need to meet requirements for HMI Brownfield (existing logic solver) Are there sufficient I/O to accommodate HIPPS?
Addressing Logic Solver Challenges Logic Solver Software Certified with SC3 (SIL3) Entire safety loop health monitoring SIS Diagnostics Partial Stroke Capability Comms interface with DCS HART Pass-through Modern Installation Desirable system footprint and architecture Simple HMI Status Lamps Override Keyswitches
Challenges on a product level Integration Choose between skid or on-site assembly HIPPS Ensure the products integrate together Provide appropriate hazardous area housings Coordinate of documentation to meet applicable standards Transfer of products to end destination responsibility Perform Factory Acceptance (FAT) and Site Acceptance Test (SAT) Provide cradle to grave support
Challenges on a product level Integration Logic Solvers can be mounted on the HIPPS or as part of a skid Pre-wired, Pre-tested, Validated Solution
A Solution addressing all challenges Certified Systematic Capability 3 The HIPPS Design use Certified procedures acc. to IEC 61511 Single Supplier Management Verification of SIL IEC 61508 and 61511 compliant Compliance report to ensure Safety Lifetime is addressed Validation if required Proof test and Inspection plan Calibration and Operation records IOM for HIPPS
Questions