Topic MYTH FUNCTIONAL SAFETY IMPLIES HAVING A SIL RATED COMPONENT Presented by : Arunkumar A
DNV GL Who are we? Only by connecting the details can we impact the bigger picture We classify, certify, verify and test against regulatory requirements, rules, standards and recommended practices We develop new rules, standards and recommended practices We qualify new technologies and operational concepts We give expert advice
Functional Safety Introduction Family Tree IEC 61508 General Application IEC 61511 IEC 61513 IEC 62061 ISO 13849 Def Stan 00-56 EN 50126 50128 50129 ISO 26262 Process Nuclear Machinery Military Rail Automotive
Relationship between IEC 61511 and IEC 61508 PROCESS SECTOR SAFETY INSTRUMENTED SYSTEM STANDARD Manufacturers and Suppliers of Devices IEC 61508 Safety Instrumented System Designers, Integrators and Users IEC 61511
Functional Safety Lifecycle O & M O&M Installation Commissioning Validation System Design Software Development Testing SIL Verification Safety Requirements SIL Determination Hazard and Risk Assessment
Functional Safety Lifecycle O&M Installation Commissioning Validation SIL Verification Safety Requirements SIL Determination Hazard and Risk Assessment
Myth # 1: Using SIL Certified equipment/components ensures a safe system Assumption in certification inconsistent with operating profiles and physical Environment (Proven in use, failure mechanism, proof test interval etc.,) Deterioration in performance of SIFs through the life of the facility A device should not be user-approved until sufficient experience has been gained in a similar operating environment that you know how it works, how it fails, how frequently it fails, how to detect its failure, and how to correct the failure. The user of a product must feel confident that they understand the required frequency of inspection, maintenance, and proof testing to maintain its mechanical integrity in an as good as new condition.
Myth # 2: Failure Detection is more important than Failure Prevention Frequent interruption in process due to detection of failure. MTBF also need to be considered in development of the SRS.
Myth # 3: Proof Test suffices to ensure Mechanical Integrity Proof Test do not prevent the system from failure. Identifies failures but not the cause. Regular Inspection (Proactive/ Condition based Maintenance) to identify and correct incipient issues and degraded conditions. Preventive Maintenance to reduce failure rates. Root Cause Analysis- Detailed analysis of detection of failures to prevent future failures.
Myth # 4: Partial Testing is Good enough 100% of all dangerous failures are not detected. Tests only a portion of Dangerous Undetected failures.. Proactive/ Condition based Maintenance to identify and correct incipient issues and degraded conditions. Preventive Maintenance Functionality of SIS components other than valve is not checked. Proof Testing as per System design.
Myth # 5: A Vendor can determine whether a Safe System meets the IEC Requirements Many are not field proven and some are not demonstrating the robustness necessary to survive a process plant environment. Software lacks the necessary attention. A user approval process should be established to examine evidence of suitability of devices for the application and operating environment. Develop and implement a software lifecycle.
Myth # 6: Fail-Safe design of SIS is an Optimal design Fail-safe design implies poor reliability and adversely affects the availability of the plant. Reliability and availability aspects needs to be considered in developing the SRS.
How to avoid it Effective safety planning! In our experience corporate standards backed up a project specific overall Functional Safety Management Plan (FSMP) is the answer Is a Live document Describe techniques and measures FSMP Clearly define inputs and outputs from each phase. Assign responsibility
Safety Planning Functional Safety Management System Project Functional Safety Plan Competency Independent FSA-4 Verification & Approval Phase 6 Operate and Maintain the SIS Introduce the Hazards Independent FSA-3 Verification & Approval Phase 5 Install and Commission the SIS Independent FSA-2 Verification & Approval Phase 4 Design the SIS Independent FSA-1 Verification & Approval Phase 3 Specify the SIS Verification & Approval Phase 2 Allocate Safety Functions Verification & Approval Phase 1 Hazard & Risk Assessment Supplier Conformity Management Review
Stages of Typical Functional Safety Assessments Stage 1 Assessment: upto SRS development Stage 2 Assessment: SIS Design and Engineering Stage 3 Assessment: Installation Commissioning Verification Review of Hazard and risk assessment Review of SIL Allocation Review of Safety Requirements Specification Review of Hardware Architecture Review of Software Development Review of SIL Achievement Review of Test Results Review of installation Review of commissioning procedures Review of validation results Stage 4 Assessment: Operation and Maintenance Review of Operation and Maintenance after a period of operation Review of proof testing, fault and demand rate recording and system performance
Functional Safety Management The key to success Safety Planning Roles and Responsibilities Demonstration of Competency Verification
Thank you. Arunkumar Manager Safety & Risk arunkumar.arunachalam@dnvgl.com P Lakshmi Narayana Sr. Consultant Safety & Risk lakshmi-narayana.pitchandi@dnvgl.com www.dnvgl.com SAFER, SMARTER, GREENER