GUIDANCE ON ASSESSING THE SAFETY INTEGRITY OF ELECTRICAL SUPPLY PROTECTION

Similar documents
Model code of safe practice Part 1

Australian Standard. Functional safety Safety instrumented systems for the process industry sector

INTERNATIONAL STANDARD

Assessment of the Safety Integrity of Electrical Protection Systems in the Petrochemical Industry

INTERNATIONAL STANDARD

Model code of safe practice. Part 19. Fire precautions at petroleum refineries and bulk storage installations. 3rd edition

Fire Performance of external thermal insulation for walls of multistorey buildings

Strathayr, Rhu-Na-Haven Road, Aboyne, AB34 5JB, Aberdeenshire, U.K. Tel: +44 (0)

INTERNATIONAL STANDARD

Value Paper Authors: Stuart Nunns CEng, BSc, FIET, FInstMC. Compliance to IEC means more than just Pfd!

INTERNATIONAL STANDARD

Process Safety Workshop. Avoiding Major Accident Hazards the Key to Profitable Operations

Loss Prevention Standard

Session Four Functional safety: the next edition of IEC Mirek Generowicz Engineering Manager, I&E Systems Pty Ltd

NEW CENELEC STANDARDS & CSM-RA NEW CENELEC STANDARDS & CSM-RA 2017

INTERNATIONAL STANDARD

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

PRIMATECH WHITE PAPER CHANGES IN THE SECOND EDITION OF IEC 61511: A PROCESS SAFETY PERSPECTIVE

IEC61511 Standard Overview

AVOID CATASTROPHIC SITUATIONS: EXPERT FIRE AND GAS CONSULTANCY OPTIMIZES SAFETY

Functional Safety: the Next Edition of IEC 61511

INTERNATIONAL STANDARD

INTERNATIONAL STANDARD

New requirements for IEC best practice compliance

BUSINESS PLAN CEN/TC 58 SAFETY AND CONTROL DEVICES FOR BURNERS AND APPLIANCES BURNING GASEOUS OR LIQUID FUELS EXECUTIVE SUMMARY

Is your current safety system compliant to today's safety standard?

Technical Paper. Functional Safety Update IEC Edition 2 Standards Update

Testing coated fabrics

2015 Functional Safety Training & Workshops

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System to IEC 61511

Loss Prevention Standard

Where Process Safety meets Machine Safety

NZS 7901:2014. Electricity and gas industries Safety management systems for public safety NZS 7901:2014. New Zealand Standard

This document is a preview generated by EVS

Interim Advice Note 76 / 06 ASSESSMENT PART 1 AIMS AND OBJECTIVES OF ENVIRONMENTAL ASSESSMENT. Contents

Functional Safety Application of IEC & IEC to asset protection

INTERNATIONAL STANDARD

CDOIF. Chemical and Downstream Oil Industries Forum. Guideline Leak Detection. Guideline Leak Detection v0.6 Page 1 of 25

Road vehicles Mopeds Symbols for controls, indicators and tell-tales

IECEE OPERATIONAL DOCUMENT

Training, Assessment, Consultants for Hazardous & Industrial Areas

INTERNATIONAL STANDARD

CIRCUIT BREAKER FAIL PROTECTION

Substations and high voltage installations exceeding 1 kv a.c.

ISO INTERNATIONAL STANDARD. Mobile elevating work platforms Design, calculations, safety requirements and test methods

IEC an aid to COMAH and Safety Case Regulations compliance

Australian Standard. Functional safety of electrical/electronic/programmable electronic safety-related systems. Part 0: Functional safety and AS 61508

Fire detection and alarm systems. Part 4: Power supply equipment (ISO :2003, MOD) AS (Incorporating Amendment No.

ISO Safety of machinery Laser processing machines Part 1: General safety requirements

volume 11 environmental assessment section 2 environmental impact assessment Part 7 ha 218/08

Changes in IEC Ed 2

DOWNLOAD OR READ : ISO 9001 CONTROL OF DOCUMENTS PDF EBOOK EPUB MOBI

Options for Developing a Compliant PLC-based BMS

Information Bulletin

AS/NZS 3820:2009 (Incorporating Amendment 1) Essential safety requirements for electrical equipment

Fire prevention and protection

INTERNATIONAL STANDARD

POLICY FOR THE SAFE WORKING WITH ELECTRICITY

The agri-motive safety performance integrity level Or how do you call it?

ISO INTERNATIONAL STANDARD. Graphical symbols Safety colours and safety signs Part 2: Design principles for product safety labels

FUNCTIONAL SAFETY IN FIRE PROTECTION SYSTEM E-BOOK

Fire prevention and protection

Australian Standard. Degrees of protection provided by enclosures (IP Code) AS IEC Ed 2.1:2001 AS 60529

AS/NZS :2016

CORRECTIONS WITHIN DESIGN MANUAL FOR ROADS AND BRIDGES AUGUST 2009

Measurement of Safety Integrity of E/E/PES according to IEC61508

INTERNATIONAL STANDARD

ADIPEC 2013 Technical Conference Manuscript

FUNCTIONAL SAFETY CERTIFICATE

ISO INTERNATIONAL STANDARD. Safety of machinery Laser processing machines Part 1: General safety requirements

Update of ANSI Standards for Warnings and Future Directions

ISO INTERNATIONAL STANDARD

38-SDMS-03 SPECIFICATIONS FOR LV DIGITAL PANEL METERS

ISO INTERNATIONAL STANDARD. Petroleum and natural gas industries Subsurface safety valve systems Design, installation, operation and redress

BUSINESS PLAN CEN/TC 305 POTENTIALLY EXPLOSIVE ATMOSPHERES EXPLOSION PREVENTION AND PROTECTION EXECUTIVE SUMMARY

ISO INTERNATIONAL STANDARD. Fire-resistance tests Elements of building construction Part 1: General requirements

Environmental Impact Assessment

American National Standard for Electrical Lamp Bases Specifications for Bases (Caps) for Electric Lamps

Fully configurable SIL2 addressable Fire & Gas Detection solutions

AS/NZS TR IEC :2012

AS/NZS 62560:2017. Self-ballasted LED-lamps for general lighting services by voltage 50 V Safety specifications AS/NZS 62560:2017

ROCHFORD LOCAL DEVELOPMENT FRAMEWORK: Sustainability Appraisal/ Strategic Environmental Assessment. Rochford Core Strategy Preferred Options Document

AUTOMATIC FIRE DETECTION AND ALARM SYSTEMS

ISO INTERNATIONAL STANDARD

AGENDA ITEM: 2.3 Industry Standards Co-ordination Committee. Report from Chairman of GEL/9: Cross Functional Electrical European Standards

Implementation Guidance for ISO 9001:2008

Cotswolds AONB Landscape Strategy and Guidelines. June 2016

Urban Renewal Theory and Practice

Household and similar electrical appliances Safety

English version. Railway applications Systematic allocation of safety integrity requirements

Guide to Membership Assessments

Functional Safety: What It Is, Why It s Important And How to Comply

AS/NZS :2016. Refrigerating systems and heat pumps Safety and environmental requirements AS/NZS :2016. Part 3: Installation site

For the Design, Installation, Commissioning & Maintenance of Fire Detection and Fire Alarm Systems


CONNECTION, ENERGISING, COMMISSIONING AND PERMANENT DISCONNECTION OF HIGH VOLTAGE APPARATUS

Digital EPIC 2 Safety manual

ISO 6183 INTERNATIONAL STANDARD. Fire protection equipment Carbon dioxide extinguishing systems for use on premises Design and installation

AS/NZS :2014. Electrical equipment for coal mines Introduction, inspection and maintenance AS/NZS :2014. Part 1: For hazardous areas

a guide to the interpretation of

Transcription:

GUIDANCE ON ASSESSING THE SAFETY INTEGRITY OF ELECTRICAL SUPPLY PROTECTION

GUIDANCE ON ASSESSING THE SAFETY INTEGRITY OF ELECTRICAL SUPPLY PROTECTION September 2006 Published by ENERGY INSTITUTE, LONDON The Energy Institute is a professional membership body incorporated by Royal Charter 2003 Registered charity number 1097899

The Energy Institute gratefully acknowledges the financial contributions towards the scientific and technical programme from the following companies: BG Group BHP Billiton Limited Exploration Operating Co Ltd Oil UK Ltd Chevron ConocoPhillips Ltd ENI ExxonMobil International Ltd Kuwait Petroleum International Ltd Maersk Oil North Sea UK Ltd Murco Petroleum Ltd Nexen Shell UK Oil Products Limited Shell U.K. Exploration and Production Ltd Statoil (U.K.) Limited Talisman Energy (UK) Ltd Total E&P UK plc Total UK Limited Copyright 2006 by the Energy Institute, London: The Energy Institute is a professional membership body incorporated by Royal Charter 2003. Registered charity number 1097899, England All rights reserved No part of this book may be reproduced by any means, or transmitted or translated into a machine language without the written permission of the publisher. The information contained in this publication is provided as guidance only and while every reasonable care has been taken to ensure the accuracy of its contents, the Energy Institute cannot accept any responsibility for any action taken, or not taken, on the basis of this information. The Energy Institute shall not be liable to any person for any loss or damage which may arise from the use of any of the information contained in any of its publications. The above disclaimer is not intended to restrict or exclude liability for death or personal injury caused by own negligence. ISBN 9780 85293 468 8 Published by the Energy Institute Further copies can be obtained from Portland Customer Services, Commerce Way, Whitehall Industrial Estate, Colchester CO2 8HP, UK. Tel: +44 (0) 1206 796 351 email: sales@portland-services.com

CONTENTS Foreword... vii Page Acknowledgements... viii 1 Introduction... 1 2 Scope and application... 3 2.1 Scope... 3 2.2 Application... 3 3 Risk criteria... 5 3.1 Safety... 5 3.2 Commercial... 5 3.3 Environmental... 5 4 Safety lifecycle... 7 4.1 Management of the process... 7 4.2 Assessment of risk... 7 4.3 Allocation of SIL to protection function... 11 4.4 Hardware and software... 15 4.5 Protection setting... 15 4.6 Factory tests and commissioning... 16 4.7 Inspection, testing and maintenance... 16 4.8 Modifications to procedures, system or protection... 17 4.9 Audit and review... 17 4.10 Procedures and documentation... 17 5 Commercial considerations... 19 Annex A Verification of safety risk graph... 21 Annex B Reliability data... 25 Annex C Worked examples of risk reviews and SIL allocation... 27 Annex D Verification of reliability factors in SIL assessment... 45 Annex E Glossary of terms and abbreviations... 49 Annex F References... 51 v

Contents Cont... Page Tables Table 4.1: Target failure measures for SILs... 8 Table 4.2: Minimum SIL due to hardware tolerance... 14 Table B.1: Reliability data... 25 Table C.1: Summary of SIL evaluation results... 30 Table C.2: Record of risk review for 33kV/11 kv transformer... 31 Table C.3: Record of risk review for 11 kv cable... 34 Table C.4: Record of risk review for LV busbar... 35 Table C.5: Record of risk review for HV Ex induction motor... 36 Table C.6: Record of risk review for LV Ex induction motor... 38 Table C.7: Record of risk review for bus current limiter (Is) interconnector... 39 Table C.8: Record of risk review for 11 kv generator... 40 Table C.9: Record of risk review for offshore 13,8 kv/6,6 kv transformer... 42 Table C.10: Record of risk review for offshore bus current limiter (Is) interconnector... 42 Table C.11: Record of risk review for offshore LV Ex induction motor... 43 Figures Figure 4.1: Safety lifecycle for electrical protection systems... 8 Figure 4.2: SIL graph for safety risk assessment ('safety risk graph')... 9 Figure 4.3: Typical protection arrangement for an LV induction motor... 12 Figure 4.4: Reliability diagrams for typical LV induction motor protection... 12 Figure 5.1: SIL graph for commercial risk assessment... 20 Figure A.1: Verification based on 33/11 kv transformer located in protected place... 22 Figure A.2: Verification based on 33/11 kv oil-filled transformer located in public position... 22 Figure A.3: Verification based on 11 kv cable in parallel operation... 22 Figure A.4: Verification based on HV Ex induction motor in Zone 1 area... 23 Figure A.5: Verification based on bus current limiter (Is) interconnector... 23 Figure A.6: Verification based on 11 kv generator... 23 Figure C.1a: Power system and protection configuration... 28 Figure C.1b: Power system and protection configuration... 29 Figure C.2: Hardware sub-systems of the protection arrangement... 33 Figure D.1: Protection system arrangement... 45 Figure D.2: Reliability diagram for factor s... 46 Figure D.3: Reliability diagram for factor t... 47 vi

FOREWORD The increasing use of microprocessor and programmable devices for protection of electrical supply requires an understanding of their functional safety. IP Guidance on assessing the safety integrity of electrical supply protection provides guidance on applying an efficient risk-based assessment methodology for determining safety integrity level (SIL) requirements and SIL allocations for the electrical protection function of various plant items. The methodology applies the safety integrity principles of IEC 61508/IEC 61511 to the protection of equipment and systems that are used in electricity supply, including the machinery involved. By applying the methodology and guidance provided in this publication, electrical practitioners in the petroleum industry (both onshore and offshore) and allied process industries should be able to design, install, operate, modify and evaluate new and existing electrical supply protection equipment and systems using the safety integrity principles of IEC 61508/IEC 61511. In doing so, they should test their schemes (especially where they differ from previous practices due to new technology) to confirm they have not unknowingly raised the SIL provided to 1 or higher. This contrasts sharply with the expectations of engineers using IEC 61508/IEC 61511 for process control schemes where SIL 1 or higher is not uncommon or unexpected. Whilst written in the context of the UK legislative and regulatory framework, the principles set out in this publication can be similarly applied internationally providing that the pertinent national and local legislative and regulatory requirements are complied with. Where the requirements differ, the more stringent should be adopted. The information contained in this publication is provided as guidance only and while every reasonable care has been taken to ensure the accuracy of its contents, the Energy Institute, nor the representatives listed in the Acknowledgements cannot accept any responsibility for any action taken, or not taken, on the basis of this information. The Energy Institute shall not be liable to any person for any loss or damage which may arise from the use of any of the information contained in any of its publications. This publication may be reviewed from time to time. It would be of considerable assistance in any future revision if users would send comments or suggestions for improvement to: Energy Institute Technical Department 61 New Cavendish Street London W1G 7AR e: technical@energyinst.org.uk vii

ACKNOWLEDGEMENTS This publication was commissioned by the Institute s Electrical Committee and was prepared by Bob Fallaize (Consultant). Significant technical contributions were made by: Jim Adams David Atkinson Joe Battle Steve Bowcock Duncan Crichton Robert Denham Peter Freeman Kevin Hailes Alan Jeater Thomas Liew Tom Ramsey Paul Taylor Norman Turner Stephen Wilkinson Total Health and Safety Executive Shell U.K. Oil Products Limited Shell E&P Europe Esso Petroleum British Pipeline Agency Limited Health and Safety Executive ConocoPhillips Affiliations refer to the time of participation. Project co-ordination and technical editing was carried out by Alia Alavi (Energy Institute) and latterly by Mark Scanlon (Energy Institute). The Institute wishes to record its appreciation of the work carried out by those listed above and those that provided technical comments during the development of the publication. viii

1 INTRODUCTION Instrumentation systems have been used for many years for the protection of plant and equipment in all areas of industry. The development of more complex protective systems involving the use of microprocessor and programmable devices, together with a trend to address risk more rigorously, has led to an increasing need to address the reliability and security of equipment and systems. IEC 61508 (published in 1998) provides a framework for the robust consideration of the safety risks associated with the use of such equipment in systems used for safety purposes. IEC 61511 (published in 2003) provides a process industry specific application. Although the underlying approach used within IEC 61508/IEC 61511 is specifically aimed at the protection issues surrounding process plant handling, transporting and storage of products it may also be applied to the protection of equipment and systems that are used as part of electricity supply, including the machinery involved in that process. The driver for developing the risk-based assessment methodology to functional safety set out in this publication has been the increasing use of microprocessor and programmable devices for electrical protection. In addition, the risk assessment required by legislation such as the UK Control of Major Accident Hazards Regulations (COMAH) 1999 (as amended) should include power system integrity and plant shutdown scenarios. This publication provides electrical practitioners with guidance on applying an approach to risk associated with the protection of electrical power supply equipment and systems, specifically those used within the petroleum industry (both onshore and offshore) and allied process industries. It considers the concepts developed in IEC 61508 and subsequently applied in IEC 61511 and develops these to make them more easily applicable to the protection of electrical power supply equipment and systems. The approach is not only applicable to microprocessor and programmable equipment deployed or possibly to be deployed in future in electrical systems, but offers benefit to the assessment of risk associated with protection based on electronic or electromechanical devices. By using this publication, electrical practitioners should be able to design, install, operate, modify and evaluate new and existing electrical protection equipment and systems using the safety integrity principles of IEC 61508/IEC 61511. Commercial and environmental risk may be assessed in a manner similar to that of safety. Where this is the case, the higher of the SILs identified should be adopted for the protection arrangements. In using this publication, electrical practitioners should define tolerable risk criteria; in the UK safety risks should be made as low as reasonably practicable (ALARP). Generally, the protection requirement should not be greater than SIL 1; it has been found that following previous good practices in the design of protection equipment and systems, together with appropriate test, inspection and maintenance routines (to ensure failure rates are low) should achieve this aim in most instances. 1

GUIDANCE ON ASSESSING THE SAFETY INTEGRITY OF ELECTRICAL SUPPLY PROTECTION 2

2 SCOPE AND APPLICATION 2.1 SCOPE This publication provides guidance on assessing the risk and the consequent SIL requirements of protection systems applied to electrical power equipment and systems used within the petroleum industry (both onshore and offshore) and the allied process industries. The elements of achieving and maintaining a defined SIL applied to protection arrangements are that: Protection arrangements satisfy the requirements of a defined risk analysis. Hardware elements used in the safety function have a defined hardware fault tolerance. Processes are applied that should avoid those faults of a systematic nature that may only be eliminated by a change in system or procedure. This publication sets out means to achieve these requirements. Note that all of Section 4 should be satisfactorily addressed in order to achieve a SIL of one or above. The approach to risk assessment in this publication addresses three fundamental requirements: The initial assessment of risk that must be undertaken in order to identify the level of reliability demanded of the protection function overall. The assessment and allocation to the protection function, of the SIL offered by the protection arrangements applied to the power system. The necessary management, maintenance, testing and recording framework that is necessary to support the integrity of the entire process of risk evaluation. The electrical systems in scope of this publication are those used in the petroleum industry (both onshore and offshore) and allied process industries. Note that Annex C provides worked examples of risk reviews for similar equipment in both onshore and offshore environments; this illustrates the differences that may be encountered. The techniques employed do not make a distinction between relay types; electromechanical, electronic and digital relay applications can be reviewed, managed and maintained using the methods recommended. Whilst the publication focuses on safety as the key risk driver for determining SILs, it also offers guidance on determining SILs based on commercial and environmental considerations. 2.2 APPLICATION This publication is applicable to the protection systems used for all electrical equipment. It is presented in a way that will enable its application to existing and to new plant. This section sets out how electrical practitioners should apply the guidance provided in this publication, including defining some pre-requisites, and what to apply it to. Before a formal approach to risk assessment can be undertaken, the electrical power system should have in place the following basic elements: 3

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback