091201 - IEC61508 to reduce maintenance of SIL3 HIPPS
description
Transcript of 091201 - IEC61508 to reduce maintenance of SIL3 HIPPS
1st Dec 2009 AIS – ISA GdS
MIGLIORARE CON LA PROGETTAZIONE: RIDUZIONE DEI COSTI DI MANUTENZIONE DI UN SISTEMA HIPPSRIDUZIONE DEI COSTI DI MANUTENZIONE DI UN SISTEMA HIPPS
IMPROVEMENT BY DESIGN:IMPROVEMENT BY DESIGN: HIPPS MAINTENANCE COST REDUCTION
Relazione per la Giornata di Studio del 1 dicembre 2009:p
SIL - Aspetti applicativi delle norme EN/IEC61508 e IEC61511
1Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
PEOPLE ARE A KEY FACTOR FOR ACHIEVING FUNCTIONAL SAFETY
2Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No. 2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No. 3: MINIMISATION OF COMMON CAUSE FAILURES
6 IMPROVEMENT No 4: FINAL ELEMENT PARTIAL STROKE TEST6. IMPROVEMENT No. 4: FINAL ELEMENT PARTIAL STROKE TEST
7. CONCLUSIONS
3Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
WHAT IS AN HIPPS?WHAT IS AN HIPPS?
High Integrity Pressure Protection Systems are used as alternative pressure protection, as a full or partial
l t f d t l i d h i l li freplacement for adequately sized mechanical pressure relief devices (PSVs and/or rupture disks).
IS IT A SIS ?SIS = Safety Instrumented System
4Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
HIPPS ADVANTAGES
• no capital cost (or lower cost) for relief system (PSV, flare, etc.)
• reduced piping pressure ratings
li i h i l i i di h• compliance with environmental constraints against discharges
5Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Example 1: VESSEL OVERPRESSURE PROTECTION
6Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Example 2: COLUMN TOP HEADER OVERLOAD AVOIDANCEOVERLOAD AVOIDANCE
7Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Example 3: POLYMERIZATION REACTOR (CSTR) TEMPERATURE RUNAWAY PREVENTIONTEMPERATURE RUNAWAY PREVENTION
8Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
REDUNDANT HIPPS. WHY?
9Carlo Lebrun
TO ALLOW FULL TESTImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
= THE SAME LOOP
10Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
IS IT A SIS ?
HIPPS IS A SIS IF IT HAS A SIL (A RISK EVALUATION HAS BEEN DONE), AND IT IS USED FOR RISK REDUCTIONAND IT IS USED FOR RISK REDUCTION
11Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No. 2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No. 3: MINIMISATION OF COMMON CAUSE FAILURES
6 IMPROVEMENT No 4 FINAL ELEMENT PARTIAL STROKE TEST6. IMPROVEMENT No. 4: FINAL ELEMENT PARTIAL STROKE TEST
7. CONCLUSIONS
12Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
SOME CALCULATION ASSUMPTIONS - 1
• System Reliability is evaluated as Probability of Failure on• System Reliability is evaluated as Probability of Failure on Demand (PFDAVG )
• Low Demand Mode of operation• Low Demand Mode of operation• PFDavg of logic solver calculated using Vendors software
tool with fixed T1 = 5 yearstool with fixed T1 5 years • PFDavg of other components calculated using spreadsheet
simplified equationsp q• MTTR for all components = 8 hours• Perfect Proof Test
13Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
SOME CALCULATION ASSUMPTIONS - 2
• T1 (equal for sensor and final element) is maximised in• T1 (equal for sensor and final element) is maximised in order to reach the system PFDavg = 9 990E-04 (used as minimum to comply withPFDavg = 9.990E-04 (used as minimum to comply with SIL3)
14Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
M i P f T t I t l (T1)Maximum Proof Test Interval (T1)
less maintenanceless maintenance
lower cost
15Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
MANUFACTURER DATA COLLECTION:
• CERTIFIED ENGINEERING WORKFLOW• VALIDATED CALCULATION SHEETS
Device Failure Rate Conversion Tool
Device Description: sensor - ABB PT 2600 261Manufacturer: ABB
Model: 261 p-PIEZOData Source: EXIDA Report ABB 070742 C001 Rev 1.0 25JUL2008Compiled By CLE
Revision: 0Date: 01DEC2009
Notes: -
Legend: MANUAL INPUT
CALCULATED
Base Case
Inputs: FITS to λ λ to FITSSD 0.0 FITS 1/hoursSU 108.0 FITS 1/hoursDD 402.0 FITS 1/hoursDU 23.0 FITS 1/hoursTotal Failure Rate 533.0 FITS 1/hours
Outputs:Lambda 5.330E-07 1/hours 0.000E+00 FITSMTBF 1876172.6 hours hoursMTBF 78173.9 days daysMTBF 2605.8 months monthsMTBF 217.1 years years
Modified Values byLambda S 1.080E-07 1/hours FITS Additional Diagnostic (eg: PST)Lambda D 4.250E-07 1/hours FITS 90% Diagnostic Coverage
Lambda SD 0.000E+00 1/hours FITS 0.000E+00 1/hours FITSLambda SU 1.080E-07 1/hours FITS 1.080E-07 1/hours FITSLambda DD 4.020E-07 1/hours FITS 4.227E-07 1/hours FITS
16Carlo Lebrun
Lambda DU 2.300E-08 1/hours FITS 2.300E-09 1/hours FITS
SFF 95.7%Diagnostic Coverage 94.6%
Improvement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
RELIABILITY CALCULATION AND REPORT - 1Device Failure Rate Conversion ToolDevice Failure Rate Conversion Tool
Device Description: sensor - ABB PT 2600 261Manufacturer: ABB
Model: 261 p-PIEZOData Source: EXIDA Report ABB 070742 C001 Rev 1.0 25JUL2008Compiled By CLE
Revision: 0Date: 01DEC2009
Notes: -
Legend: MANUAL INPUT
CALCULATED
Base Case
Inputs: FITS to λ λ to FITSSD 0 0 FITS 1/hoursSD 0.0 FITS 1/hoursSU 108.0 FITS 1/hoursDD 402.0 FITS 1/hoursDU 23.0 FITS 1/hoursTotal Failure Rate 533.0 FITS 1/hours
Outputs:Lambda 5.330E-07 1/hours 0.000E+00 FITSMTBF 1876172.6 hours hoursMTBF 78173.9 days daysMTBF 2605.8 months monthsMTBF 217.1 years years
Modified Values byLambda S 1.080E-07 1/hours FITS Additional Diagnostic (eg: PST)Lambda D 4.250E-07 1/hours FITS 90% Diagnostic Coverage
Lambda SD 0.000E+00 1/hours FITS 0.000E+00 1/hours FITSLambda SU 1.080E-07 1/hours FITS 1.080E-07 1/hours FITSLambda DD 4.020E-07 1/hours FITS 4.227E-07 1/hours FITSLambda DU 2.300E-08 1/hours FITS 2.300E-09 1/hours FITS
SFF 95.7%Diagnostic Coverage 94.6%
INTERNAL CALCULATIONS
MANUFACTURER’s TOOLS
17Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
RELIABILITY CALCULATION AND REPORT - 2
18Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
BASE CASE RESULTS
• In our base case the minimum Proof Test Interval is ≈ 3 years and 4 months
The HIPPS that anybody could do
19Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No. 2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No. 3: MINIMISATION OF COMMON CAUSE FAILURES
6 IMPROVEMENT No 4 FINAL ELEMENT PARTIAL STROKE TEST6. IMPROVEMENT No. 4: FINAL ELEMENT PARTIAL STROKE TEST
7. CONCLUSIONS
20Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
MANUFACTURER DATA COLLECTION:
• CERTIFIED ENGINEERING WORKFLOW• VALIDATED CALCULATION SHEETS
Device Failure Rate Conversion Tool
Device Description: sensor - ABB PT 2600 261Manufacturer: ABB
Model: 261 p-PIEZOData Source: EXIDA Report ABB 070742 C001 Rev 1.0 25JUL2008Compiled By CLE
Revision: 0Date: 01DEC2009
Notes: -
Legend: MANUAL INPUT
CALCULATED
Base Case
Inputs: FITS to λ λ to FITSSD 0.0 FITS 1/hoursSU 108.0 FITS 1/hoursDD 402.0 FITS 1/hoursDU 23.0 FITS 1/hoursTotal Failure Rate 533.0 FITS 1/hours
Outputs:Lambda 5.330E-07 1/hours 0.000E+00 FITSMTBF 1876172.6 hours hoursMTBF 78173.9 days daysMTBF 2605.8 months monthsMTBF 217.1 years years
Modified Values byLambda S 1.080E-07 1/hours FITS Additional Diagnostic (eg: PST)Lambda D 4.250E-07 1/hours FITS 90% Diagnostic Coverage
Lambda SD 0.000E+00 1/hours FITS 0.000E+00 1/hours FITSLambda SU 1.080E-07 1/hours FITS 1.080E-07 1/hours FITSLambda DD 4.020E-07 1/hours FITS 4.227E-07 1/hours FITS
21Carlo Lebrun
Lambda DU 2.300E-08 1/hours FITS 2.300E-09 1/hours FITS
SFF 95.7%Diagnostic Coverage 94.6%
Improvement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
FIND A BETTER SENSOR RESULTSBy Using: You get a T1=
• ABB PT 2600 261 • YOKOGAWA EJX
EMERSON PT 2088
• 3 years 4 months• 3 years 4 months
3 1 th• EMERSON PT 2088• EMERSON PT 3051S• INVENSYS PT HW5
• 3 years 1 months• 3 years 3 months• 3 years 3 monthsINVENSYS PT HW5
• SIEMENS SITRANS P DS III3 years 3 months
• 3 years 1 months
It i t th t l k fIt is not worth to look for a better sensor!
22Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No.2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No. 3: MINIMISATION OF COMMON CAUSE FAILURES
6 IMPROVEMENT No 4: FINAL ELEMENT PARTIAL STROKE TEST6. IMPROVEMENT No. 4: FINAL ELEMENT PARTIAL STROKE TEST
7. CONCLUSIONS
23Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
SOME DIAGNOSTIC FUNCTIONS ARE NORMALLY ASSOCIATED WITH HART SENSORSASSOCIATED WITH HART SENSORS
NOTE: THE DANGEROUS DETECTED FAILURE RATESNOTE: THE DANGEROUS DETECTED FAILURE RATES DECLARED BY VENDORS ARE BASED ON THE ASSUMPTION THAT YOU USE THESE FEATURES
24Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
DIAGNOSTIC FUNCTIONS CAN BE ADDED
• DRIFT DETECTION (or DEVIATION ALARM): ALARM if the absolute difference between two sensor measurements is over a certain value
• MINIMUM CHANGE ALARM: ALARM if the value is constant for a certain selection of samples (eg: in the last 4 minutes)
THESE ADDITIONAL CHECKS CAN DETECT 90% OF DANGEROUS UNDETECTED FAILURESDANGEROUS UNDETECTED FAILURES(QUALITATIVE ESTIMATION)
25Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
IMPROVED DCS DIAGNOSTIC RESULTS• In our base case the minimum Proof Test Interval was
≈ 3 years and 4 monthsBy adding DCS sensor diagnostic we reach
≈ 3 years and 4.4 months
It is not worth if the only change!
26Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No. 2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No.3: MINIMISATION OF COMMON CAUSE FAILURES
6. IMPROVEMENT No. 4: FINAL ELEMENT PARTIAL STROKE TEST6 O o S O S
7. CONCLUSIONS
27Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Use IEC61508 d d listandard list
of questions
Original β estimation as per transmitter manufacturer FMEDA
P 1Part 1
28Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Original β estimation as per transmitter manufacturer FMEDA
Part 2
β = 5% βD = 2%βD 2%
29Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Improved β estimation as per Designer+ End User
Part 1
+ Improved i i icommissioning
organisation
+ improved maintenance organisationg
30Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
Improved β estimation as per Designer + End User
Part 2
D i+ Designer certification
+ End User maintenance training
β = βD = 2%
And we consider applying the same values also to the final element
31Carlo Lebrun
components
Improvement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
COMMON CAUSE MINIMISATION RESULTS• In our base case the minimum Proof Test Interval was
≈ 3 years and 4 months
By better organization and by training people we reach≈ 4 years and 2 months≈ 4 years and 2 months
PEOPLE SKILL IS A KEY FACTOR!
32Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
COMPANY CERTIFICATION OF FUNCTIONAL SAFETY MANAGEMENT ENSURES:OF FUNCTIONAL SAFETY MANAGEMENT ENSURES:
• Functional safety is a company target• Clear organisation and responsabilities for safety• Safety Planning• Methodology for measuring performance and conformity to
safety requirements • Methodology to treat non-conformities and to correct them• Assessment of competence for each role
• CERTIFICATION CAN IMPROVE SYSTEM RELIABILITY
33Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No. 2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No. 3: MINIMISATION OF COMMON CAUSE FAILURES
6 IMPROVEMENT No 4:FINAL ELEMENT PARTIAL STROKE TEST6. IMPROVEMENT No.4:FINAL ELEMENT PARTIAL STROKE TEST
7. CONCLUSIONS
34Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
PARTIAL STROKE TEST RESULTS
• Partial Stroke test is a common technique to catch part of• Partial Stroke test is a common technique to catch part of the Dangerous Undetected failures. It is commonly considered to detect 70% of DU failuresconsidered to detect 70% of DU failures
• By proper design it can be handled automatically with some additional software and no or small hardware addition
• We assume to detect the same percentage of failures for all final elements sub-components
• For our analysis we perform it each 3 months
35Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
PARTIAL STROKE TEST RESULTS• In our base case the minimum Proof Test Interval was
≈ 3 years and 4 months
By final element PST each 3 months we reach≈ 10 years≈ 10 years
WOW!
36Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
1 WHAT IS AN HIPPS?1. WHAT IS AN HIPPS?
2. CALCULATION OF SIS RELIABILITY : BASE CASE
3. IMPROVEMENT No. 1: FIND A BETTER SENSOR
4. IMPROVEMENT No. 2: DEVELOP ADDITIONAL DCS DIAGNOSTICS
5. IMPROVEMENT No. 3: MINIMISATION OF COMMON CAUSE FAILURES
6. IMPROVEMENT No. 4: FINAL ELEMENT PARTIAL STROKE TEST6 O o S O S
7. CONCLUSIONS
37Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
ALL IMPROVEMENTS TOGETHER• In our base case the Proof Test Interval was
≈ 3 years and 4 months
By all proposed improvements together≈ 13 years 3 months≈ 13 years 3 months
38Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction
1st Dec 2009 AIS – ISA GdS
PEOPLE ARE A KEY FACTOR FOR ACHIEVING FUNCTIONAL SAFETY
39Carlo LebrunImprovement by Design: HIPPS Maintenance Cost Reduction