ABB Wallchart About SIL Assessment Methodology
1
1 0.1 to 0.01 90% to 99% 2 0.01 to 0.001 99% to 99.9% 3 0.001 to 0.0001 99.9% to 99.99% 4 0.0001 to 0.00001 99.99% to 99.999% For Safety Lifecycle and Hazard Analysis advice, please call 01642 372000. For details of relevant ABB Instrumentation, Systems and Equipment, please call 0870 600 6122. www.abb.co.uk/instrumentation ABB Limited, Howard Road, St Neots, Cambridgeshire, PE19 8EU, UK. Tel: 0870 600 6122 WP/SIL Issue 1 (09.03) The ABB Guide to Safety Critical Systems and International Standard IEC 61508 ABB provides a total life cycle safety capability aligned to the IEC 61508 Safety Lifecycle. We are the best-placed leading international company to be able to advise you on all phases from Concept (1) to Decommissioning (16), including the Hazard and Risk Analysis which is necessary to determine the overall safety requirements of any plant or process. In addition, ABB offers a comprehensive selection of instrumentation and other equipment required to implement fully safety compliant plant, whether as stand alone products or in fully integrated packages. These are supported by our installation, commissioning, operation, maintenance and other services. 1 Concept 2 Overall Scope Definition 3 Hazard Risk Analysis 4 Overall Safety Requirements 12 Overall Installation & Commissioning 13 Overall Safety Validation 14 Overall Operation & Maintenance 15 Overall Modification & Retrofit 16 Decommissioning 5 Safety Requirements Allocation 9 Safety Related Systems: E / E / PES Realisation 10 Safety Related Systems: Other Technology Realisation 11 External Risk Reduction Facilities Realisation 6 Overall Operation & Maintenance Planning 7 Overall Validation Planning 8 Overall Installation & Commissioning Planning Overall Planning Safety Average Probability of % Reliability Integrity Level Failure on Demand (PFDavg) SIL Determination Methodologies Hazard & Risk Analysis Overall Lifecycle Identify Potential Hazardous Events Allocate Risk Reduction to Technologies Operations On-going Review Assess Risk Assess SIL for Instrumented Risk Reduction Assess Required Risk Reduction Design Safety Instrumented Function Compare with Criteria • Hazard studies and HAZOPs • Evaluate possible consequences • Establish tolerable frequencies vs ALARP • Build event chain • Estimate demand rates • Define protection required • Specify required Safety Integrity Level Process risk Introducing Risk Reduction and Risk Targets Necessary risk reduction OVERPRESSURIZATION 0.1/year EXTERNAL EVENTS (fire) BPCS FUNCTION FAILS Legend OR Basic event Transfer gate SENSOR FAILS VALVE STUCK BPCS FAILS Residual risk Residual risk Risk reduction from SIS layer Risk reduction from other non-SIS prevention / mitigation layers Risk reduction from other protection layers Risk reduction achieved by all protection layers Actual risk reduction Starting point for risk reduction estimation Generalized arrangement (in practical implementations the arrangement is specific to the applications to be covered by the risk graph) C = Consequence parameter F = Exposure time parameter P = Probability of avoiding the hazardous event W = In the absence of the SIF under consideration C A C B C C C D F A F B F A F B F A F B P A P B P A P B P A P B P A P B W 3 W 2 W 1 a --- --- 1 a --- 2 1 a 3 2 1 4 3 2 b 4 3 ---= No safety requirements a = No special safety requirements b = A single SIF is not sufficient 1, 2, 3, 4 = Safety integrity level X 1 X 2 X 3 X 4 X 5 X 6 # 1 2 3 4 5 6 7 8 9 10 11 Impact Severity Initiating Initiation General BPCS Alarms, Additional IPL Inter- SIF Mitigated Notes event level cause likelihood process F.14.5 etc. mitigation, additional mediate integrity event description F.4 F.5 F.6 design F.14.6 restricted mitigation event level likelihood F.3 F.14.1 F.14.2 F.14.3 F.14.4 access F.8 dikes, likelihood F.11 F.12 F.14.1 F.14.7 pressure F.10 F.14.10 F.14.10 relief F.14.9 F.9 F.14.8 1 Fire from S Loss of 0,1 0,1 0,1 0,1 0,1 PRV 01 10 -7 10 -2 10 -9 High distillation cooling pressure column water causes rupture column rupture 2 Fire from S Steam 0,1 0,1 0,1 0,1 PRV 01 10 -6 10 -2 10 -8 Same distillation control as column loop above rupture failure N PROTECTION LAYERS IEC 61508 Safety Lifecycle Safety Integrity Levels Typical Methodology Overview of Lifecycle Phases Pre-Design Phases 1-5 End User / Operator Set the SIL target Design and Installation Phases 6-13 (Engineering / Equipment Supplier) Design the architecture / Provide the integrity information Operation Phases 14-16 (End User / Operator) Operate & Test to Verify Target SIL = Design SIL = Operation. Manage maintenance and modifications Lifecycle repeats Fault Tree Analysis Layer of Protection Analysis Risk Graphs Demand more from your instrumentation. Demand more from your source. Pre-Design Phases 1 – 5 (End User / Operator) Setting the SIL Target
description
ABB Wallchart About SIL Assessment Methodology
Transcript of ABB Wallchart About SIL Assessment Methodology
1 0.1 to 0.01 90% to 99%2 0.01 to 0.001 99% to 99.9%3 0.001 to 0.0001 99.9% to 99.99%4 0.0001 to 0.00001 99.99% to 99.999%
For Safety Lifecycle and Hazard Analysisadvice, please call 01642 372000.For details of relevant ABBInstrumentation, Systems and Equipment, please call 0870 600 6122.
www.abb.co.uk/instrumentation ABB Limited, Howard Road, St Neots, Cambridgeshire, PE19 8EU, UK. Tel: 0870 600 6122 WP/SIL Issue 1 (09.03)
The ABB Guide to Safety Critical Systems and International Standard IEC 61508
ABB provides a total life cycle safety capability aligned to the IEC 61508 Safety
Lifecycle. We are the best-placed leading international company to be able to advise
you on all phases from Concept (1) to Decommissioning (16), including the Hazard and
Risk Analysis which is necessary to determine the overall safety requirements of any
plant or process. In addition, ABB offers a comprehensive selection of instrumentation
and other equipment required to implement fully safety compliant plant, whether as
stand alone products or in fully integrated packages. These are supported by our
installation, commissioning, operation, maintenance and other services.
1 Concept
2 Overall Scope Definition
3 Hazard Risk Analysis
4 Overall Safety Requirements
12 Overall Installation & Commissioning
13 Overall Safety Validation
14 Overall Operation & Maintenance 15 Overall Modification & Retrofit
16 Decommissioning
5 Safety Requirements Allocation
9 Safety RelatedSystems:
E / E / PES
Realisation
10 Safety RelatedSystems:
Other Technology
Realisation
11 External RiskReductionFacilities
Realisation
6 Overall Operation & Maintenance
Planning
7 Overall ValidationPlanning
8 Overall Installation & Commissioning
Planning
Overall Planning
Safety Average Probability of % ReliabilityIntegrity Level Failure on Demand (PFDavg)
SIL Determination Methodologies
Hazard & Risk Analysis
OverallLifecycle
Identify Potential
Hazardous Events
Allocate Risk
Reduction toTechnologies
Operations On-going
Review
Assess Risk
Assess SIL for Instrumented Risk Reduction
Assess Required
Risk Reduction
Design Safety
Instrumented Function
Compare with
Criteria
• Hazard studies and HAZOPs• Evaluate possible
consequences• Establish tolerable
frequencies vs ALARP
• Build event chain• Estimate demand rates• Define protection required• Specify required Safety
Integrity Level
Processrisk
Introducing Risk Reduction and Risk Targets
Necessary risk reduction
OVERPRESSURIZATION0.1/year
EXTERNAL EVENTS(fire)
BPCS FUNCTIONFAILS
Legend
OR
Basic event
Transfer gate
SENSORFAILS
VALVESTUCK
BPCSFAILS
Residualrisk
Residualrisk
Risk reductionfrom SIS layer
Risk reductionfrom other non-SIS
prevention /mitigation layers
Risk reductionfrom otherprotection
layers
Risk reduction achieved by all protection layers
Actual risk reduction
Starting pointfor risk reduction
estimation
Generalized arrangement(in practical implementationsthe arrangement is specific
to the applications to becovered by the risk graph)
C = Consequence parameterF = Exposure time parameterP = Probability of avoiding the hazardous eventW = In the absence of the SIF under consideration
CA
CB
CC
CD
FAFB
FAFB
FAFB
PAPB
PAPB
PAPB
PAPB
W3 W2 W1
a --- ---
1 a ---
2 1 a
3 2 1
4 3 2
b 4 3
---= No safety requirementsa = No special safety requirementsb = A single SIF is not sufficient1, 2, 3, 4 = Safety integrity level
X1
X2
X3
X4
X5
X6
# 1 2 3 4 5 6 7 8 9 10 11
Impact Severity Initiating Initiation General BPCS Alarms, Additional IPL Inter- SIF Mitigated Notesevent level cause likelihood process F.14.5 etc. mitigation, additional mediate integrity event
description F.4 F.5 F.6 design F.14.6 restricted mitigation event level likelihoodF.3 F.14.1 F.14.2 F.14.3 F.14.4 access F.8 dikes, likelihood F.11 F.12
F.14.1 F.14.7 pressure F.10 F.14.10 F.14.10relief F.14.9F.9
F.14.8
1 Fire from S Loss of 0,1 0,1 0,1 0,1 0,1 PRV 01 10-7 10-2 10-9 Highdistillation cooling pressure
column water causesrupture column
rupture
2 Fire from S Steam 0,1 0,1 0,1 0,1 PRV 01 10-6 10-2 10-8 Samedistillation control as
column loop aboverupture failure
N
PROTECTION LAYERS
IEC 61508 Safety Lifecycle
Safety Integrity Levels Typical Methodology
Overview ofLifecycle Phases
Pre-Design Phases 1-5
End User / Operator
Set the SIL target
Design and InstallationPhases 6-13
(Engineering / Equipment Supplier)
Design the architecture /Provide the integrityinformation
Operation Phases 14-16
(End User / Operator)
Operate & Test to Verify Target SIL = Design SIL = Operation.Manage maintenance and modificationsLifecycle repeats
Fault TreeAnalysis
Layer of Protection Analysis
RiskGraphs
Demand more from your instrumentation.
Demand more from your source.
Pre-Design Phases 1 – 5 (End User / Operator) Setting the SIL Target
