Esd System Part1(INTRO)

8/12/2019 Esd System Part1(INTRO)

1/13

Process Safety Reliability & Efficiency

EMERGENCY SHUT-DOWN

Safety in the Process Industry is currently playing an increasingly and vitally important role.In a more complex and multi disciplinary engineering environment there is a growing need for engineers,technicians and management involved in process engineering to be aware of the implications of designingand operating safetyrelated systems.Emergency Shut !own components and systems were prepared by the ma"or Standards organi#ations inEurope and the $S.%ombined with the actuated shut down valve, ES! Solenoid valves are the final defense against a plantfailure causing a catastrophic accident. ES! solenoid valves are connected to a P% and together withsensors form a Safety oop. 'henever the sensors detect a dangerous or ha#ardous situation it isessential for the solenoid valves to reliably exhaust air from the actuator in the shut down valve(s so thatthey return to a fail safe mode by means of spring force )fail close(open*.

ASIC ARCHITECTURE:


2/13


3/13


standard applicable to all industries. IE% is in the process of developing a processindustryspecificversion of IE% /0123 based on 8SI(IS S36.20 i.e. IE% /0100

S#%ety "ntegrity 'e(e$ )S"'*&Safety Integrity Level(SIL) is defined as a relative level of risk-reduction provided by a safety

function, or to specify a target level of riskreduction. In simple terms, SIL is a measurement of

performance required for a Safety Instrumented Function(SIF). !e safety integrity levelis

determined primarily from t!e assessment of t!ree factors"

#) Improved reliability. $) Failure to safety. %) &anagement, systematic tec!niques, verification

and validation. SIL refers to a single met!od of reducing in'ury (as determined t!roug! risk

analysis), not an entire system, nor an individual component

Improved reliability

For systems that operate continuously (continuous mode) and systems that operate more than

once per year (high demand), the allowable frequency of failure must be determined. For systems

that operate intermittently (less than once a year / low demand) the probability of failure isspecified as the probability that the system will fail to respond on demand.

SIL

Low demand mode:

average probability of failure on

demand

High demand or continuous mode:

probability of dangerous failure per

hour

# #*$to + #*# #*to + #*

$ #*%to + #*$ #*to + #*

% #*/to + #*% #*0to + #*

/ #*to + #*/ #*1to + #*0

Failure to safety

Calculation of safe failure fraction (SFF) determines howFail-safethe system is. his compares

the li!elihood of safe failures with dangerous failures. "eliability by itself is not sufficient toclaim a S#$ le%el. here are charts in #&C'*+ that specify the le%el of SFF required for each

S#$.

Management, systematic techniques, verification and validation

Specific techniques ensure that mista!es and errors are a%oided across the entire life-cycle.

&rrors introduced anywhere from the initial concept, ris! analysis, specification, design,

installation, maintenance and through to disposal could undermine e%en the most reliableprotection. #&C'*+ specifies techniques that should be used for each phase of the life-cycle.
http://en.wikipedia.org/wiki/Safety_instrumented_systemhttp://en.wikipedia.org/wiki/Safety_instrumented_systemhttp://en.wikipedia.org/wiki/Riskhttp://en.wikipedia.org/wiki/Safety_instrumented_functionhttp://en.wikipedia.org/wiki/Safety_integrity_levelhttp://en.wikipedia.org/wiki/Safety_integrity_levelhttp://en.wikipedia.org/wiki/Fail-safehttp://en.wikipedia.org/wiki/Fail-safehttp://en.wikipedia.org/wiki/Safety_instrumented_systemhttp://en.wikipedia.org/wiki/Safety_instrumented_systemhttp://en.wikipedia.org/wiki/Riskhttp://en.wikipedia.org/wiki/Safety_instrumented_functionhttp://en.wikipedia.org/wiki/Safety_integrity_levelhttp://en.wikipedia.org/wiki/Fail-safe


4/13


Certification to a Safety Integrity Level

he #nternational &lectrotechnical Commissions (#&C) standard #&C '*+, now #&C & '*+,

defines S#$ using requirements grouped into two broad categories hardware safety integrity andsystematic safety integrity. de%ice or system must meet the requirements for bothcategories to

achie%e a gi%en S#$.

he S#$ requirements for hardware safety integrity are based on a probabilistic analysis of the

de%ice. o achie%e a gi%en S#$, the de%ice must meet targets for the ma0imum probability ofdangerous failure and a minimum Safe Failure Fraction. he concept of dangerous failure must

be rigorously defined for the system in question, normally in the form of requirement constraints

whose integrity is %erified throughout system de%elopment. he actual targets required %arydepending on the li!elihood of a demand, the comple0ity of the de%ice(s), and types of

redundancy used.

1F2 (1robability of Failure on 2emand) and ""F ("is! "eduction Factor) of low demand

operation for different S#$s as defined in #&C & '*+ are as follows

SIL PFD PFD (power) RRF

*.-*.* *3- *34 *-**

4 *.*-*.** *34- *35 **-***

5 *.**-*.*** *35- *36 ***-*,***

6 *.***-*.**** *36- *3 *,***-**,***

For continuous operation, these change to the following. (1robability of Failure per 7our)

SIL PFH PFH (power) RRF *.****-*.***** *3- *3' **,***-,***,***

4 *.*****-*.****** *3'- *38 ,***,***-*,***,***

5 *.******-*.******* *38- *3+ *,***,***-**,***,***

6 *.*******-*.******** *3+- *39 **,***,***-,***,***,***

Ris+ , Ris+ Gr#h&
http://en.wikipedia.org/wiki/IEC_61508http://en.wikipedia.org/wiki/IEC_61508


5/13


The risk potential relating to a process technology system is determined in accordance with IEC61511. A risk reduction should be implemented to address the particular risk involved. Thecomponents used must meet the reuirements o! IEC 615"# or IEC 61511 i! this risk reduction isachieved through the application o! electric$electronic automation technology. %oth standardsdivide systems and risk reducing measures into sa!ety levels& these ranging !rom 'I( 1 )indicatinga low risk* to 'I( + )indicating an e,treme risk* based on IEC 615"#. IEC 61511 )the sector o!process technology* has a limitation to 'I( -.

The greater the risk& the more reliable risk reduction measures must be implemented and&conseuently& the greater the reliability the components used must e,hibit.

It is conse-uence driven and four parameters are used to characteri#e a potential ha#ardous eventB%onse-uence )%*, 4re-uency of exposure )4*, Possibility of escape )P* and i+elihood of event )'*. hefollowing is an example of Ris+ 9raph.

IEC 615 8 61511SAFETY INTEGRITY LEVEL(instrument)IEC 615"# reuires a minimum degree o! ardware /ault Tolerance )/T* relative to the 'a!e!ailure !raction )'//*. This is shown in the table . The '// o! 0epperl/uchs devices achieve therange 6" 2 ... 3" 2& solenoid drivers being up to 1"" 2. This is why solenoid drivers also achieve

'I( - in the case o! 1oo1 loop structure.

HFT :Hardware fault tleran!e stands fr t"e ma#imum num$er f "ardware faults w"i!" will ntlead t a dan%erus failure& A "ardware fault tleran!e f 'er means t"at a sin%le fault !an!ause lss f t"e safet fun!tin&


6/13


4a,imum permissible 'I( relative to the !ault tolerance and the proportiono! sa!e !ailures )in compliance with IEC 615"#78* !or Type A sub7systems)non comple, sub7systems*.

2roportion ofsafe* failures (SFF) Hardware Fault Tleran!e(HFF) # $

< 60 % SIL 1 SIL 2 SIL 3

60 % < 90 % SIL 2 SIL 3 SIL 4

90 % < 99 % SIL 3 SIL 4 SIL 4

> 99 % SIL 3 SIL 4 SIL 4

+F,:


7/13


Tproof:

-RGANISATI-NAL .EAS/RES:A sa!ety system is usually in low demand mode in the !ield o! process automation. This iseuivalent to one demand per year. The most important organi9ational measure is there!ore aregular !unction test conducted on the complete sa!ety system.This test veri!ies the !unction o! the entire sa!ety system& including its mechanical components.The shorter the interval between tests& the greater the probability that the sa!ety system will!unction in a correct manner.


8/13


IEC 6!"#is an international standardof rules applied in industry. It is titled Functional Safety

of Electrical/Electronic/Programmable Electronic Safety-related Systems(E$E$%E&or

E$E$%ES).

#&C '*+ has the following %iews on ris!s

:ero ris! can ne%er be reached

Safety must be considered from the beginning

on-tolerable ris!s must be reduced ($"1)
http://en.wikipedia.org/wiki/International_standardhttp://en.wikipedia.org/wiki/International_standardhttp://en.wikipedia.org/wiki/ALARPhttp://en.wikipedia.org/wiki/International_standardhttp://en.wikipedia.org/wiki/ALARP


9/13


IEC 61511is a technical standard which sets out practices in the engineering of systems thatensure the safety of an industrial process through the use of instrumentation. Such systems

are referred to as Safety Instrumented Systems. he title of the standard is ;Functional safety

- Safety instrumented systems for the process industry sector;.

Certified to IEC615!

If t!e system !as an I34#0 certification, t!en it5s important to understand t!e criteria usedby t!et!ird party assessor for issuing suc! certification to a First 6eneration Safety System. !e I34#0standard recogni7es t!e follo8ing four criteria in t!e assessment of a Safety

2L4s92rogrammable3lectronic Systems"

:ard8are Safety Integrity

;e!avior in presence of failure

Safe Failure Fraction

Systematic 4apabilities

IEC 615! Edition "!ere are ot!er concepts added to I34 #0 3dition $ t!at mig!t affect compliance and s!ouldbe considered 8!en c!oosing a 23S. !is paper 8ill concentrate only on t!e follo8ing t!reeareas, but t!e aut!or encourages t!e reader to seek additional information on t!e topic.#. Systematic 4apabilities

$. 4ompetence%. Security

#ecurity$

In t!e case t!e !a7ard analysis identifies t!at malevolent or unaut!ori7ed action, constituting asecurity t!reat, is reasonably foreseeable, t!en a security t!reats analysis s!ould be carried out

IEC 61511

#&C ' co%ers the design and management requirements for S#Ss from cradle to gra%e. #ts

scope includes initial concept, design, implementation, operation, and maintenance through todecommissioning. #t starts in the earliest phase of a pro


10/13


4. =uidelines in the application of #&C '-

5. =uidance for the determination of the required safety integrity le%els

4. Hardware safety integrity which refers to the ability of the hardware to minimise effects ofdangerous hardware random failures, and is expressed as a PFD (probability of failure to danger)

value.5. Behavior of the system following the detection of a fault condition. Safety-related systems need tobe capable of taking fail-safe action, which is a systems ability to react in a safe andpredetermined way (e.g. shutdown) under any and all failure modes. This is usually expressed asthe Safe Failure Fraction (SFF) and is determined from an analysis of the diagnostic cover thedesign can achieve (see below).

. The new important parameter introduced is Safe Failure Fraction (SFF) which is a measure of

the cover and effectiveness of the diagnostics in the system. In order to accommodate earliersystem designs based on high levels of redundancy and lower levels of diagnostic cover, thestandard considers the complete system architecture in the assessment of the SIL achieved.Maximum SIL rating is related to Safe Failure Fraction (SFF) and Hardware Fault Tolerance(HFT), according to Table 1 shown below.

7. Systematic safety integrity refers to failures that may arise due to the system developmentprocess, safety instrumented function design and implementation, including all aspect of itsoperational and maintenance lifecycle safety management.
http://en.wikipedia.org/wiki/Safety_Integrity_Levelhttp://en.wikipedia.org/wiki/Safety_Integrity_Level


11/13


SIL ' S()


12/13



13/13


C(*CL+SI(*

Internationally recogni9ed standards such as A:'I$I'A '#+."1 and IEC 615"# serve as guidelinesto insure proper instrumentation is in place tomitigate or avoid ha9ardous situations. In order tomeet these reuirements& e,ceptional euipmentavailability& reliability& e,perience& and record o!accomplishment are reuired.

!e o8ner9operator s!all determine t!at t!e equipment is designed, maintained, inspected,

tested, and operating in a safe manner.ne=tappropriate opportunity< 8!ic! mean if any of t!e follo8ing conditions is met"

&odifications to t!e process unit t!at impact process risk managed by t!e SIS?

&odifications to t!e control system t!at impact protection layers used to ac!ieve safe

operation?

@!en an incident or near miss investigation !as identified an SIS deficiency? or

@!en t!e revie8 of anot!er process unit designed according to similar practice !as identified

an SIS deficiency.

Esd System Part1(INTRO)

Documents

Transcript of Esd System Part1(INTRO)