Functional Safety - Instrumentation and Control...

Add Footer via >Insert

>Header & Footer

Check in Footer, write in

field, Click Apply to All

To view drawing guides:

1. Right-click on slide and

select ’Grid and

Guides...’

2. Check ’Display drawing

guides on screen’

3. Select ’OK’

Functional Safety

Guide for Safety Instrumented Function Application

Title 1


>Header & Footer



Content

• Why should you require a Safety Instrumented Function (SIF)?

• Requirement when selecting the component according to IEC 61511 for a SIF

• Assessment of component according to IEC 61508 to be implemented into a SIF

• Advantages using fully assessed 9000 Series in SIF


>Header & Footer



SIF Why should you require a

Safety Instrumented Function


>Header & Footer



Hazard and risk assessment

• When going into functional Safety, the primary requirement of the IEC 61511 is to have

a Functional Safety Management System with identification of the safety strategy to

reach safety and identification of the people involved.

People must be aware of their responsibility and be educate for it.

• One of the first step of functional safety is to realize a risk assessment to identify,

analyze possible hazard events and define the risk reduction requirement when

necessary.

• Main risk analysis technics are:

HAZOP (Hazard and Operability analysis), FMEA (Failure Modes and Effects

Analysis), Bow Tie, FTA (Fault Tree Analysis), ETA (Event Tree Analysis),…

• A tolerable risk must be defined

Risk related to the

potential hazard

Severity of the

potential arm Probability of

occurence


>Header & Footer



Hazard and risk assessment

• Further the risk assessment, safety barrier will

be defined with an associated risk reduction

factor

• Safety barriers can be mechanical or Safety

Instrumented Functions

• Safety Barriers can be for prevention of the

hazard to occur or for mitigation after an hazard

occurs.

• Safety Integrated Level

(SIL) is introduced here as a risk

risk reduction factor

Identification of the

potential hazards

Risk estimation

Risk evaluation

Risk reduction

Tolerable risk targeted


>Header & Footer



COMMUNITY EMERGENCY RESPONSE

PLANT EMERGENCY RESPONSE

MITIGATION

Mechanical protection system

Safety Instrumented System

PREVENTION

Mechanical protection system

Safety Instrumented System

BPCS (SNCC)

Monitorins Systems

Operator supervision

PROCESS DESIGN

Allocation of the safety function

Protection Layer Model


>Header & Footer



Safety Instrumented Functions

• When requested SIL level is defined, the mode of operation of the safety

function shall be identified thus enable to implement component within an

instrumented safety function using corresponding figures.

DEMAND MODE

OF OPERATION (Low demand)

SIL Target PFDavg Target risk reduction

4 ≥10-5 to < 10-4 >10 000 to ≤ 100 000

3 ≥10-4to < 10-3 >1 000 to ≤ 10 000

2 ≥10-3 to < 10-2 >100 to ≤ 1 000

1 ≥10-2 to < 10-1 >10 to ≤ 100

CONTINUOUS MODE

OF OPERATION (High demand)

SIL Target PFH

4 ≥10-9 to < 10-8

3 ≥10-8 to < 10-7

2 ≥10-7 to < 10-6

1 ≥10-6 to < 10-5


>Header & Footer



Requirement when selecting

the component

according to IEC 61511


>Header & Footer



Statement of the IEC 61511


>Header & Footer



SIS Design and Engineering

• SIS Design and Engineering

• An end-user has two possibilities in selecting component or sub-systems to be

implemented in Safety Instrumented Functions.

Either the end-user can show that the device has a prior-use history in accordance with

the requirements of IEC 61511 or

Either the device was developed and assessed according to IEC 61508

(this corresponds to an IEC 61508 full assessment)

• It is very important to notice that the first requirement is to be fulfilled by the end-user only.


>Header & Footer



Requirement for Prior use evidence

• The Prior-Use clause of IEC 61511 states the following:

• IEC 61511-1, Section 11.5.3.1: “Appropriate evidence shall be available that the

components and sub-systems are suitable for use in the safety instrumented system.”

• IEC 61511 , Section 11.5.3.2 : “The “appropriate evidence” for devices

must be a documented case that includes:

• Consideration of the manufacturer’s quality, management and configuration

management systems

• Adequate identification and specification of the components or subsystems

• Demonstration of the performance of the components or sub-systems in similar operating

profiles and physical environments

• The volume of operating experience


>Header & Footer



Discussion on Prior use evidence

• Consideration of the manufacturer’s quality, management and configuration

management systems?

Do you verify the ISO 9000, the documented design process,

the safety manual of your supplier ?

• Adequate identification and specification of the components or subsystems?

(Description of the components including design revision information?)

Do you verify your supplier version control of hardware, software?

Do you review the return data and field failure feedback system ?

• Demonstration of the performance of the components or sub-systems in similar operating profiles and

physical environments on the plant, within the company?

Do you manage all operating profiles at your plant?

Type of device, environment condition,…

• The volume of operating experience?

Do you have a necessary recorded experience?

Prior use justification for component selection require high resources and cost…


>Header & Footer



Assessment of component

according to IEC 61508


>Header & Footer



Component certification to IEC 61508

• For a manufacturer, being IEC 61508 compliant means being fully compliant

to the standard not just a part of it.

• Part 1: General requirements (required for compliance)

• Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems

(required for compliance)

• Part 3: Software requirements

(required for compliance)

• Part 4 to 7 are supporting information

• Type A component shall be Part 1-2 compliant

• Type B component shall be Part 1-2-3 compliant

At PR, we apply all requested parts for each Type A/B device of the 9000 Series

Technical

requirements


>Header & Footer



Component certification to IEC 61508

• A Safety Management System (SMS) has been created and assessed at PR

Competent and trained person, independency, Safety management plan, …

• A hardware assessment is performed for each model of the 9000 Series

Safety life cycle, Failure rates (FMEDA , Failure rates λ, SFF, HFT,…)

• A Software assessment is performed for each type B devices of the 9000 Series

Software Functional Safety plan, SW Safety Cycle, Validation planning,

SW Safety validation, operation and modification Verification,…

• Assessment by third party EXIDA


>Header & Footer



FUNCTIONAL ASSESSMENT

• Being IEC 61508 means being fully compliant to the standard, not only part of it.

At PR, we provide you:

• Functional Safety Management System certificate

• Software and/or Hardware Assessment Report

• FMEDA report

• Safety Manual

• SIL Capable Certificate

Nothing’s missing… We are full compliant!

Covering all 61508 requirement, our product can thus be selected

according to the IEC 61511, the end user standard.


>Header & Footer



Advantages using the fully assessed

9000 Series


>Header & Footer



Example : SIL2 achievement

Sensor

Isolator SCS Isolator Actuator

Simple device PR electronics

9113BA

Invensys

Triconex

PR electronics

9107BA

Foxboro SRI990

Type B

HFT=0

SFF > 90%

Type B

HFT=1

SFF > 99%

Type A

HFT=0

SFF > 90%

Type A

HFT=0

SFF > 90%

SIL 2

Systematic

Capability

Systematic

Capability

Systematic

Capability

Systematic

Capability

PFD or PFH calculation to check if it achieves the SIL level requirement with

corresponding Ti ( Σ of all PFD SIF components)

The requirements for the SIF for a SIL 2 is achieved


>Header & Footer




Sensor


Simple device Manufacturer

Invensys

Triconex

Manufacturer Foxboro SRI990

Type B

HFT=0

SFF <90%

Type B HFT=1

SFF > 99%

Type A

HFT=0

SFF <90%

Type A

HFT=0

SFF > 90%

SIL1 only

No Systematic

Capability

Systematic

Capability

No Systematic

Capability

Systematic

Capability



The requirements for the SIF for a SIL 2 is not achieved


>Header & Footer




Sensor


Simple device Manufacturer

Invensys

Triconex

Manufacturer Foxboro SRI990

Type B

HFT=1

SFF <90%

Type B

HFT=1

SFF > 99%

Type A

HFT=0

SFF <90%

Type A

HFT=0

SFF > 90%

No Systematic

Capability

Systematic

Capability

No Systematic

Capability

Systematic

Capability



The requirements for the SIF for a SIL 2 is only partially achieved

It MUST be completed by an END USER proven in use


>Header & Footer



Assessment according to IEC 61508 at PR

21

PR electronics innovate with full assessment by

means of :

• Functional Safety Management System assessment

• Hardware and Software assessment report on

individual products

• SIL Capability Certificate on individual products

By selecting the PR system 9000 devices for

Safety Instrumented Function, you ensure that

the IEC 61511 requirements for component

selection are always fulfilled!

Both SIL2 & SIL3 level can be achieved with

the 9000 Series.


>Header & Footer



Title 22

Functional Safety - Instrumentation and Control...

Documents

Transcript of Functional Safety - Instrumentation and Control...