Functional Safety - Instrumentation and Control...
Transcript of Functional Safety - Instrumentation and Control...
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
To view drawing guides:
1. Right-click on slide and
select ’Grid and
Guides...’
2. Check ’Display drawing
guides on screen’
3. Select ’OK’
Functional Safety
Guide for Safety Instrumented Function Application
Title 1
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Content
• Why should you require a Safety Instrumented Function (SIF)?
• Requirement when selecting the component according to IEC 61511 for a SIF
• Assessment of component according to IEC 61508 to be implemented into a SIF
• Advantages using fully assessed 9000 Series in SIF
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
SIF Why should you require a
Safety Instrumented Function
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Hazard and risk assessment
• When going into functional Safety, the primary requirement of the IEC 61511 is to have
a Functional Safety Management System with identification of the safety strategy to
reach safety and identification of the people involved.
People must be aware of their responsibility and be educate for it.
• One of the first step of functional safety is to realize a risk assessment to identify,
analyze possible hazard events and define the risk reduction requirement when
necessary.
• Main risk analysis technics are:
HAZOP (Hazard and Operability analysis), FMEA (Failure Modes and Effects
Analysis), Bow Tie, FTA (Fault Tree Analysis), ETA (Event Tree Analysis),…
• A tolerable risk must be defined
Risk related to the
potential hazard
Severity of the
potential arm Probability of
occurence
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Hazard and risk assessment
• Further the risk assessment, safety barrier will
be defined with an associated risk reduction
factor
• Safety barriers can be mechanical or Safety
Instrumented Functions
• Safety Barriers can be for prevention of the
hazard to occur or for mitigation after an hazard
occurs.
• Safety Integrated Level
(SIL) is introduced here as a risk
risk reduction factor
Identification of the
potential hazards
Risk estimation
Risk evaluation
Risk reduction
Tolerable risk targeted
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
COMMUNITY EMERGENCY RESPONSE
PLANT EMERGENCY RESPONSE
MITIGATION
Mechanical protection system
Safety Instrumented System
PREVENTION
Mechanical protection system
Safety Instrumented System
BPCS (SNCC)
Monitorins Systems
Operator supervision
PROCESS DESIGN
Allocation of the safety function
Protection Layer Model
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Safety Instrumented Functions
• When requested SIL level is defined, the mode of operation of the safety
function shall be identified thus enable to implement component within an
instrumented safety function using corresponding figures.
DEMAND MODE
OF OPERATION (Low demand)
SIL Target PFDavg Target risk reduction
4 ≥10-5 to < 10-4 >10 000 to ≤ 100 000
3 ≥10-4to < 10-3 >1 000 to ≤ 10 000
2 ≥10-3 to < 10-2 >100 to ≤ 1 000
1 ≥10-2 to < 10-1 >10 to ≤ 100
CONTINUOUS MODE
OF OPERATION (High demand)
SIL Target PFH
4 ≥10-9 to < 10-8
3 ≥10-8 to < 10-7
2 ≥10-7 to < 10-6
1 ≥10-6 to < 10-5
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Requirement when selecting
the component
according to IEC 61511
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Statement of the IEC 61511
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
SIS Design and Engineering
• SIS Design and Engineering
• An end-user has two possibilities in selecting component or sub-systems to be
implemented in Safety Instrumented Functions.
Either the end-user can show that the device has a prior-use history in accordance with
the requirements of IEC 61511 or
Either the device was developed and assessed according to IEC 61508
(this corresponds to an IEC 61508 full assessment)
• It is very important to notice that the first requirement is to be fulfilled by the end-user only.
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Requirement for Prior use evidence
• The Prior-Use clause of IEC 61511 states the following:
• IEC 61511-1, Section 11.5.3.1: “Appropriate evidence shall be available that the
components and sub-systems are suitable for use in the safety instrumented system.”
• IEC 61511 , Section 11.5.3.2 : “The “appropriate evidence” for devices
must be a documented case that includes:
• Consideration of the manufacturer’s quality, management and configuration
management systems
• Adequate identification and specification of the components or subsystems
• Demonstration of the performance of the components or sub-systems in similar operating
profiles and physical environments
• The volume of operating experience
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Discussion on Prior use evidence
• Consideration of the manufacturer’s quality, management and configuration
management systems?
Do you verify the ISO 9000, the documented design process,
the safety manual of your supplier ?
• Adequate identification and specification of the components or subsystems?
(Description of the components including design revision information?)
Do you verify your supplier version control of hardware, software?
Do you review the return data and field failure feedback system ?
• Demonstration of the performance of the components or sub-systems in similar operating profiles and
physical environments on the plant, within the company?
Do you manage all operating profiles at your plant?
Type of device, environment condition,…
• The volume of operating experience?
Do you have a necessary recorded experience?
Prior use justification for component selection require high resources and cost…
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Assessment of component
according to IEC 61508
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Component certification to IEC 61508
• For a manufacturer, being IEC 61508 compliant means being fully compliant
to the standard not just a part of it.
• Part 1: General requirements (required for compliance)
• Part 2: Requirements for electrical/electronic/programmable electronic safety-related systems
(required for compliance)
• Part 3: Software requirements
(required for compliance)
• Part 4 to 7 are supporting information
• Type A component shall be Part 1-2 compliant
• Type B component shall be Part 1-2-3 compliant
At PR, we apply all requested parts for each Type A/B device of the 9000 Series
Technical
requirements
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Component certification to IEC 61508
• A Safety Management System (SMS) has been created and assessed at PR
Competent and trained person, independency, Safety management plan, …
• A hardware assessment is performed for each model of the 9000 Series
Safety life cycle, Failure rates (FMEDA , Failure rates λ, SFF, HFT,…)
• A Software assessment is performed for each type B devices of the 9000 Series
Software Functional Safety plan, SW Safety Cycle, Validation planning,
SW Safety validation, operation and modification Verification,…
• Assessment by third party EXIDA
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
FUNCTIONAL ASSESSMENT
• Being IEC 61508 means being fully compliant to the standard, not only part of it.
At PR, we provide you:
• Functional Safety Management System certificate
• Software and/or Hardware Assessment Report
• FMEDA report
• Safety Manual
• SIL Capable Certificate
Nothing’s missing… We are full compliant!
Covering all 61508 requirement, our product can thus be selected
according to the IEC 61511, the end user standard.
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Advantages using the fully assessed
9000 Series
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Example : SIL2 achievement
Sensor
Isolator SCS Isolator Actuator
Simple device PR electronics
9113BA
Invensys
Triconex
PR electronics
9107BA
Foxboro SRI990
Type B
HFT=0
SFF > 90%
Type B
HFT=1
SFF > 99%
Type A
HFT=0
SFF > 90%
Type A
HFT=0
SFF > 90%
SIL 2
Systematic
Capability
Systematic
Capability
Systematic
Capability
Systematic
Capability
PFD or PFH calculation to check if it achieves the SIL level requirement with
corresponding Ti ( Σ of all PFD SIF components)
The requirements for the SIF for a SIL 2 is achieved
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Example : SIL2 achievement
Sensor
Isolator SCS Isolator Actuator
Simple device Manufacturer
Invensys
Triconex
Manufacturer Foxboro SRI990
Type B
HFT=0
SFF <90%
Type B HFT=1
SFF > 99%
Type A
HFT=0
SFF <90%
Type A
HFT=0
SFF > 90%
SIL1 only
No Systematic
Capability
Systematic
Capability
No Systematic
Capability
Systematic
Capability
PFD or PFH calculation to check if it achieves the SIL level requirement with
corresponding Ti ( Σ of all PFD SIF components)
The requirements for the SIF for a SIL 2 is not achieved
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Example : SIL2 achievement
Sensor
Isolator SCS Isolator Actuator
Simple device Manufacturer
Invensys
Triconex
Manufacturer Foxboro SRI990
Type B
HFT=1
SFF <90%
Type B
HFT=1
SFF > 99%
Type A
HFT=0
SFF <90%
Type A
HFT=0
SFF > 90%
No Systematic
Capability
Systematic
Capability
No Systematic
Capability
Systematic
Capability
PFD or PFH calculation to check if it achieves the SIL level requirement with
corresponding Ti ( Σ of all PFD SIF components)
The requirements for the SIF for a SIL 2 is only partially achieved
It MUST be completed by an END USER proven in use
Add Footer via >Insert
>Header & Footer
Check in Footer, write in
field, Click Apply to All
Assessment according to IEC 61508 at PR
21
PR electronics innovate with full assessment by
means of :
• Functional Safety Management System assessment
• Hardware and Software assessment report on
individual products
• SIL Capability Certificate on individual products
By selecting the PR system 9000 devices for
Safety Instrumented Function, you ensure that
the IEC 61511 requirements for component
selection are always fulfilled!
Both SIL2 & SIL3 level can be achieved with
the 9000 Series.