SIL Seminaire Chem & O&G NL EA June 2010
49
Slide 1 06/01/2010 A. ENGELS Norms and Regulations applied In Process Instrumentation for the chemical, O&G and … Industry
-
Upload
luc-schram -
Category
Documents
-
view
2 -
download
0
description
SIL Seminaire Chem & O&G NL EA June 2010
Transcript of SIL Seminaire Chem & O&G NL EA June 2010
Slide 1
06/01/2010
A. ENGELS
Norms and Regulations appliedIn Process Instrumentation for the chemical, O&G and … Industry
SIL – Seminar
Slide 2
06/01/2010
A. ENGELS
Only a safe plant is
economical
Safety in the Industry
SIL – Seminar
Slide 3
06/01/2010
A. ENGELS
The key to “Functional Safety”
Safety = Quantified Freedom of unacceptable Risk”
Identical target – different approach
Source: R.Faller/exida
SIL – Seminar
Slide 4
06/01/2010
A. ENGELS
SIL - Safety Integrity Level
IEC 61508 : Functional Safety of E/E/PE Safety-related Systems
IEC 61511 : Functional Safety - Safety instrumented systems for the procesindustry sector
Classification:
INTERNAL
SIL – Seminar
Slide 5
06/01/2010
A. ENGELS
IEC 61508/61511 : Why ?
International Standardgeneric safety standard, for all applicationsbasis for future safety standardsreplaces old functional safety standards : - VDI/VDE2180, ISA84, DIN19250/1…
Widely acceptedreference for regulatory authorities, insurers…benchmark to customers, suppliers, competitors
Risk based approachcosts & effort to be spent on the critical equipment
Covers the total safety life cyclesafety is maintained during all phases of the safety life cyclespecifications, implementation & operation
SIL – Seminar
Slide 6
06/01/2010
A. ENGELS
IEC 61508/61511 : Functional Safety Benefit
Internationally harmonised method assessing safetyinstrumented functions (SIS)
Standardised assessment of SIS regarding systematic failures
Defined life cycle management, i.e. avoidance od systematicfailures already during the design phase
Safety-related assessment of software updates according to IEC 61508
E+H Standard instruments are suitable for SIL 2 without priceadder
SIL – Seminar
Slide 7
06/01/2010
A. ENGELS
Goal: Protection of people, environment and assets
Process Industries:
e.g. chemical plants
Traffic:
e.g. lifts, trains
Machine Tools:
e.g. presses,
robotics
Power Industries:
e.g. reactor protection, fire protection
Functional Safety
is part of the overall safety system relating to the
process and the control system. It pertains to the
avoidance and mastering of all failures in
• control systems,
• machines and personnel
with the goal to minimize the risk for
• employees / workers
• environment
• assets
Functional Safety
SIL – Seminar
Slide 8
06/01/2010
A. ENGELS
Regulations for Safety Instrumented Systems (SIS)
Common Target - Plant Safety!
SupplierSupplier Operator/UserOperator/User
Application standard Implementation for Process industries
• Chemical • Petro-Chemical •Oil&Gas
Generic standardValid for all relevant sectors
• Process • Power Plants •Traffic• Machinery
IEC 61508
Generic Standard
»Functional Safety«
IEC 61511/ISA 84.01
Application Standard
»Process industry«
IEC 61511/ISA 84.01
Application Standard
»Process industry«
SIL – Seminar
Slide 9
06/01/2010
A. ENGELS
Safety in the industry
Process Safety Functional Safety
• Impact on field instrumentation
• explosion hazardous areas
• „toxic“ or „corrosive“
substances
• Safety Instrumented Systems SIS
e.g. emergency shutdown loops
SIL regulations
Plant Safety
Priority No. 1:
safely designed processes
SIL – Seminar
Slide 10
06/01/2010
A. ENGELS
Safety Instrumented System
• Example: Pressure switch or reflux detection
Monitoring Instrument
Ex.: Level Warning
Control Instrument
Ex.: Pressure control loop
~3%
~97%
Functional Safety–relevant
SIL – Seminar
Slide 11
06/01/2010
A. ENGELS
ex : Ethylene PlantSafety Life Cycle : (IEC 61511)
Qualitative
Semi-quantitative
Risk Graph
Balanced Risk Graph
Done by the USER!
Functional Safety : Safety Assessment
ointuctionon
a
b
1
1
2
2
23
3
34
4ence parameter
a
a
1
--- ------
--- = No safety requirements
W W W123C
C
C
C
FF
P
P
P
A
B
D
C
A
B
FF
PP
PA
B A
B
A
B
B
A
A
FF P
PA
B
B
X
X6
X5
X4
X3
X2
1
gemententations
specific tobe coveredaph)
SIL – Seminar
Slide 12
06/01/2010
A. ENGELS
Life Cycle of „SIS“ according to IEC 61511
In each phase
- target
- task
- application
- specification
- result/verification
Analysis
• End-user
• consultant
Realization
• End-user
• vendor
• contractor
Operation
• End-user
•contractor
SIL – Seminar
Slide 13
06/01/2010
A. ENGELS
Safety Life Cycle
SIL
Evaluation
SIL
validation
SIL
Operation
Maintenance & production data
Specification CalculateRegular testing,
management of changing
For a existing Plant : More difficult !
IEC61511
(step 1->5)
IEC61511
(step 6->12)
IEC61511
(step 13->16)
SIL – Seminar
Slide 14
06/01/2010
A. ENGELS
Safety Life Cycle
SIL
Evaluation
SIL
implementation
SIL
Operation
Specification
Design, install,
acceptance testing
Regular testing,
management of changing
For a new Plant :
IEC61511
(step 1->5)
IEC61511
(step 6->12)
IEC61511
(step 13->16)
Specify :
- Process Hazards
- Safety-related functions
- Safety Integrity Levels
REQUIRED
- Allocation to System
Maintenance & production data
Implement :
- Hardware
- Software
- Plan Validation, Operation &
Maintenance
- Install
- Commissioning
Operate :
- Validate Safety Functions
- Operate
- Maintain
- Modify
- Decommission
SIL – Seminar
Slide 15
06/01/2010
A. ENGELS
Starting point for risk reduction
estimation
a
b
1
1
2
2
23
3
34
4C = Consequence parameter
F = Exposure time parameter
P = Probability of avoiding the hazardous event
W = Demand rate assuming no protection
a
a
1
--- ------
--- = No safety requirements
a = No special safety requirements
b = A single E/E/PES is not sufficient
1 , 2 , 3 , 4 = Safety integrity level
W W W 1 2 3 C
C
C
C
F F
P
P
P
A
B
D
C
A
B
F F
P P
P A
B A
B
A
B
B
A
A
F F P
P A
B
B
X
X 6
X 5
X 4
X 3
X 2
1
Generalized arrangement (in practical implementations the arrangement is specific to
the applications to be covered by the risk graph)
Functional Safety : Risk Graph
SIL – Seminar
Slide 16
06/01/2010
A. ENGELS
Overview of measures“ for SIS according to IEC61511
Component Level
Redundancy1oo1 • 1002 • 2oo2 • 2oo3
• Certified IEC61508 +
„Prove in application“or
• Proven-in use [supplier]
or
•Prior-use demonstration [user]
Certified
IEC61508
Systematic
Failures
Random
Failures
&
Failure
Tolerance
&
Required Measures „AND“ not „OR“
ControlntFinalElemeSensor PFDPFDPFD avgPFD
SIL – Seminar
Slide 17
06/01/2010
A. ENGELS
„dangerous
failures“
„safe failures“
to be avoided
Systematic Random
regular test
Quality & Probabilistic: Focus on „Safety“
SIL – Seminar
Slide 18
06/01/2010
A. ENGELS
Root causes for Instrument Failurers
Non-Available
Safety Instrumented System
Systematic Failures
Methods
• Wrong spec
• R+d errors
• Firm ware error
Application
• Vibration, Temperature,
Corrosion, Erosion, ...
Operating/commissioning
• Mounting
• Configuration
• Loop-check ..
Random Hardware failures
Electronic components
“Aging”
• Random Failurers due to
“natural” reasons
Failure
SIL – Seminar
Slide 19
06/01/2010
A. ENGELS
Components quality improvement
Source: supplier
SIL – Seminar
Slide 20
06/01/2010
A. ENGELS
Technologic evolution by improved components
SIL – Seminar
Slide 21
06/01/2010
A. ENGELS
Technologic evolutions that bring enhanced safety
SIL – Seminar
Slide 22
06/01/2010
A. ENGELS
Safety Integrity Levels (SIL)
PFD avgAverage Probability of
Failure on Demand
Safety function
on demand
Without fault not activeTypical „Process plants“
Low Demand Mode
Safety function
permanently active
Without fault for a time
activeTypical „Signaling“
High Demand Modeor Continuous Mode
SFFSafe Failure Fraction
e.g.: SFF = 70%
=> 30% dangerous undetected failures
SIL – Seminar
Slide 23
06/01/2010
A. ENGELS
The whole loop has to be assessed
ActorControlSensor PFDPFDPFD avgPFD
0,00001
0,0001
0,001
0,01
0,1
SIL1
SIL2
SIL3
SIL4
avgPFD
Risk
SIL – Seminar
Slide 24
06/01/2010
A. ENGELS
For a SIL 2 SIS the total PFDav- value must be <10-2
Logic Solver
Share PFDav 15 %
4...20mA
Final Element
e.g. shut-down valve
Share PFDav 50 %
Transmitter
Relay
Contact
Deltabar S
Instrument
Liquiphant & electronics
Share PFDav 35 %
Safety Instrumented Systems
The whole loop has to be assessed : key breakdown
SIL – Seminar
Slide 25
06/01/2010
A. ENGELS
Availability – Safety
Availability
1oo1 2oo2 3oo3
1oo2
1oo3
2oo3 3oo4
4oo4
1oo4
Safety
safety + availability
SIL – Seminar
Slide 26
06/01/2010
A. ENGELS
Includes:
- Manufacturer‘s
Declaration
- Assessment Report
Safety Manual
• SIL level suitability (SIL declaration)
• Values for the calculation of the safety loop
• PFD/Lambda values
• SFF
• Safety-related parameters and their setting
SIL Data‘s
SIL – Seminar
Slide 27
06/01/2010
A. ENGELS
SIL Declaration of Conformity
Low / High-
Demand
FMEDA
SIL
HFT
Proven-in-use
SFF
PFD
Failure Rates
λD, λs
IEC61508 /
61511 (FDIS)
Type A / B
DeclarationInstrument is suitable
for SIL 2 SIS
Parameter• PFD
• SFF / HFT
• MTBF
etc...
SIL – Seminar
Slide 28
06/01/2010
A. ENGELS
Functional Safety
final element
(e.g. valve)
logic controller
Radar
system
4...20mA
PLC /
DCS
Level-Radar
Overspill Protection System example
SIL – Seminar
Slide 29
06/01/2010
A. ENGELS
Overspill protection - what is the right instrumentation ?
Liquiphant
Micropilot
SIL – Seminar
Slide 30
06/01/2010
A. ENGELS
Shut-down signal derived from a radar device
• Micropilot M with 4...20mA output signal
meets SIL2 requirements
• Device settings: "overspill protection"
• "failsafe" behavior ® max detection
•False-echo ® max detection
•Echo-lost due to foam, ... results in max
ALARM ® shut down
Radar: Optimized for safety! (not availability)
• Recommended for standard radar applications
due to availability reasons
• Advantage:
No additional costs for SIL approval
Functional Safety
SIL – Seminar
Slide 31
06/01/2010
A. ENGELS
Functional Safety
Shut-down system with Liquiphant and Micropilot
• Liquiphant is the universal solution for
overspill protection in liquids
• Independent of foam, gas bubbles, ....
• Micropilot M for continuos level measurement
• Echo-lost results in HOLD (not ALARM)
• Settings can be optimized for
continuous level measurement
Radar: Optimized for availability
• Recommended for all radar applications
• Advantage:
High System Availability + High Safety
SIL – Seminar
Slide 32
06/01/2010
A. ENGELS
Buncefield depot (near London)
SIL – Seminar
Slide 33
06/01/2010
A. ENGELS
Buncefield incident
SIL – Seminar
Slide 34
06/01/2010
A. ENGELS
No died …
SIL – Seminar
Slide 35
06/01/2010
A. ENGELS
Typical storage tank
Internal floating roof tank, with (servo) Float Level measuringsystem with a high alarm (Overflow Protection).
SIL – Seminar
Slide 36
06/01/2010
A. ENGELS
Simulation for the scenario of the root cause analyze
Root cause analyse
SIL – Seminar
Slide 37
06/01/2010
A. ENGELS
Overflow led to excessive high flammable mist
Ca. 300 m3 overflowed
SIL – Seminar
Slide 38
06/01/2010
A. ENGELS
No action
No alarm
No Gas detection
What happened …
SIL – Seminar
Slide 39
06/01/2010
A. ENGELS
Texas City ( March 2005)
15 dead
170 injured
Estimated costs
1 Bill. US$
SIL – Seminar
Slide 40
06/01/2010
A. ENGELS
Texas City
164 ft
120 ft
10 ft
SIL – Seminar
Slide 41
06/01/2010
A. ENGELS
Level Switches (1/2)
SIL – Seminar
Slide 42
06/01/2010
A. ENGELS
Level Switches (2/2)
SIL – Seminar
Slide 43
06/01/2010
A. ENGELS
Level Continuous
SIL – Seminar
Slide 44
06/01/2010
A. ENGELS
Flow
SIL – Seminar
Slide 45
06/01/2010
A. ENGELS
Pressure / Differential Pressure
SIL – Seminar
Slide 46
06/01/2010
A. ENGELS
Temperature
SIL – Seminar
Slide 47
06/01/2010
A. ENGELS
System Components
Slide 48
06/01/2010
A. ENGELS
Any Questions ?
Slide 49
06/01/2010
A. ENGELS
Thank you very much
for your attention
