Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEC – IEC Presentation G.M. International Safety Inc.

Published byMichelle Vanstone Modified over 10 years ago

Similar presentations

Presentation on theme: "IEC – IEC Presentation G.M. International Safety Inc."— Presentation transcript:

1 IEC 61508 – IEC 61511 Presentation G.M. International Safety Inc.
Document last revised October 1st 2005 G.M. International Safety Inc. P.O. Box 25581 Garfield Heights, OH 44125 USA

2 Standard Definitions IEC 61508
Title: Standard for Functional Safety of Electrical / Electronic / Programmable Electronic Safety-Related System IEC 61511 Title: Safety Instrumented Systems for the Process Industry has been developed as a Process Sector of IEC 61508

3 Standard History The IEC was conceived to define and harmonize a method to reduce risks for human beings and/or reduce valuable loss for all industrial and non industrial environments. The IEC integrates and extends American Standard ISA-S84.01 (1996) and German DIN (1994).

4 Standard Requirements

5 Other related standards
DIN (1994) Title: “Fundamental Safety aspects to be considered for measuring and control equipment” Deals with Quantitative Risk Analysis used for Part 5 of IEC 61508, classification in AK classes 1-8 similar to SIL levels ISA-S84.01 (1996) Title: “Application of Safety Instrumented Systems (SIS) for the process industry” Defines Safety Lifecycles assuming Risk analysis and SIL been carried out.

6 Fundamental Concepts Risk Reduction and Risk Reduction Factor (RRF)
Safety Integrity Level (SIL) Independence Levels and consequences Probability of Failure on Demand (PFD) Reliability Availability Failure Rate (λ) Proof Test Interval between two proof tests (T[Proof]) Failure In Time (FIT) Mean Time To Failure (MTTF) Mean Time Between Failure (MTBF) Mean Time To Repair (MTTR) Safe Failure Fraction (SFF) Safety Lifecycle Safety Instrumented System (SIS)

7 As Low As Reasonably Practicable or Tolerable Risk
Fundamental Concepts Risk Reduction As Low As Reasonably Practicable or Tolerable Risk (ALARP ZONE)

8 Fundamental Concepts Risk Reduction

9 Probability of Failure on Demand
Fundamental Concepts PFDavg / RRF Correlation between Probability of Failure on Demand and Risk Reduction Factor

10 Safety Integrity Level (SIL)
Fundamental Concepts Safety Integrity Level (SIL) SIL levels (Safety Integrity Level) RRF (Risk Reduction Factor) PFD avg (Average Probability of Failure on Demand) SIL Table for Demand and Continuous mode of Operation

11 Independence Levels Assessment Independence Level
Fundamental Concepts Independence Levels Assessment Independence Level as a function of consequences

12 Reliability Reliability is a function of operating time.
Fundamental Concepts Reliability Reliability is a function of operating time. All reliability functions start from reliability one and decrease to reliability zero. The device must be successful for an entire time interval. The statement: “Reliability = 0.76 for a time of hs” makes perfect sense. R(t) = P(T>t)

13 Fundamental Concepts Reliability Reliability is the probability that a device will perform its intended function when required to do so, if operated within its specified design limits. The device “intended function” must be known. “When the device is required to function” must be judged. “Satisfactory performance” must be determined. The “specified design limits” must be known. Mathematically reliability is the probability that a device will be successful in the time interval from zero to t in term of a random variable T.

14 Fundamental Concepts Availability Availability is the probability that a device is successful at time t. No time interval is involved. A device is available if it’s operating. The measure of success is MTTF (Mean Time To Failure)

15 Failure Rate Categories
Fundamental Concepts Failure Rate Categories λ tot = λ safe + λ dangerous λ s = λ sd + λ su λ d = λ dd + λ du λ tot = λ sd + λ su + λ dd + λ du Where: sd = Safe detected su = Safe undetected dd = Dangerous detected du = Dangerous undetected

16 Fundamental Concepts FIT Failure In Time is the number of failures per one billion devices hours. 1 FIT = 1 Failure in 109 hours = = 10-9 Failures per hour

17 Fundamental Concepts MTTF MTTF is an indication of the average successful operating time of a device (system) before a failure in any mode. MTBF (Mean Time Between Failures) MTBF = MTTF + MTTR MTTF = MTBF - MTTR MTTR (Mean Time To Repair) Since (MTBF >> MTTR) MTBF is very near to MTTF in value.

18 MTBF and Failure Rate Relation between MTBF and Failure Rate λ
Fundamental Concepts MTBF and Failure Rate Relation between MTBF and Failure Rate λ Failure per unit time λ = = Quantity Exposed MTBF 1 Quantity Exposed MTBF = = λ Failure per unit time

19 λ = ------------------------------- = ----------------- =
Fundamental Concepts MTBF - Example Instantaneous failure rate is commonly used as measure of reliability. Eg. 300 Isolators have been operating for 10 years. 3 failures have occurred. The average failure rate of the isolators is: Failure per unit time λ = = = Quantity Exposed *10*8760 = per hour = = 38 FIT (Failure per billion hours) = = 38 probabilities of failure in one billion hours. MTBF = 1 / λ = 303 years (for constant failure rate)

20 SFF (Safe Failure Fraction)
Fundamental Concepts SFF (Safe Failure Fraction) SFF summarizes the fraction of failures, which lead to a safe state and the fraction of failure which will be detected by diagnostic measure and lead to a defined safety action

21 Fundamental Concepts Type A SFF Chart Type A components are described as simple devices with well-known failure modes and a solid history of operation

22 Fundamental Concepts Type B SFF Chart Type B: “Complex” component (using micro controllers or programmable logic); according of IEC

23 Fundamental Concepts HSE Study Results of system failure cause study done by English “Health and Safety Executive” (HSE)

24 Safety Lifecycle Origin
Fundamental Concepts Safety Lifecycle Origin

25 Fundamental Concepts Safety Lifecycle 1/5

26 Safety Lifecycle 2/5 First portion of the overall safety lifecycle
Fundamental Concepts Safety Lifecycle 2/5 First portion of the overall safety lifecycle ANALYSIS (End user / Consultant)

27 Realisation activities in the overall safety lifecycle
Fundamental Concepts Safety Lifecycle 3/5 Realisation activities in the overall safety lifecycle

28 Safety Lifecycle 4/5 Safety lifecycle for the E/E/PES
Fundamental Concepts Safety Lifecycle 4/5 Safety lifecycle for the E/E/PES (Electrical / Electronic / Programmable Electronic) Safety - Related System (IEC 61508, Part 2)

29 Safety Lifecycle 5/5 Last portion of the overall safety lifecycle
Fundamental Concepts Safety Lifecycle 5/5 Last portion of the overall safety lifecycle OPERATION (End User / Contractor)

30 SIS SIS (Safety Instrumented System)
Fundamental Concepts SIS SIS (Safety Instrumented System) according to IEC and IEC 61511

31 Safety Instrumented Systems
IEC 61511 Safety Instrumented Systems for Process Industry IEC has been developed as a Process Sector implementation of the IEC The Safety Lifecycle forms the central framework which links together most of the concepts in this standard, and evaluates process risks and SIS performance requirements (availability and risk reduction). Layers of protection are designed and analyzed. A SIS, if needed, is optimally designed to meet particular process risk.

32 Process sector system standard
IEC 61511 Process sector system standard

33 The Standard is divided into three Parts
IEC 61511 IEC Parts The Standard is divided into three Parts Part 1: Framework, Definitions, Systems, Hardware and Software Requirements Part 2: Guidelines in the application of IEC Part 3: Guidelines in the application of hazard and risk analysis

34 IEC 61511 IEC Part 3 Guidelines in the application of hazard and risk analysis

35 Failure Modes and Effects Diagnostic Analysis (FMEDA)
Is one of the steps taken to achieve functional safety assessment of a device per IEC and is considered to be a systematic way to: identify and evaluate the effects of each potential component failure mode; classify failure severity; determine what could eliminate or reduce the chance of failure; document the system (or sub-system) under analysis.

36 FMEDA The following assumptions are usually made during the FMEDA
Constant Failure Rates (wear out mechanisms not included) Propagation of failures is not relevant Repair Time = 8 hours Stress levels according IEC , Class C (sheltered location), with temperature limits within the manufacturer’s rating and an average temperature over a long period of time of 40°C

37 FMEDA

38 SIL level is the lowest in the loop.
1oo1 Architecture PFDavg (T1) = λdd * RT + λdu * T1/2 because RT (avg. repair time) is << T1 PFDavg = λdu * T1/2 λdu = λdu (sensor) + λdu(isolator) + λdu(controller) + λdu(final element) SIL level is the lowest in the loop.

39 PFDavg = (λdun* T1)2/2 + (λdun* T1)2 /3
1oo2 Architecture PFDavg = λduc * (T1/2) + λddc * RT+(λddn* RT)2 + (λddn* RT * λdun* T1)2/2 + (λdun* T1)2 /3 PFDavg = (λdun* T1)2/2 + (λdun* T1)2 /3

40 2oo3 Architecture PFDavg = λduc * (T1/2) + 3[λddc * RT+(λddn* RT)2 + (λddn* RT * λdun* T1)2/2 + (λdun* T1)2 /3]

41 SIL3 using SIL2 subsystem
SIL3 Control Loop or Safety Function using SIL2 Sub-Systems in 1oo2 Architecture

42 Safety Manual A Safety Manual is a document provided to users of a product that specifies their responsibilities for installation and operation in order to maintain the design safety level. The following information shall be available for each safety-related sub-system ..

43 Safety Manual Requirements
Functional specification and safety function Estimated rate of failure in any mode which would cause both undetected and detected safety function dangerous failures Environment and lifetime limits for the sub-system Periodic Proof Tests and/or maintenance requirements T proof test time interval Information necessary for PFDavg, MTTR, MTBF, SFF, λdu, λtotal Hardware fault tolerance and failure categories Highest SIL that can be claimed (not required for proven in use sub-systems) Documentary evidence for sub-system’s validation (EXIDA) Proof Test Procedures to reveal dangerous faults which are undetected by diagnostic tests.

44 SIL Table for operative modes “high” and “low” demand
Using the Safety Manual Standard references Remembering that: SIL (Safety Integrity Level) RRF (Risk Reduction Factor) PFD avg (Average Probability of Failure on Demand) SIL Table for operative modes “high” and “low” demand

45 Using the Safety Manual
Standard references Remembering definitions given for type “A” and “B” components, sub-systems, and related SFF values

46 Loop PFDavg calculation
Using the Safety Manual Loop PFDavg calculation 1oo1 typical control loop PFDavg(sys) = PFDavg(tx) + PFDavg(i) + PFDavg(c) + PFDavg(fe)

47 Loop PFDavg calculation
Using the Safety Manual Loop PFDavg calculation For calculating the entire loop’s reliability (Loop PFDavg), PFDavg values for each sub-systems must first be found and be given a proportional value (“weight”) compared to the total 100%. This duty is usually assigned to personnel in charge of plant’s safety, process and maintenance.

48 Loop PFDavg calculation
Using the Safety Manual Loop PFDavg calculation Equation for 1oo1 loop Where: RT = repair time in hours (conventionally 8 hours) T1 = T proof test, time between circuit functional tests ( years) λdd = failure rate for detected dangerous failures λdu = failure rate for undetected dangerous failures

49 Loop PFDavg calculation
Using the Safety Manual Loop PFDavg calculation If T1 = 1 year then but being λdd * 8 far smaller than λdu * 4380

50 For D1014 λdu is equal to 34 FIT (see manual)
Using the Safety Manual Example 1 PFDavg = λdu * T1/2 For D1014 λdu is equal to 34 FIT (see manual) Therefore PFDavg = 34 * 10-9 * 4380 = = 0, = FIT

51 Using the Safety Manual
Example 2 “Weights” of each sub-system in the loop must be verified in relation with expected SIL level PFDavg and data from the device’s safety manual. For example, supposing SIL 2 level to be achieved by the loop on the right in a low demand mode: PFDavg(sys) is between 10-3 and 10-2 per year “Weight” of D1014 Isolator is 10% Therefore PFDavg(i) should be between 10-4 and 10-3 per year.

52 Using the Safety Manual
Example 2 Given the table above (in the safety manual) conclusions are: Being D1014 a type A component with SFF = 90%, it can be used both in SIL 2 and SIL 3 applications. PFDavg with T proof = 1yr allows SIL3 applications PFDavg with T proof = 5yr allows SIL2 applications PFDavg with T proof = 10yr allows SIL1 applications

53 Using the Safety Manual
1oo2 architecture What happens if the total PFDavg does not reach the wanted SIL 2 level, or the end user requires to reach a higher SIL 3 level? The solution is to use a 1oo2 architecture which offers very low PFDavg, thus increasing fail-safe failure probabilities.

54 1oo2 architecture Using the Safety Manual For D1014S (1oo1):
PFDavg = λdu* T1/2 PFDavg = FIT For D1014D (1oo2): PFDavg = (λdun* T1)2/2 + (λdun* T1)2 /3 PFDavg = 75 FIT In this case a 1oo2 architecture gives a 2000 times smaller PFDavg for the sub-system

55 Final considerations Using the Safety Manual
Always check that the Safety Manual contains information necessary for the calculation of SFF and PFDavg values. Between alternative suppliers, choose the one that offers: highest SIL level, highest SFF value, longest T[proof] time interval for the same SIL level, lowest value of PFDavg for the same T[proof]. When in presence of units with more than one channel and only one power supply circuit, the safety function allows the use of only one channel. Using both of the channels is allowed only when supply is given by two independent power circuits (like D1014D). Check that the Safety Manual provides all proof tests procedures to detect dangerous undetected faults.

56 Credits and Contacts G.M. International Safety Inc. P.O.BOX 25581
Garfield Heights, OH 44125 USA Toll Free: Document last revised October 1st 2005

Download ppt "IEC – IEC Presentation G.M. International Safety Inc."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
Automation and Motion IEC Control Marketing, 12.15.03, 1 Safety Integrated® Topics for today.

Automation and Motion IEC Control Marketing, , 1 Safety Integrated® Topics for today.
1

1
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.

Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.

1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.
Critical Systems Specification

Critical Systems Specification
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint

Chapter 1 The Study of Body Function Image PowerPoint
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination. Introduction to the Business.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Year 6 mental test 5 second questions

Year 6 mental test 5 second questions

Similar presentations

Ads by Google