Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pharmaceuticals IEC-61508 Implementing a Compliance Program Motivation Education Implementation.

Similar presentations


Presentation on theme: "Pharmaceuticals IEC-61508 Implementing a Compliance Program Motivation Education Implementation."— Presentation transcript:

1 Pharmaceuticals IEC Implementing a Compliance Program Motivation Education Implementation

2 Pharmaceuticals Overview

3 Pharmaceuticals Overview

4 Pharmaceuticals Overview

5 Pharmaceuticals Motivation Do you or your company believe in the infallibility of Engineered systems?

6 Pharmaceuticals Motivation Roche Ireland does not have this delusion 25 + years operational experience Including some close calls Reality has motivated out safety culture.

7 Pharmaceuticals Education Much of the rest of this presentation has been generated from training presentations given in Roche Ireland to Management Process Engineering Instrument / Electrical Engineering

8 Pharmaceuticals Education Need to educate yourself : Guidelines for Safe Automation of Chemical Processes {CCPS/AIChE} ISA S84 Functional Safety, {Smith & Simpson} IBC conferences Various WWW resources (exida/ sis-tech etc)

9 Pharmaceuticals IEC-61508, SOP 973 Functional safety of electrical / electronic & programmable electronic safety-related systems. Critical Protective equipment - Safety Instrumented Systems

10 Pharmaceuticals IEC-61508, SOP 973 Safety requires protection from hazards of different causes (movement, heat, radiation, el. shock, etc.) “Functional Safety” means protection from hazards due to incorrect functioning.... heat Protection against......electrical shock... hazards due to incorrect function... radiation

11 Pharmaceuticals IEC Will Effect: Process Engineers: Instrument/Electrical Designers: Mechanical Engineering Commissioning:- Extra Effort Documentation :- Extra Effort

12 Pharmaceuticals IEC is legally vague Not legislation Meets ‘Reasonably practicable’ duty Health, safety & welfare at Work act, 1989 Have to put in place a compliance program.

13 Pharmaceuticals Figure 65-1 Intolerable region Negligible risk Risk (deaths/year) 1 x x ALARP

14 Pharmaceuticals RISK Reduction - ALARP As low as reasonably practicable. IEC based on ALARP concept. ALARP concerns region of risk. Risk is an emotive and irrational thing. Commonly accepted values are: upper limit 1 x deaths per year lower limit 1 x deaths per year

15 Pharmaceuticals Safety life cycle - milestone approach ISA S84 life cycle depicted in Fig ISA S84 focuses on Box 9 of IEC

16 Pharmaceuticals Figure 64-1 Active systems layer Passive systems layer Control systems layer Intrinsic safety Fail-safe design Bursting discs Pressure relief valves One way valves Alarms, trips & interlocks ESD F&G Duality Back-up Alarm handling Diagnostics

17 Pharmaceuticals 1 Conceptual process design 3 Apply Category 0 protection systems to prevent hazards & reduce risk 4 Are any Category 1 protection systems required? 6 Develop safety requirements specification (SRS) 8 Detailed design of protection system 12 Pre-start-up safety review 13 Protection system start-up, maintenance & periodic testing 14 Modify protection system?End 2 Perform process HAZAN & risk assessment Start 5 Define target safety integrity levels (SIL) 7 Conceptual design of active protection systems & verify against SRS Figure 65-3 No 9 & 10 Installation, commissioning 11 Establish operating & maintenance procedures and pre-start-up acceptance testing ye s 15 Decommission system

18 Pharmaceuticals Process Engineering First Stage of realisation of high-integrity safety instrumented systems Modified PHA Feeds into SRS Based on good process data & good process judgement.

19 Pharmaceuticals Process Chemistry Carius Tube test for decomposition Pressure Dewar Calorimetry Understanding of Exotherms Knowledge of onset temperatures {Chilworth}

20 Pharmaceuticals Process Engineering Good process judgement. Hazop Margins of safety

21 Pharmaceuticals Hazard identification, Interlock Identification Reactant being transferred in from Reactor 1 without agitation could accumulate & react in a sudden, violent manner. Reactor 2 Inlet valve 205 should OPEN only if agitator ON

22 Pharmaceuticals Hazard identification, Interlock Identification Simplified Technique. MIL Std 882

23 Pharmaceuticals Consequences Consequence of this is overpressure, loss of batch, over-temperature, possible destruction of vessel. 1 week downtime to recover. Fatality or Serious injury unlikely. Critical (C2)

24 Pharmaceuticals Occupancy factor Building is continually occupied (F2)

25 Pharmaceuticals Manual Avoidance factor There is quite a good chance of an operator observing that something is going wrong & intervening successfully. (P1)

26 Pharmaceuticals Unmitigated demand rate. Likely to occur once every 5 years. Occasional The process is DCS automated. DCS is not a SIS – no SIL rating. DCS control reduces frequency of Unmitigated Demand. (W2)

27 Pharmaceuticals x2? W3W2W1 P1 P2 P1 P2 F1 F2 F1 F2 C2 C3 C1 C4 Start Most risk Least risk x0? EN 954 Approach

28 Pharmaceuticals

29 Roche Consequences

30 Pharmaceuticals Roche ‘unmitigated’ demand rate.

31 Pharmaceuticals Instrument / Electrical Design Second Stage of realisation of high-integrity safety instrumented systems Modified Instrument design Modified Instrument Commissioning Feeds into SRS

32 Pharmaceuticals Safety integrity level SIL Hazard reduction factor HRF Demand mode of operationContinuous mode PFD (fractional) Availability A (fractional) Failure rate (failures per hr) >10 1 >10 2 >10 3 > to to to to to to to to to to to to Table 65-1

33 Pharmaceuticals Equipment implications SIL value is measure of quality of protection system, end to end. System has to be designed, specified, built and maintained to that standard. Proof testing at regular intervals Conformance assessment for safety systems

34 Pharmaceuticals PFD Calculation Simplified Equation ISA-TR Part 2 Equation B.34 – Rare event approximation “Adequate” for SIL 1 or 2, where the plant is well controlled, well maintained, understood process, conservative engineering with good mechanical integrity

35 Pharmaceuticals PFD Calc. Motion Sensor MTBF = Mean (Average) time between failures Information provided by vendor. MTBF = 86 Years

36 Pharmaceuticals PFD Calc. Motion Sensor Failures can be fail to danger (Falsely shows agitator moving)or fail to safe (Falsely shows agitator stopped) Aim of good design is to maximise fail to safe, minimise fail to danger. The failure mode split is the percentage in the fail to danger category. Failure mode split =.1 (SA estimate)

37 Pharmaceuticals PFD Calc. Motion Sensor Proof test interval = 1 year (8760 hours) Time between re-tests of the interlock. Need to be genuine tests

38 Pharmaceuticals PFD Calc. Motion Sensor 86 years * 8760 hours/year = 753,000 (MTBF in hours) = 1/ MTBF = 1.30 E-6 failures per hour FMS =.1 Proof test = 1 year (8760 hours) PFD(SS) = 1.30 E-6 *.1 * 1 * (8760/2) PFD(SS)=.0006

39 Pharmaceuticals PFD Calc. Barrier 6 MTBF = 4 Years Failure mode split =.4 Proof test interval = 1 year (8760 hours) = 1/ MTBF = 2.87 E-5 failures per hour PFD(B6) = 2.87 E-5 *.4 * 1 * (8760/2) PFD(B6)=.0500

40 Pharmaceuticals PFD Calc. Relay 5 MTBF = 100 Years Failure mode split =.01 Proof test interval = 1 year (8760 hours) = 1/ MTBF = 1.14 E-6 failures per hour PFD(R5) = 1.14 E-6 *.01 * 1 * (8760/2) PFD(R5)=.00005

41 Pharmaceuticals PFD Calc. Main Barrier MTBF = 10 Years Failure mode split =.9 Proof test interval = 1 day (24 hours) = 1/ MTBF = 1.14 E-5 failures per hour PFD(MB) = 1.14 E-5 *.9 * 1 * (24/2) PFD(MB)=

42 Pharmaceuticals PFD Calc. Solenoid MTBF = 10 Years Failure mode split =.4 Proof test interval = 1 day (24 hours) = 1/ MTBF = 1.14 E-5 failures per hour PFD(SOL) = 1.14 E-5 *.4 * 1 * (24/2) PFD(SOL)=.00006

43 Pharmaceuticals PFD Calc. Valve & Actuator MTBF = 10 Years Failure mode split =.2 Proof test interval = 1 day (24 hours) = 1/ MTBF = 1.14 E-5 failures per hour PFD(VA) = 1.14 E-5 *.2 * 1 * (24/2) PFD(VA)=.00003

44 Pharmaceuticals PFD Calc. Overall PFD(VA)= PFD(SOL)= PFD(MB)= PFD(R5)= PFD(B6)=.0500 PFD(SS)=.0006 PFD =.052 => SIL 1

45 Pharmaceuticals Barrier Instrument Relay Logic ∑ PFD = 10% SIL 1 Limit ∑ PFD = 1% SIL 2 Limit Overall PFD Mapping Valve Barrier

46 Pharmaceuticals PFD Calc. Issues Elements in series: U SYS  Ui Elements in parallel: U SYS  Ui -17 Common cause failure: SYS = IND + . MAX -18 Voting systems: U KOON  n.U k -19 For more complex systems – Fault Tree Analysis using ISA-TR Part 3. “Probabilistic Risk Assesment” – Henley, E J

47 Pharmaceuticals Design issues Roche have decided that valve & actuator may be shared for SIL 1 only. SIS & BPCS share barrier, solenoid, actuator & Valve. This is not recommended Solenoid has local SMO, which might be OK for normal operation, but not for SIS.

48 Pharmaceuticals Design issues

49 Pharmaceuticals Design issues ##### ####-# type barrier not recommended (TTL Logic switching – independent energy source) No clear indication on loop sheet or in field of safety critical nature of instruments

50 Pharmaceuticals Design issues Design of periodic re-test method is the instrument designers responsibility. This would help facilitate periodic testing Loop sheet to indicate safety critical nature of instruments

51 Pharmaceuticals Improvement suggestions SIS to actuate solenoid in panel, which controls air supply to Shutoff Valve & Control Valve High energy panel mount solenoid, not IS pilot operated solenoid => more ‘suitable’ for SIS Control Valve should have positioner suitable for SIS

52 Pharmaceuticals Loop sheet modifications

53 Pharmaceuticals Commissioning Aspects IQ / OQ + Proof testing of the safety function Validation of the retest method Loop sheet to indicate safety critical nature of instruments Field marking

54 Pharmaceuticals Machine / Package Design Supplier might have correctly designed safety Engineering. That does not mean it reaches standard. Modified Instrument/Electrical design Modified Instrument/Electrical Commissioning Feeds into SRS

55 Pharmaceuticals Machine / Package Design E Ex d motor – Surface temperature limits Variable Speed Drive. Never below 10 Hz Always with Thermistor Protection

56 Pharmaceuticals Machine / Package Design

57 Pharmaceuticals Machine / Package Design Thermistor Relay

58 Pharmaceuticals Maintenance Vital part of ensuring safety function remains intact. Will have to retest interlocks on a periodic basis. Will need to follow methods set out during Instrument/Electrical design stage. Care required in effecting changes to the loop when in use.

59 Pharmaceuticals Safety Requirements Spec Document which brings together the design thread. Started by the Process Engineering group Continued by the Instrument / Electrical engineering group Reviewed by Safety Engineering group. Live document until pre-start safety review.

60 Pharmaceuticals New skills Different way of thinking Defence in Depth Layers of Protection Risk Analysis Basic Statistics Fault Tree Analysis

61 Pharmaceuticals 6 June 1967

62 Pharmaceuticals

63

64


Download ppt "Pharmaceuticals IEC-61508 Implementing a Compliance Program Motivation Education Implementation."

Similar presentations


Ads by Google