Presentation is loading. Please wait.

Presentation is loading. Please wait.

Your Safety, Our Future.

Published byJanel Dean Modified over 6 years ago

Similar presentations

Presentation on theme: "Your Safety, Our Future."— Presentation transcript:

1 Your Safety, Our Future

2 ISA Safety Seminar IEC61508-61511 Presentation April 2006
SAFETY, CONTROL & AUTOMATION SYSTEMS 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

3 or What To Ask Your Vendors and You by Ian Parry - Hima Sella Ltd
IEC / 61511 THE QUESTIONS TO ASK or What To Ask Your Vendors and You by Ian Parry - Hima Sella Ltd Colin Howard - Istech Consulting Ltd 04/04/2006 ISA Safety Seminar IEC Presentation April 2006 1

4 ISA Safety Seminar IEC61508-61511 Presentation April 2006
Background We assume for this presentation you are aware of and understand IEC61508/61511 International Standard Out for 6 years ( principles for Safety have been around for 30+) yrs. Now being revised Still having Problems Not with the Standard but with it’s application Hardware requirements are well covered in but Software still leaves large questions to be answered 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

5 ISA Safety Seminar IEC61508-61511 Presentation April 2006
Responsibility Everyone. Owner / Operator / Designer / Constructor / Integration / System Supplier / Device Suppliers Everyone has a requirement to supply documentation and figures supporting the system in use. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

6 ISA Safety Seminar IEC61508-61511 Presentation April 2006
Questions The Following questions need to be asked of everyone. Only some of them will need to be answered by others!!!! I.e You have a response to all the first set of questions But how much information you need is dependent on your responsibility. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

7 ISA Safety Seminar IEC61508-61511 Presentation April 2006
The First Set a) What Overall SIL has been determined by the HAZOP for each Safety Integrity Function b) What External risk reduction ( or other Technologies) is applicable for each Safety Integrity Function c) What SIL level has been allocated to the E/E/PES system to provide the risk reduction to enable the required defined overall risk reduction to be met. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

8 ISA Safety Seminar IEC61508-61511 Presentation April 2006
The Second Set E/E/PES system responsibilities a) Total system including the field devices i.e. from transmitter manifold to the final valve b) Logic Solver - terminal to terminal c) Logic Solver - hardware only d) Who provides the field devices 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

9 ISA Safety Seminar IEC61508-61511 Presentation April 2006
The Third Set a) Who has the responsibility for the calculations for the E/E/PES system as required by IEC / 61511 b) Who has the responsibility for sourcing the information required for the calculations c) What has been determined from the HAZOP for the Demand Rate d) From the operator / owner, What is the preferred Test Interval e) Field device suppliers to provide the required device figures - see later f) Logic system suppliers / integrators to supply the required figures - see later g) If no information on a device is available from suppliers - from where is the information to be obtained or derived and who is to derive the information. h) How will the System components - Logic solver , field devices etc. be tested in service. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

10 ISA Safety Seminar IEC61508-61511 Presentation April 2006
The Fourth Set What information is required for each device or sub system or system a) Hardware Fault Tolerance - HFT as per Tables 2 & 3 of Part 2 b) Safe Failure Fraction - SFF c) Mean time to repair - MTTR What value has been used in each of the calculations d) Probability of Failure on Demand - PFD (or PFDAVG) e) Probability of Failure to Danger per Hour - PFH f) Fail Safe failure detected - λsd g) Fail Safe failure undetected - λsu h) Fail to Danger Detected - λdd action needs to be taken to go to fail nsafe state i) Fail to Danger undetected - λdu j) Test Interval used for calculations Note even if the SFF is advised then f), g) ,h) and i) will still be required 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

11 ISA Safety Seminar IEC61508-61511 Presentation April 2006
How to ease the load when starting. For the logic solvers and overall loops pick the worst case loop, i.e worst case Transmitter, barrier, logic solver path, output valve and do the loop calculation. If this value is used in the first pass of the calculations then you have a quick method of identifying the problems loops where you need to do more reviews to ensure you meet the requirements. Typically it is the field devices that cause the problem. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

12 SIL1 SIL2 SIL3 Throughout the whole lifecycle of the system? Pfd = 0.1
Performance Orders Pfd = 0.1 Pfd = 0.01 Pfd = 0.001 Pfd = SIL1 SIL2 SIL3 Order of magnitude increases in performance requirement Can your procedures and practices for: Design; Maintenance; Operations; Performance monitoring; Competence demonstrate equivalent increases in rigour? Throughout the whole lifecycle of the system? 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

13 ISA Safety Seminar IEC61508-61511 Presentation April 2006
04/04/2006 ISA Safety Seminar IEC Presentation April 2006

14 ISA Safety Seminar IEC61508-61511 Presentation April 2006
Not IEC 61508 IEC 61508 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

15 ISA Safety Seminar IEC61508-61511 Presentation April 2006
HOW NOT TO DO IT Some pointers of the wrong way to confirm compliance. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

16 1) From a specification……
The plant will be shutdown on 23 days in the year …. The demand rate is years per demand A SIL3 system is required Would you accept the specification? Comments please 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

17 ISA Safety Seminar IEC61508-61511 Presentation April 2006
2) A proposed design….. 1oo2 trips on: Bearing temperature,Vibration; 1oo1 trip on displacement Gas Turbine Compressor 2oo3 trips on: Bearing temperature Vibration Displacement Suction Drum LSZ 1oo1 Trip On Level Process plant Would you accept this design proposal? 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

18 ISA Safety Seminar IEC61508-61511 Presentation April 2006
3) Take the MTFB / MTTF figure, convert it to a rate per hour and then allocated a %, say 20% to be the Fail to Danger Rate - If no information then you should use 50% but also what about HFT, SFF is also questionable, as you have decided what the figure is. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

19 ISA Safety Seminar IEC61508-61511 Presentation April 2006
4) Use of 3 standard non SIL transmitters in a SIL3 application as it has a HFT of 2. What is the SFF of the devices. Are they SMART transmitters raising the question on the integrity of the software. IEC61508 clearly shows that if you have 2 off SIL2 sub systems in a 1oo2 to trip configuration then the best they can achieve is SIL3, even 2oo3 only gives SIL3 ( HFT and SFF Table 2/3) What about common cause effects, this can cause 2oo3 SIL2 Tx’s may not meet SIL2. Most certified devices reports detail what different configurations will meet with respect to SIL levels. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

20 ISA Safety Seminar IEC61508-61511 Presentation April 2006
5) Devices provided with FMEA reports which provide PFD / PFH figures but the report specifically excludes any software coverage and thus it is difficult to use the devices. Or the report makes assumptions, i.e. a trip amplifier with relay outputs which the Logic Solver is required to monitor for failure of the relay. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

21 ISA Safety Seminar IEC61508-61511 Presentation April 2006
6) Concentration on the Logic Solver details when placing orders, but do not consider the field devices associated with the logic solver. This causes problems as the configurations of the field devices may need to be upgraded, if it is in fact possible to use the devices ordered, from 1oo1 to 1oo2 or even 2oo3 usually late in the project ( at FAT) delaying the project and costs overruns. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

22 ISA Safety Seminar IEC61508-61511 Presentation April 2006
7) Attention needs to be taken during the design stage to refer to maintenance regime and training requirements for the systems and also spares holdings. Calculations for the PFD and PFH requires the use of the MTTR, normally assumed to be 8 hrs i.e. a normal shift. It is possible to use 1 Hour in the calculations to give the answer you wish to show, so the MTTR figure used should be declared. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

23 ISA Safety Seminar IEC61508-61511 Presentation April 2006
8) Test intervals. Again short test intervals will improve the calculated figures but does not reflect the time and costs incurred by the maintenance teams. Also to be considered is the amount of time each device is not available to provide the protection when it is in test,calibration or maintenance. This can affect the SIL level applicable if you have to apply overrides for long periods per year just to maintain the field devices. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

24 ISA Safety Seminar IEC61508-61511 Presentation April 2006
9) Common Mode Failure. When using voting configurations it is important to validate and quantify the Common Mode Beta value applicable. If the Beta value is high say 10% then this can be the defining limit on the SIL level achievable. Indeed if you have a high BETA value then even a 2oo3 voting configuration may only meet SIL1 or 2 !!! 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

25 ISA Safety Seminar IEC61508-61511 Presentation April 2006
10) My supplier says the kit is good for SIL3 so why not design to SIL3? SIL 3 systems are very difficult to achieve in practice. If SIL 3 is specified, too much of the risk reduction is being taken by the instrumented system and not enough by other layers of protection. This indicates a need to review the risk assessment. Avoid the need for a SIL 3 or 4 system by introducing further layers of protection (other non-instrument measures) These will then take their share of the overall risk reduction. 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

26 ISA Safety Seminar IEC61508-61511 Presentation April 2006
Thank you for your attention If you have any questions? Please wait until the question time at the end of the presentations 04/04/2006 ISA Safety Seminar IEC Presentation April 2006

Download ppt "Your Safety, Our Future."

Similar presentations

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.

Integra Consult A/S Safety Assessment. Integra Consult A/S SAFETY ASSESSMENT Objective Objective –Demonstrate that an acceptable level of safety will.
Operation & Maintenance Engineering Detailed activity description

Operation & Maintenance Engineering Detailed activity description
IEC – IEC Presentation G.M. International Safety Inc.

IEC – IEC Presentation G.M. International Safety Inc.
IEC – IEC Presentation G.M. International s.r.l

IEC – IEC Presentation G.M. International s.r.l
Lecture 8: Testing, Verification and Validation

Lecture 8: Testing, Verification and Validation
Functional Safety Demystified

Functional Safety Demystified
NERC Lessons Learned Summary December 2014. NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.

NERC Lessons Learned Summary December NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.
1 Safety Instrumented Systems ANGELA E. SUMMERS, PH.D., P.E. SIS-TECH Solutions, LLC We’re Proven-in-Use.

1 Safety Instrumented Systems ANGELA E. SUMMERS, PH.D., P.E. SIS-TECH Solutions, LLC We’re Proven-in-Use.
5 december 2011 Living Probabilistic Asset Management Dr.ir. J.A. van den Bogaard.

5 december 2011 Living Probabilistic Asset Management Dr.ir. J.A. van den Bogaard.
SAE AS9100 Quality Systems - Aerospace Model for Quality Assurance

SAE AS9100 Quality Systems - Aerospace Model for Quality Assurance
Functional Safety Overview

Functional Safety Overview
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
Functional Testing Test cases derived from requirements specification document – Black box testing – Independent testers – Test both valid and invalid.

Functional Testing Test cases derived from requirements specification document – Black box testing – Independent testers – Test both valid and invalid.
CS 4310: Software Engineering

CS 4310: Software Engineering
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.
System Testing There are several steps in testing the system: –Function testing –Performance testing –Acceptance testing –Installation testing.

System Testing There are several steps in testing the system: –Function testing –Performance testing –Acceptance testing –Installation testing.
Introduction to ISO 15189 New and modified requirements.

Introduction to ISO New and modified requirements.
© Palaniappan R Kannan PMP.,CFSE 1 IEC 61508 Standard – What is it? IEC 61508 is a Standard for the functional safety of Electric / Electronic / Programmable.

© Palaniappan R Kannan PMP.,CFSE 1 IEC Standard – What is it? IEC is a Standard for the functional safety of Electric / Electronic / Programmable.
A 2-Hours Course In Gas Detection

A 2-Hours Course In Gas Detection
600T Safety Pressure Transmitters

600T Safety Pressure Transmitters

Similar presentations

Ads by Google