Accelerometer mod. TA18-S. SIL Safety Report

Similar documents
Transmitter mod. TR-A/V. SIL Safety Report

Transducer mod. T-NC/8-API. SIL Safety Report

Safety Manual OPTISWITCH series relay (DPDT)

Safety Manual VEGAVIB series 60

Safety Manual VEGAVIB series 60

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

SIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

Bespoke Hydraulic Manifold Assembly

Solenoid Valves For Gas Service FP02G & FP05G

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

YT-3300 / 3301 / 3302 / 3303 / 3350 / 3400 /

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

Solenoid Valves used in Safety Instrumented Systems

Hydraulic (Subsea) Shuttle Valves

Functional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards

Understanding safety life cycles

This manual provides necessary requirements for meeting the IEC or IEC functional safety standards.

Achieving Compliance in Hardware Fault Tolerance

SPR - Pneumatic Spool Valve

YT-300 / 305 / 310 / 315 / 320 / 325 Series

RESILIENT SEATED BUTTERFLY VALVES FUNCTIONAL SAFETY MANUAL

Section 1: Multiple Choice Explained EXAMPLE

Section 1: Multiple Choice

Ultima. X Series Gas Monitor

Safety manual for Fisher GX Control Valve and Actuator

Safety Manual VEGASWING 61, 63. NAMUR With SIL qualification. Document ID: 52084

High Integrity Pressure Protection Systems HIPPS

Vibrating Switches SITRANS LVL 200S, LVL 200E. Safety Manual. NAMUR With SIL qualification

Neles ValvGuard VG9000H Rev 2.0. Safety Manual

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

DeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual

Commissioning and safety manual

Safety-critical systems: Basic definitions

Rosemount 2130 Level Switch

Failure Modes, Effects and Diagnostic Analysis

New Thinking in Control Reliability

DeZURIK. KGC Cast Knife Gate Valve. Safety Manual

Special Documentation Proline Promass 80, 83

TRI LOK SAFETY MANUAL TRI LOK TRIPLE OFFSET BUTTERFLY VALVE. The High Performance Company

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

DeZURIK. KSV Knife Gate Valve. Safety Manual

Failure Modes, Effects and Diagnostic Analysis

What safety level can be reached when combining a contactor with a circuitbreaker for fail-safe switching?

Continuous Gas Analysis. ULTRAMAT 6, OXYMAT 6 Safety Manual. Introduction 1. General description of functional safety 2

THE IMPROVEMENT OF SIL CALCULATION METHODOLOGY. Jinhyung Park 1 II. THE SIL CALCULATION METHODOLOGY ON IEC61508 AND SOME ARGUMENT

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No.

Session: 14 SIL or PL? What is the difference?

Failure Modes, Effects and Diagnostic Analysis

H250 M9 Supplementary instructions

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511

Neles trunnion mounted ball valve Series D Rev. 2. Safety Manual

Jamesbury Pneumatic Rack and Pinion Actuator

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

EL-O-Matic E and P Series Pneumatic Actuator SIL Safety Manual

The IEC61508 Operators' hymn sheet

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508

Functional Safety SIL Safety Instrumented Systems in the Process Industry

Rosemount 2120 Level Switch

High performance disc valves Series Type BA, BK, BW, BM, BN, BO, BE, BH Rev Safety Manual

Understanding the How, Why, and What of a Safety Integrity Level (SIL)

Valve Communication Solutions. Safety instrumented systems

Implementing IEC Standards for Safety Instrumented Systems

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

SIL Safety Manual for Fisherr ED, ES, ET, EZ, HP, or HPA Valves with 657 / 667 Actuator

Service & Support. Questions and Answers about the Proof Test Interval. Proof Test According to IEC FAQ August Answers for industry.

Partial Stroke Testing. A.F.M. Prins

PL estimation acc. to EN ISO

Failure Modes, Effects and Diagnostic Analysis

The Key Variables Needed for PFDavg Calculation

Failure Modes, Effects, and Diagnostic Analysis of a Safety Device

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis

innova-ve entrepreneurial global 1

COMPLIANCE with IEC EN and IEC EN 61511

Every things under control High-Integrity Pressure Protection System (HIPPS)

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System (HIPPS) to IEC 61511

CHANGE HISTORY DISTRIBUTION LIST

Session One: A Practical Approach to Managing Safety Critical Equipment and Systems in Process Plants

Specifications and information are subject to change without notice. Up-to-date address information is available on our website.

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Special Documentation Liquiphant M/S with electronic insert FEL56 + Nivotester FTL325N

Session Fifteen: Protection Functions as Probabilistic Filters for Accidents

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems

REASSESSING FAILURE RATES

GasSense NDIR User Manual

IGEM/SR/15 Edition 5 Communication 1746 Integrity of safety-related systems in the gas industry

Positioner type Smart Valve Positioner with diagnostic functions. Presented By: Mr. Gourishankar Saharan. Product management Jens Bargon / V42

C. Mokkapati 1 A PRACTICAL RISK AND SAFETY ASSESSMENT METHODOLOGY FOR SAFETY- CRITICAL SYSTEMS

Safety-critical systems: Basic definitions

Safety Manual. Searchpoint Optima Plus

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

PROCEDURE. April 20, TOP dated 11/1/88

Functional Example CD-FE-I-029-V30-EN Safety-related controls SIRIUS Safety Integrated

Transcription:

Accelerometer mod. TA18-S SIL Safety Report SIL005/11 rev.1 of 03.02.2011 Page 1 of 7

1. Field of use The transducers are made to monitoring vibrations in systems that must meet particular technical safety requirements according to IEC 61508. Operating limit values are shown in the specification sheets for the single models. 2. Acronyms and abbreviations Acronym Abbrev. English Description HFT MTBF MTTR PFD PFD AVG PFH AVG SIL SFF Low demand mode DCS LRV URV Hardware Fault Tolerance Tolerance of hardware faults of the device. The ability of a functional unit to perform the function requested even if an error or a deviation occurs. Mean time between two faults. Mean Time Between Failures Mean Time To Mean time between the moment an error appears in a Repair device and the time of repair. Probability of The probability of dangerous faults of a safety function Failure on Demand Average Probability The average probability of dangerous faults of a safety of Failure on function in case of need Demand Average Probability The average probability of dangerous faults of a safety of Failure per Hour function per hour Safety Integrity The international regulation IEC 61508 defines four socalled discreet integrity levels associated with Safety Level Integrity Levels (SIL 1 - SIL 4). Each level corresponds to an interval of probability per fault of a safety function. When the Safety Integrity Level increases on safety system, the probability that they will fail to perform the required functions decreases. Safe Failure Part of a non-hazardous fault, or rather a fault without the Fraction potential to bring the safety system to a hazardous or unallowed state. Low demand mode Type of measurement with low demand operation Type of operation of measurement in which the demand rate for a safety system is not greater than once a year, and it is not greater than twice the frequency of the repeated control. Distribuited Control Control system used in industrial applications to oversee System and monitor remote devices. Lower Range Value Zero value of the measurement field Upper Range Value Span of the measurement field SIL005/11 rev.1 of 03.02.2011 Page 2 of 7

3. Regulations in force Standard IEC 61508 parts 1-7: Functional safety of electrical/electronic/programmable electronic safety-related systems. 4. Other applicable documentation In addition to the SIL safety standards, it is necessary to consider the following documentation: Specification TA-18S All documents are available in Italian and English. The use of the product is responsible for complying with current laws and standards. 5. Terms and Definitions Term Dangerous faults Safety system Safety function Definition A fault with the potential to bring the safety system to a hazardous or non-functional state. System that can perform safety functions to reach or maintain a system in safe conditions. Function defined or performed by a safety system with the objective of reaching or maintaining a safe status of the plant, in consideration of a pre-defined hazardous event. 6. Safety function TA-18S transducers generate an electrical signal that is proportionate to the acceleration of a vibration with sensitivity of 100 mv/g, according to the specification sheet. Transducers perform their function by means of piezo-electric transducers, without using any software. No self-diagnostic functions are envisaged. Limits of precision and safety are reported in the specification sheets. SIL005/11 rev.1 of 03.02.2011 Page 3 of 7

7. Controls The safety function of the entire safety circuit must be assessed regularly according to IEC 61508. Assessment intervals are established in the calculations of the individual safety circuits of a plant. The owner is responsible for selecting the type of assessment and the time intervals for the designated period of time. Follow these instructions to verify the safety function of the transducers: 1-Switch on the transducer 2-Verify with transducer stopped that output bias is correct (about 10Vdc) 3-Verify simply by shaking the transducer that it is powered with a. c. voltage. Broken transducers must be sent to our assistance department, with indications of the type of fault and its possible cause. 8. Configuration The transducer is delivered already configured and tested according to the specifications indicated in the customer s order. Before commissioning the transducer as part of the safety function, check the configurations to make sure it guarantees the function of the safety system. Verify that the right transducer is installed on the right measuring point. Since there are no modifiable configuration parameters, the safety function is guaranteed by the original configuration. 9. IEC 61508 proven in use IEC61508-2 7.4.7.6 A previously developed subsystem shall only be regarded as proven in use when it has a clearly restricted functionality and when there is adequate documentary evidence which is based on the previous use of a specific configuration of the subsystem (during which time all failures have been formally recorded, see 7.4.7.10), and which take into accountany additional analysisor testing, as required (see 7.4.7.8). The documentary evidence shall demonstrate that the likelihood of any failure of the subsystem (due to random hardware and systematic faults) in the E/E/PE safety-related system is low enough so that the required safety integral level(s) of the safety function(s) which use the subsystem is achieved For a device that can be considered as proven-in-use, it is necessary to keep in mind the volume of operating experience. TA-18S transducers were introduced on the market in the year 2003; since then, substantial revisions have never been done on the project. SIL005/11 rev.1 of 03.02.2011 Page 4 of 7

From the sale data and the data regarding repair history, it is clear that 2044 units were sold in the five-year period 2006-2010. To calculate faults, only the operative hours during the guarantee period are taken into consideration, because after this, they are no longer reported. Operative hours total 17,905,440 and this amount is deemed sufficient, considering the low complexity of the transducer and the use in SIL 2 applications. The following faults were shown from the operation experience: Year Systemic Faults Random Faults Faults Total Faults non measurable* Measurable 2006 0 3 17 3 2007 0 2 4 2 2008 0 1 3 1 2009 0 1 3 1 2010 0 1 12 1 Total 8 *Faults due to falls or mechanical collisions, for example Since there is no evidence that all faults in the guarantee period were reported, we assume that only 70% of these were regularly reported, thus calculating an estimated number of faults at 8/0.7=11.42 which is then rounded up to 12. From this, we obtain a failure rate of 6.70E-7 [1/h]. Since IEC 61508 requires the calculation with confidence limit of 70% we obtain 8.69E-7 [1/h]. IEC61508-2 7.4.7.7 The documentary evidence required by 7.4.7.6 shall demonstrate that the previous conditions of use (see note) of the specific subsystem are the same as, or sufficiently close to, those which will be experienced by the subsystem in the E/E/PE safety-related system, in order to determine that the likelihood of any unrevealed systematic faults is low enough so that the required safety integrity level(s) of the safety function(s) which use the subsistem is achieved. NOTE The conditions of use (operational profile) include all the factors which may influence the likelihood of systematic faults in the hardware and software of the subsystem. For exemple, environment, modes of use, functions performed, configuration, interfaces to other systems, operating system, translator, human factors. TA-18S transducers have always been used in similar applications under similar environmental conditions. Therefore, if they are used within the parameters listed in the specifications, the clause is complied with. IEC61508-2 7.4.7.8 Where there is any difference between the previous conditions of use and those which will be experienced in the E/E/PE safety-related system, then any such difference(s) shall be identified and there shall be an explicit demonstration, using a combination of appropriate analytical methods and testing, in order to determine that the likelihood of any unrevealed systematic SIL005/11 rev.1 of 03.02.2011 Page 5 of 7

faults is low enough so that the required safety integrity level(s) of the safety function(s) which use the subsystem is achieved. Since there is no difference between the previous uses of the TA-18S transducer and the expected conditions of use, the clauses is considered complied with. IEC61508-2 7.4.7.9 The documentary evidence required by 7.4.7.6 shall establish that the extent of previous use of the specific configuration of the subsystem (in term of operational hours), is sufficient to support the claimed rates of failure on a statistical basis. As a minimum, sufficient operational time is required to establish the claimed failure rate data to a single side lower confidence limits of at least 70% (see IEC 61508-7, annex D and IEEE 352). An operational time of any individual subsystem of less then one year shall not be considered as a part of the total operational time in the statistical analysis (see note). NOTE The necessary time, in term of operational hours, required to establish the claimed rates of failure may result from the operation of a number of identical subsystem, provided that failures from all the subsystem have been effectively detected and reported (see 7.4.7.10). If, for example, 100 subsystem each work fault-free for 10.000 h, then the total time of fault-free operation may be considered as 1,000,000 h. In this case, each subsystem has been in use for over a year and the operation therefore counts towards the total number of operational hours considered. As mentioned in point 7.4.7.6, the number of operative hours is deemed sufficient, due to the relative simplicity of the transducer and the use for SIL 2. Also, a confidence limit of 70% is considered. IEC61508-2 7.4.7.10 Only previous operation where all failure of the subsystem have been effectively detected and reported (for example, when failure data has been collected in accordance with the recommendation of IEC 60300-3-2) shall be taken into account when determining whether the above requirement (7.4.7.6 to 7.4.7.9) have been met. As mentioned in 7.4.7.6, considering unrealistic the hypothesis that all faults were reported, only the guarantee period was considered, estimating that the reports made accounted for 70% of the actual failures. These precautionary assessments lead us to believe that the clause was complied with. IEC61508-2 7.4.7.11 The following factors shall be taken into account when determining whether or not the above requirements (7.4.7.6 to 7.4.7.9) have been met, in terms of both the coverage and the degree of detail of the avaible information (see also 4.1 of IEC 61508-1): a-the complexity of the subsystem; b-the contribution made by the subsystem to the risk reduction; SIL005/11 rev.1 of 03.02.2011 Page 6 of 7

c-the consequence associated with a failure of the subsystem; d-the novelty of design. All factors listed in the standard were considered in this assessment. IEC61508-2 7.4.7.12 The application of a proven-in-use safety related subsystem in the E/E/PE safety related system should be restricted to those functions and interfaces of the subsystem which meet the relevant requirements (see 7.4.7.6 to 7.4.7.10). NOTE The measures 7.4.7.4 to 7.4.7.12 are also applicable for subsystem which contain software. In this case it has to be assured that the subsystem performs in its safety related application only that function for which evidence of the required safety integrity is given. See also 7.4.2.11 of IEC 61508-3. The TA-18S transducer does not contain software and is used exclusively in the conditions of the present proven-in-use report. Therefore, the clause has been complied with. 10. Conclusions The following table shows the SIL levels in the various conditions of PFD AVG and PFH AVG : Safety Integrity Level (SIL) Average Probability of Failure on Demand PFD AVG Average Probability of Failure per Hour PFH AVG SIL 4 10-5 x 10-4 10-9 x 10-8 SIL 3 10-4 x 10-3 10-8 x 10-7 SIL 2 10-3 x 10-2 10-7 x 10-6 SIL 1 10-2 x 10-1 10-6 x 10-5 Having obtained a PFH AVG value equal to 8.69E-7 it is deemed to correct to use this device for SIL 2 applications. Mandello del Lario, 03 February 2010 CEMB S.P.A. Instrumentation Division Manager ( Enrico Coti Zelati) SIL005/11 rev.1 of 03.02.2011 Page 7 of 7

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback