Understanding the How, Why, and What of a Safety Integrity Level (SIL)

Similar documents
Solenoid Valves used in Safety Instrumented Systems

Pneumatic QEV. SIL Safety Manual SIL SM Compiled By : G. Elliott, Date: 8/19/2015. Innovative and Reliable Valve & Pump Solutions

DeZURIK Double Block & Bleed (DBB) Knife Gate Valve Safety Manual

FP15 Interface Valve. SIL Safety Manual. SIL SM.018 Rev 1. Compiled By : G. Elliott, Date: 30/10/2017. Innovative and Reliable Valve & Pump Solutions

Solenoid Valves For Gas Service FP02G & FP05G

Bespoke Hydraulic Manifold Assembly

Section 1: Multiple Choice Explained EXAMPLE

DeZURIK. KGC Cast Knife Gate Valve. Safety Manual

Eutectic Plug Valve. SIL Safety Manual. SIL SM.015 Rev 0. Compiled By : G. Elliott, Date: 19/10/2016. Innovative and Reliable Valve & Pump Solutions

Failure Modes, Effects and Diagnostic Analysis

Hydraulic (Subsea) Shuttle Valves

DeZURIK. KSV Knife Gate Valve. Safety Manual

Section 1: Multiple Choice

SPR - Pneumatic Spool Valve

RESILIENT SEATED BUTTERFLY VALVES FUNCTIONAL SAFETY MANUAL

TRI LOK SAFETY MANUAL TRI LOK TRIPLE OFFSET BUTTERFLY VALVE. The High Performance Company

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Achieving Compliance in Hardware Fault Tolerance

Failure Modes, Effects and Diagnostic Analysis

This manual provides necessary requirements for meeting the IEC or IEC functional safety standards.

The Key Variables Needed for PFDavg Calculation

SIL explained. Understanding the use of valve actuators in SIL rated safety instrumented systems ACTUATION

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Safety manual for Fisher GX Control Valve and Actuator

Ultima. X Series Gas Monitor

Reliability of Safety-Critical Systems Chapter 3. Failures and Failure Analysis

Failure Modes, Effects and Diagnostic Analysis

Implementing IEC Standards for Safety Instrumented Systems

L&T Valves Limited SAFETY INTEGRITY LEVEL (SIL) VERIFICATION FOR HIGH INTEGRITY PRESSURE PROTECTION SYSTEM (HIPPS) Report No.

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, MN USA

Neles trunnion mounted ball valve Series D Rev. 2. Safety Manual

Jamesbury Pneumatic Rack and Pinion Actuator

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis

Rosemount 2130 Level Switch

New Thinking in Control Reliability

Proof Testing A key performance indicator for designers and end users of Safety Instrumented Systems

Safety Manual VEGAVIB series 60

Safety Manual VEGAVIB series 60

Safety Manual OPTISWITCH series relay (DPDT)

VALIDATE LOPA ASSUMPTIONS WITH DATA FROM YOUR OWN PROCESS

High performance disc valves Series Type BA, BK, BW, BM, BN, BO, BE, BH Rev Safety Manual

SIL Safety Manual for Fisherr ED, ES, ET, EZ, HP, or HPA Valves with 657 / 667 Actuator

Failure Modes, Effects and Diagnostic Analysis. Rosemount Inc. Chanhassen, Minnesota USA

Valve Communication Solutions. Safety instrumented systems

SIL Safety Manual. ULTRAMAT 6 Gas Analyzer for the Determination of IR-Absorbing Gases. Supplement to instruction manual ULTRAMAT 6 and OXYMAT 6

Functional safety. Functional safety of Programmable systems, devices & components: Requirements from global & national standards

Safety Manual. Process pressure transmitter IPT-1* 4 20 ma/hart. Process pressure transmitter IPT-1*

FULL STAINLESS STEEL EXPLOSION-PROOF SOLUTIONS OIL & GAS I OFFSHORE AND ONSHORE

REASSESSING FAILURE RATES

Failure Modes, Effects and Diagnostic Analysis

Every things under control High-Integrity Pressure Protection System (HIPPS)

Safety-critical systems: Basic definitions

Reliability of Safety-Critical Systems Chapter 4. Testing and Maintenance

PROCESS AUTOMATION SIL. Manual Safety Integrity Level. Edition 2005 IEC 61508/61511

Safety Manual VEGASWING 61, 63. NAMUR With SIL qualification. Document ID: 52084

Understanding safety life cycles

The IEC61508 Inspection and QA Engineer s hymn sheet

Special Documentation Proline Promass 80, 83

Accelerometer mod. TA18-S. SIL Safety Report

The Risk of LOPA and SIL Classification in the process industry

YT-3300 / 3301 / 3302 / 3303 / 3350 / 3400 /

Continuous Gas Analysis. ULTRAMAT 6, OXYMAT 6 Safety Manual. Introduction 1. General description of functional safety 2

Vibrating Switches SITRANS LVL 200S, LVL 200E. Safety Manual. NAMUR With SIL qualification

Rosemount 2120 Level Switch

High Integrity Pressure Protection Systems HIPPS

THE IMPROVEMENT OF SIL CALCULATION METHODOLOGY. Jinhyung Park 1 II. THE SIL CALCULATION METHODOLOGY ON IEC61508 AND SOME ARGUMENT

Analysis of Instrumentation Failure Data

Explaining the Differences in Mechanical Failure Rates: exida FMEDA Predictions and OREDA Estimations

EL-O-Matic E and P Series Pneumatic Actuator SIL Safety Manual

H250 M9 Supplementary instructions

Commissioning and safety manual

Knowledge, Certification, Networking

UNDERSTANDING SAFETY INTEGRITY LEVEL

Transmitter mod. TR-A/V. SIL Safety Report

Reliability of Safety-Critical Systems Chapter 10. Common-Cause Failures - part 1

Session: 14 SIL or PL? What is the difference?

Functional Safety SIL Safety Instrumented Systems in the Process Industry

CHANGE HISTORY DISTRIBUTION LIST

Neles ValvGuard VG9000H Rev 2.0. Safety Manual

The IEC61508 Project Manager's & Project Engineer's hymn sheet

CT433 - Machine Safety

What safety level can be reached when combining a contactor with a circuitbreaker for fail-safe switching?

PREDICTING HEALTH OF FINAL CONTROL ELEMENT OF SAFETY INSTRUMENTED SYSTEM BY DIGITAL VALVE CONTROLLER

Service & Support. Questions and Answers about the Proof Test Interval. Proof Test According to IEC FAQ August Answers for industry.

PL estimation acc. to EN ISO

What is Good Practice for the Proof Testing of Safety Instrumented Systems of Low Safety Integrity?

DETERMINATION OF SAFETY REQUIREMENTS FOR SAFETY- RELATED PROTECTION AND CONTROL SYSTEMS - IEC 61508

YT-300 / 305 / 310 / 315 / 320 / 325 Series

The IEC61508 Operators' hymn sheet

Session One: A Practical Approach to Managing Safety Critical Equipment and Systems in Process Plants

Safety Integrity Verification and Validation of a High Integrity Pressure Protection System (HIPPS) to IEC 61511

Instrumented Safety Systems

Transducer mod. T-NC/8-API. SIL Safety Report

Partial Stroke Testing. A.F.M. Prins

Transcription:

Understanding the How, Why, and What of a Safety Integrity Level (SIL) Audio is provided via internet. Please enable your speaker (in all places) and mute your microphone.

Understanding the How, Why, and What of a Safety Integrity Level (SIL) Audio is provided via internet. Please enable your speaker (in all places) and mute your microphone. There is a Q&A tab on the side of your screen. Please use this mechanism to type any questions you may have at any time. Questions will be read and answered. A recording of this session and a copy of the slides will be posted on the exida website and made available for you.

Abstract The certification process is thorough and provides instant recognition of product reliability, safety, and security that many end users are requesting certifications for products they buy to reduce liability and risk. Manufacturers, if they haven t already, are staying ahead of the requests by certifying their products. During the certification process a manufacturer may have a requirement to certify their product to a certain Safety Integrity Level (SIL) rating. This webinar will cover: What happens in an exida certification? How to find a safety integrity level How is SIL used? What this means for the manufacturer? What is SIL Capability? How to calculate SIL How to reach a certain rating Is there a way to improve a SIL rating?

Loren Stewart, CFSP Loren Stewart graduated from Virginia Tech with a BSME. She has 8 years of professional experience originating in custom design and manufacturing. She currently works for exida consulting as a safety engineer, focusing on the mechanical aspects of their customers. Along with assessing the safety of products and certifications, she continually researches and published reports on stiction and is creating a database for the 2H initiative according to IEC 61508.

exida Worldwide Locations 5

exida Industry Focus Automation Automotive Process Industry Nuclear 6

Main Product / Service Categories Consulting Process Safety (IEC 61511, IEC 62061, ISO 26262) Alarm Management Control System Security (ISA S99) Engineering Tools exsilentia (PHAx, SIL Selection LOPAx SRS SIL Verification) Safety Case FMEDA SILAlarm SILStat Product Certification Functional Safety (IEC 61508) Control System Cyber- Security Network Robustness (Achilles) Training Process Safety Control System Security Onsite Offsite Security Development Alarm Management Reference Materials Databases Tutorials Textbooks Reference Books Market Studies Professional Certification CFSE CFSP Includes: -Automotive -CACE/CACS -Hardware -Machinery -Process -Software CyberPHAx Processes - Products - People 7

exida Certification exida has established schemes for functional safety and cybersecurity certification of Systems, Products, Components, and Personnel. Functional Safety Certification involves a detailed analysis of both the engineering process and design margins resulting in random failure rate in all failure modes. Cybersecurity Certification involves a detailed analysis of the engineering process, cyber defense mechanisms, and network robustness. 8

Reference Materials exida authored most industry references for automation safety and reliability exida authored industry data handbook on equipment failure data exida authored the most comprehensive book on functional safety in the market 9

exsilentia PHAx (HAZOP) LOPAx Engineering Tools Layer of Protection database built-in SIL Selection Risk Matrix or Risk Graph Tolerable Frequency Basis Safety Requirements Specification SIL Verification Instrumentation failure database built-in Variables include reality test coverage, service Proof Test Generator Life Cycle Cost Analysis SILAlarm (Alarm Rationalization) SILStat (Field Failure Data Collection and Analysis) Proof Test & Maintenance Activity scheduling Process demand recording Failure recording CyberPHAx (Cyber Risk Assessment) 10

Topics What happens in an exida certification? How to find a safety integrity level How is SIL used? What this means for the manufacturer? What is SIL Capability? How to calculate SIL How to reach a certain rating Is there a way to improve a SIL rating?

WHAT HAPPENS IN AN EXIDA CERTIFICATION? 12

Certification Process 1. Kickoff Meeting 2. Perform FMEDA Analysis on Product 3. Creation of the Proven-In-Use Analysis 4. Process Analysis 5. Onsite audit 6. Certification Audit

IEC 61508 Full Certification The end result of the certification process is a certificate listing the SIL level for which a product is qualified and the standards that were used for the certification. However, we must understand that some products are certified with restrictions. The restrictions essentially indicate when a product does not meet some requirements of IEC 61508. The restrictions are listed in the safety manual and must be followed if safe operation is required. 14

HOW TO FIND A SAFETY INTEGRITY LEVEL 15

The SIL level of a product is determined by three things: 1. The Systematic Capability Rating 2. The Architectural Constraints for the element 3. The PFDavg calculation for the product. 16

Compliance Requirements SIL Capability Compliance Architectural Constraints Probability of Failure February 19, 2016 17

THE SYSTEMATIC CAPABILITY 18

The Systematic Capability Systematic Capability is established by having your quality management system audited per IEC 61508. If the QMS meets the requirements of 61508 a SIL Capability rating is issued. The rating achieved depends on the effectiveness of your QMS. The certificate is for the systematic capability of a product. 19

THE ARCHITECTURAL CONSTRAINTS 20

The Architectural Constraints Architectural constraints are established by following Route 1H or Route 2H. Route 1H involves calculating the Safe Failure Fraction for the element. A valve is typically one component of the final element of a safety instrumented function (SIF). 21

Architectural Constraints from FMEDA Results Route 1 H - Safe Failure Fraction (SFF) according to 7.4.4.2 of IEC 61508. Safe Failures Safe + Dangerous Failures Route 2 H - Assessment of the reliability data for the entire element according to 7.4.4.3.3 of IEC 61508. 22

Route 1 H TYPE A Safe Failure Fraction Hardware Fault Tolerance 0 1 2 < 60% SIL1 SIL2 SIL3 60% < 90% SIL2 SIL3 SIL4 90% < 99% SIL3 SIL4 SIL4 > 99% SIL3 SIL4 SIL4 Hardware Fault Tolerance = 1 (61508) The quantity of failures that can be tolerated while maintaining the safety function. 23

Route 2 H Table Type A Low Demand Applications Hardware Fault Tolerance 0 1 2 SIL2 SIL3 SIL4 Type B elements using Route 2 H shall have a diagnostic coverage not less than 60%. 24

THE PFDAVG CALCULATION 25

The PFDavg calculation The PFDavg is based on the dangerous failure rate, system diagnostics, proof test coverage and test intervals. Typically, a final element assembly will have a PFDavg the only meets SIL 1. However, there are things that can be done with the diagnostics and proof test that would improve the PFDavg to SIL 2. 26

HOW IS SIL USED? 27

Safety Integrity Level Used FOUR ways: Safety Integrity Level SIL 4 SIL 3 SIL 2 SIL 1 1. To establish risk reduction requirements 2. Probabilistic limits for hardware random failure 3. Architectural constraints 4. To establish systematic capability 28

TO ESTABLISH RISK REDUCTION 29

Example of Risk Reduction PHA Determines that a specific hazard can occur every 10 years causing a major release of toxic fumes into the atmosphere. Determine the RRF for the hazard to occur once in 500 years. RRF = 500/10 = 50 30

Safety Integrity Level Safety Integrity Level Risk Reduction Factor SIL 4 SIL 3 SIL 2 SIL 1 100000 to 10000 10000 to 1000 1000 to 100 100 to 10 1. Each safety function has a requirement to reduce risk. SIL level - Order of magnitude level of risk reduction required 31

TO SET PROBABILISTIC LIMITS FOR HARDWARE RANDOM FAILURE 32

Safety Integrity Levels Random Failure Probability Safety Integrity Level Probability of failure on demand (Demand mode of operation) SIL 4 SIL 3 SIL 2 SIL 1 >=10-5 to <10-4 >=10-4 to <10-3 >=10-3 to <10-2 >=10-2 to <10-1 2. To set probabilistic limits for hardware random failure 33

Random Failure Probability Factors 1. Dangerous Undetected Failure Rate (FMEDA) 2. Proof Test Coverage 3. Proof Test Interval 4. Mission Time PFDavg = (PTC)*DU*TI/2 + (1-PTC)*DU*MT/2 Where PTC = Proof Test Coverage DU = Dangerous Undetected Failures TI = Proof Test Interval MT= Mission Time 34

Random vs. Systematic Faults Random Failures A failure occurring at a random time, which results from one or more of degradation mechanisms. Systematic Failures A failure related in a deterministic way to a certain cause, which can only be eliminated by a modification of the design or of the manufacturing process, operational procedures, documentation, or other relevant factors.

Random vs. Systematic Faults Specification of requirements, design, implementation Well Designed System, the system is correct Random Failure The system is not correct Systematic Fault Improperly Designed System, the system is not correct The system has a failure

Stress Strength: Failures All failures occur when stress exceeds the associated level of strength. Stress is usually a combination of "stressors." Heat Humidity Shock Vibration Electrical Surge Electro-Static Discharge Radio Frequency Interference Mis-calibration Maintenance Errors Operational Errors

Stress - Strength: Failures 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 Stress Strength 0.1 0 Strength varies with time and with other stress. Stress also varies with time. However they can be represented by probability distributions.

Stress - Strength: Failures 1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 At some point in time, Strength decreases and the failure rate increases rapidly this causes wear-out.

Stress - Strength: Failures 0.025 0.02 Failure rate 0.015 0.01 0.005 0 1 101 201 301 401 501 601 Time Stress-strength explains how failure rates vary with time. 701 801 Weak units from a production population fail early. This portion of the curve is known as infant mortality. When weak units are eliminated from the population stress-strength indicates a steady but declining failure rate. When strength declines, the failure rate increases significantly.

Stress - Strength: Failures Failure rate 0.025 0.02 0.015 0.01 0.005 Area where IEC 61508 is applied Useful Life in listed in Safety Manuals End of Useful Life 0 1 101 201 301 401 501 601 701 801 Time Note: Constant Failure Rate during Useful Life

Terms Low Demand Mode Where the frequency of demands for operation made on a safetyrelated system is no greater than one per year and no greater than twice the proof test frequency; Part 4, 3.5.12 If the ratio of diagnostic test rate to demand rate exceeds 100, then the subsystem can be treated... As low demand mode..., Part 2, 7.4.3.2.5 Note 2..the diagnostic test interval will need to be considered directly in the reliability model if it is not at least an order of magnitude less than the expected demand rate, Part 2, 7.4.3.2.2, Note 3 exida definition: A dangerous condition (a demand) occurs infrequently and at least 2X less often than manual proof testing. [Therefore proof testing can be given credit for risk reduction.]

Safety Integrity Levels Low Demand Random Failure Probability Safety Integrity Level Probability of failure on demand (Demand mode of operation) SIL 4 SIL 3 SIL 2 SIL 1 >=10-5 to <10-4 >=10-4 to <10-3 >=10-3 to <10-2 >=10-2 to <10-1

Safety Integrity Levels High Demand Random Failure Probability Safety Integrity Level Probability of dangerous failure per hour (Continuous mode of operation) SIL 4 SIL 3 SIL 2 SIL 1 >=10-9 to <10-8 >=10-8 to <10-7 >=10-7 to <10-6 >=10-6 to <10-5 High Demand Mode Where the frequency of demands for operation made on a safety-related system is greater than twice the proof check frequency;

ARCHITECTURAL CONSTRAINTS 45

SFF Product Types TYPE A A subsystem can be regarded as type A if, for the components required to achieve the safety function a) the failure modes of all constituent components are well defined; and b) the behavior of the subsystem under fault conditions can be completely determined; and c) there is sufficient dependable failure data from field experience to show that the claimed rates of failure for detected and undetected dangerous failures are met. TYPE B everything else! IEC 61508, Part 2, Section 7.4.3.1.2

IEC Safe Failure Fraction TYPE A Low Demand Applications Safe Failure Fraction Hardware Fault Tolerance 0 1 2 < 60% SIL1 SIL2 SIL3 60% < 90% SIL2 SIL3 SIL4 90% < 99% SIL3 SIL4 SIL4 > 99% SIL3 SIL4 SIL4 Hardware Fault Tolerance = 1 (61508) The quantity of failures that can be tolerated while maintaining the safety function.

Route 2 H Table Type A Low Demand Applications Hardware Fault Tolerance 0 1 2 SIL2 SIL3 SIL4 Type B elements using Route 2 H shall have a diagnostic coverage not less than 60%. 48

IEC Safe Failure Fraction TYPE B Safe Failure Fraction Hardware Fault Tolerance 0 1 2 < 60% Not Allowed SIL1 SIL2 60% < 90% SIL1 SIL2 SIL3 90% < 99% SIL2 SIL3 SIL4 > 99% SIL3 SIL4 SIL4 Hardware Fault Tolerance = 1 (61508) The quantity of failures that can be tolerated while maintaining the safety function.

TO ESTABLISH SYSTEMATIC CAPABILITY 50

Safety Integrity Level Safety Integrity Level SIL 4 SIL 3 SIL 2 SIL 1 3) To establish systematic capability The equipment used to implement any safety function must be designed using procedures intended to prevent systematic design errors. The rigor of the required procedure is a function of SIL level.

Safety Integrity Levels Safety Integrity Level Probability of failure on demand (Demand mode of operation) Risk Reduction Factor SIL 4 SIL 3 SIL 2 SIL 1 >=10-5 to <10-4 >=10-4 to <10-3 >=10-3 to <10-2 >=10-2 to <10-1 100000 to 10000 10000 to 1000 1000 to 100 100 to 10

Safety Integrity Levels Safety Integrity Level SIL 4 SIL 3 SIL 2 SIL 1 Probability of dangerous failure per hour (Continuous mode of operation) >=10-9 to <10-8 >=10-8 to <10-7 >=10-7 to <10-6 >=10-6 to <10-5

61508 Annexes: Tables All Numbered Measures Are Required (No Pick and Choose) All Sub-alphabetized Measures are substitutable and partly combinable Technical / Measure SIL2 SIL3 1 Fault detection and diagnosis R HR 2 Error detecting and correcting codes R R 3a Failure assertion programming R R 3b Safety bag techniques R R 3c Diverse programming R R R - Recommended (Not using the measure requires a Ra4onale) HR - Highly Recommended (MUST)

COMPLETE COMPLIANCE 55

IEC 61508 Full Certification 56

Compliance Requirements SIL Capability Compliance Architectural Constraints Probability of Failure February 19, 2016 57

EXAMPLE 58

exsilentia Example 59

exsilentia Example 60

HOW CAN I IMPROVE MY SIL? 61

How can I improve my SIL? SIL Capability Compliance Architectural Constraints Probability of Failure 1. Improve SIL Capability 2. Improve Architectural Constraints 3. Improve PFDavg 62

How can I improve my SIL? 1. Improve SIL Capability Improve effectiveness of internal quality management 2. Improve Architectural Constraints 1oo2 2oo3 Change your Hardware Fault Tolerance 3. Improve PFDavg Decrease Proof test interval Decrease Mission time Change the architecture Revise Proof test coverage 63

excellence in dependable automation Further questions? Email me: lstewart@exida.com February 19, 2016 64

2024 © sportdocbox.com Privacy Policy | Terms of Service | Feedback