Implementing IEC Standards for Safety Instrumented Systems ABHAY THODGE TUV Certificate: PFSE-06-607 INVENSYS OPERATIONS MANAGEMENT
What is a Safety Instrumented System (SIS)? An SIS is designed to: respond to conditions in the plant which may be hazardous in themselves or, if no action was taken, could eventually give rise to a hazard, and to respond to these conditions by taking defined actions that either prevent the hazard or mitigate the hazard consequences. Input ---- Logic Solver ---- Output
Examples of Safety Instrumented Systems High fuel gas pressure furnace initiates shutdown of main fuel gas valves. High reactor temperature initiates fail open action of coolant valve. High column pressure initiates fail open action of pressure vent valve.
SIF SIF included here Emergency Shutdown Systems, Control, Relief Systems Written Internal Guidelines Mentor/Engineering Practices Industry Codes & Standards GOOD ENGINEERING PRACTICE
Standards Bodies that Define Good Engineering Practice for Safety Instrumented Systems ISA, Instrumentation Systems and Automation Society IEC, International Electrotechnical Commission
Other standards and guidelines must be integrated with SIS standards! ISO ISA 84.01-2003 IEC 61508 ASME IEC 61511 Boiler Codes AICHE Books
Safety Instrumented System Standards IEC 61508 - Functional Safety: Safety Related Systems IEC 61511 - Functional Safety: Safety Instrumented Systems for the Process Industry Sector ISA 84.01-2003 - Functional Safety: Safety Instrumented Systems for the Process Industry Sector
IEC 61508 and 61511 STANDARD IEC 61508 addressed Safety Instrumented System (SIS) for all types of Industrial Applications. A SIS includes all components and subsystems necessary to carry out the safety instrumented function (SIF) from sensor(s) to final Element(s). Manufacturer Supplier IEC61511 standard applies to SIS for process Industry that is based on electrical / electronic / Programmable electronic technology. Designer Integrator User
IEC61511 Safety life cycle Management of Functional Safety and Functional Safety Assessment Clause 5 Sub-clause 10 11 6.2 Safety Lifecycle Structure and Planning 1 3 Risk Analysis Process Hazard Analyses Safety Requirements Specification Stage 1 Design and Engineering of Safety Instrumented System 4 Stage 2 Stage 3 2 Allocation of Safety Functions to Protection Layers Installation, Commissioning and Validation Clauses 14 5 Operation and Maintenance 6 Clause 1 Stage 4 Modification 7 Clause 1 Stage 5 Decommissioning 8 Clause 1 Logic Solver Selection Design and Development of Other Means of Risk Reduction Verification
Design Guidelines for Safety Instrumented System (SIS) Cont.. Separation of SIS and DCS Independence between the SIS and the Basic Process Control System Identical or diverse Separation Identical Separation means using same technology for both the DCS and SIS. Diverse separation means using different technology from same or different manufacture. Field Sensors Final Elements Wiring Do not use Single sensor for both DCS and ESD Do not use Single valve for both DCS and ESD Wiring of SIS is separated from DCS wiring.
Design Guidelines for Safety Instrumented System (SIS) Hardware Fault Tolerance Hardware fault tolerance is the ability of a component or subsystem to continue to be able to undertake the required safety instrumented function in the presence of one or more dangerous hardware fault. Physical Separation Physical separation between DCS and SIS may not be necessary provided if independence is maintained and the equipment arrangements and the procedures applied ensure the SIS will not be dangerously affected by Failure of the DCS Work carried out on the DCS
Planning Management of Change Front End Engineering Safety Lifecycle Operations & Maintenance Engineering Design Commissioning
Manage risk - People Identify role of individual or departments Who is assigned to project? What are their roles? Document competency of individuals and departments Does anyone need more training? Who will mentor inexperienced engineers? Who will review and approve? This is good project management.
Manage risk Procedures Define when the following will take place: Verifications, Audits, and Validation. Require procedures for evaluating the performance of the SIS after it has been installed Performance audits and Tracking failures rates. This is good quality control.
Assess risk and mitigate it Will talk about the how to next slides The assessment results in the assignment of Safety Integrity Level
Safety Integrity Level SIL PFDavg Risk Reduction Availability (%) 4 10-4 to 10-5 10,000 to 100,000 99.99 to 99.999 3 10-3 to 10-4 1,000 to 10,000 99.9 to 99.99 2 10-2 to 10-3 100 to 1,000 99 to 99.9 1 10-1 to 10-2 10 to 100 90 to 99
Design SIF Justify selection of devices Document the safety requirements specification Design SIFs to achieve Safety Integrity Level.
SAFETY INSTRUMENTED FUNCTION (SIF)
Prove it Verify Safety Integrity Level Fault tolerance Commissioning Install SIFs per design documents Functional safety assessment Make sure all documents are in place and all hazards analysis items are addressed. Validation Test SIFs to ensure that they have desired functionality
STANDARD SIL VERIFICATION REPORT
FAULT TREE ANALYSIS
CUT SET DATA (PFDavg)
Maintain it Operation, maintenance and testing Use diagnostics and testing to maintain performance Create and maintain procedure to support these activities Train personnel on procedures Management of change Monitor changes to SIS that might affect SIL
Audit it Includes design and procedures Define frequency of audits Determine the degree of independence of auditing activity Document audit Define follow-up activities