Mitigating safety risk and maintaining operational reliability

Size: px
Start display at page:

Download "Mitigating safety risk and maintaining operational reliability"

Transcription

1 Mitigating safety risk and maintaining operational reliability Date 03/29/2010 Assessment and cost-effective reduction of process risks are critical to protecting the safety of employees and the public, minimizing environmental damage, reducing potential capital losses, shortening business interruptions, and limiting legal and regulatory exposure. Premier Consulting Services (PCS) provides National and International Standards compliance verification, risk analysis, assessment, and reduction methodologies through the application of Safety Instrumented Systems (SIS) for all major industries, including refining, petrochemical, pulp and paper, utility, nuclear and manufacturing. PCS utilizes specific, high expertise skills to achieve an objective solution that increases safety and reliability performance for our clients. Creating solutions which yield the greatest cost-to-benefit ratio and increase competitive performance is the focus of Premier Consulting Services (PCS). This document concisely describes the typical SIS project flow with emphasis on compliance to National and International Safety Standards, specifically focused on the IEC safety lifecycle. Although some stages or functions may be performed by the end-user, engineering contractor and/or SIS vendor, the outline for each project stage describes all the objectives and deliverables in general terms, irrespective of the provider. Services that are within the PCS scope are highlighted separately. Page 1 of 1

2 Page 2 of 2

3 A Site Assessment The critical system site assessment is conducted to determine the risk associated with the operation of process units, and to evaluate the design, operation and maintenance of existing safety instrumented systems (SIS). The assessment involves the following: on-site surveys of operating units, Reviews of available documentation (operating and maintenance procedures, P&IDs, process safety management documentation, etc.), Examination of process hazards analysis results, and Discussions with plant personnel concerning operating history. Current national and international standards are utilized to benchmark the facility s risk exposure. Conformance to IEC and/or ANSI/ISA S is reviewed. For systems designed and constructed prior to the issuance of the new standards, an evaluation of the design, maintenance and testing records for safe operation provides a basis for decision-making regarding the adequacy of the existing SIS (i.e. Grandfather clause in the U.S). Recognizing the importance of process uptime and the detrimental impact of spurious trips on operating costs as well as on safety, recommendations are made to improve reliability. The PCS report lists site findings with recommendations for compliance with the company s objectives concerning Safety and Reliability, including conformance to applicable national and international standards in the area of: 1. Design and architecture 2. Safety Availability issues 3. Reliability (spurious trip) issues 4. Support systems 5. Installation 6. Validation 7. Testing and Maintenance 8. Auditing 9. Hardware issues 10. Software issues Page 3 of 3

4 11. Security 12. Human-Machine-Interface 13. Management of Change issues 14. Competence requirements The site assessment provides management with a basis for prioritized capital spending by providing specific recommendations for risk reduction and reliability improvement. It demonstrates to, insurers, regulatory agencies, company personnel and to the public that a serious plan has been established to address safety and reliability issues. Site Assessment Inputs: On-site survey of operating units Process design drawings P&ID / Electrical dwgs Process HAZOP/PHA Operating history Maintenance and test procedures Maintenance and test records Deliverables: - Standards compliance - Safety availability issues - Reliability issues - Testing and maintenance issues - Procedures issues - Competence requirements - Risk exposure - Improvements recommendations B Competency Assessment International standards and Regulatory Agencies require that the organizations and the personnel involved in the safe operation of the plant demonstrate and document their competence for the activities for which they are accountable. IEC clause makes the following statement: As a minimum, the following items should be addressed when considering the competence of persons, departments, organizations or other units involved in safety life-cycle activities: a. Engineering knowledge, training and experience appropriate to the process application. b. Engineering knowledge, training and experience appropriate to the applicable technology used (for example, electrical, electronic or programmable electronic). Page 4 of 4

5 c. Engineering knowledge, training and experience appropriate to the sensors and final elements. d. Safety engineering knowledge (for example, process safety analysis). e. Knowledge of the legal and safety regulatory requirements. f. Adequate management and leadership skills appropriate to their role in safety life-cycle activities g. Understanding of the potential consequence of an event. h. The safety integrity level of the safety instrumented functions. i. The novelty and complexity of the application and the technology. PCS has developed the PFSE Premier Functional Safety Engineering training program as a service to plant operators, engineering contractors and integrators, with the objective of addressing the requirements of the standards in the area of competency in safety engineering knowledge and safety regulatory requirements. PFSE Premier Functional Safety Engineering Program One week Mastering training program Instructor Class room setting Working examples and discussions Written tests and exams Compliance to: - IEC Paragraph (h) - IEC Paragraph Invensys-Premier Consulting Services offers the PFSE training course addressing Functional Safety in the field of Safety Instrumented Systems. Contents, material and final exams for this course have been reviewed and assessed positively by TÜV Industrie Service GmbH, Automation, Software and Information Technology, ASI. PCS is TÜV Industrie Service GmbH, ASI accepted course provider for the TÜV Functional Safety Program Participants of the Premier Consulting Services PFSE training course will receive, upon successful completion, a TÜV certificate including a TÜV Functional Safety Engineer logo and ID number. Page 5 of 5

6 See details of the TÜV Functional Safety Program at: PCS Course Instructors are certified TÜV Functional Safety Experts SIS According to the TÜV Functional Safety Program C PHA /SIF Review SIL Assignment IEC and ANSI/ISA S , as well as Regulatory Agencies, require that a process hazard analysis (PHA) be performed to identify potential hazards in the operation of a process unit. The PHA is a methodical examination of the process design that involves the participation of a multidisciplinary team to identify potential hazards and operability problems that could result in undesired consequences with adverse impact on personnel, equipment or the environment. The initial process PHA is normally performed by the plant operator in conjunction with the process licensor or basic design team. The process design drawings and narratives together with the P&ID s and the PHA documents, form the basis for the identification of the safety instrumented functions (SIF) required to mitigate the potential hazards. Premier Consulting Services provides industry experts in the review process of the PHA results and allocation of Safety Instrumented Functions (SIF), leading to the assignment of a target Safety Integrity Level (SIL) for each SIF. Safety integrity is a measure of the likelihood that the SIF will achieve the specified safety function. A PCS senior consultant performs the role of facilitator and provides guidance to a multidisciplinary team consisting of plant experts in the areas of process, operations, safety, maintenance, instrumentation and electrical. The standards do not mandate any specific method for assigning the target SIL rating, but do provide examples of industry-recognized techniques. The PCS facilitator reviews the different methodologies (Risk Matrix, Risk Graph, LOPA, Semi-quantitative, etc) and applicability to each situation, leading to a consensus on the techniques to be utilized. Page 6 of 6

7 PCS provides further guidance in the approach to aligning the SIL assignment method selected with the corporate risk tolerance criteria. Where necessary, the ALARP risk tolerance principle is discussed and taken in to account. The multidisciplinary team reviews every SIF, and with PCS guidance, a SIL rating is assigned to each safety instrumented function. SIS View software tool-set is made available for the target SIL determination process. The final report reflects the assumptions made with regards to potential hazards likelihood, consequence and risk tolerance criteria in conjunction with the target SIL assigned to each independent SIF. Premier Consulting Services (PCS) reports are recognized worldwide for their integrity and professionalism by plant operators, regulators and risk insurers. PHA /SIF Review SIL Assignment Inputs: Process Narratives Process design drawings P&ID / Electrical dwgs Process HAZOP/PHA SIF allocations Multidisciplinary Team Corporate Guidelines Deliverables: - PHA review - Corporate Risk Tolerance review - SIL assignment methodology review - Hazards assumptions review - SIL target assignment to each SIF - PCS written report. Tools: SIS View Page 7 of 7

8 D SRS Safety Requirements Specification The safety requirement specification (SRS) is a documentation requirement of IEC and ANSI/ISA S (IEC Mod) and is an integral part of the Safety Lifecycle model. The SRS is a summary of key decisions that must be made prior to the conceptual design. The purpose of the SRS is to define the envelope of the Safety Instrumented System (SIS) design. This document, or collection of documents, should be viewed as a basis of design. It is a crucial review step that will minimize downstream detail design changes that could impact cost and/or schedule. The SRS consists of both safety functional requirements and safety integrity requirements. The software safety requirements specification shall be derived from the safety requirements specification and the chosen architecture of the SIS. The SRS should include the following requirements: Description of all the SIF necessary to achieve the required functional safety; Requirements to identify and take account of common cause failures; Definition of the safe state of the process for each identified SIF; Definition of any individually safe process states which, when occurring concurrently, create a separate hazard (for example, overload of emergency storage, multiple relief to flare system); The assumed sources of demand and demand rate on the SIF; Requirement for proof-test intervals; Response time requirements for the SIS to bring the process to a safe state; The SIL target and mode of operation (demand/continuous) for each SIF; Description of SIS process measurements and their trip points; Description of SIS process output actions and the criteria for successful operation, for example, requirements for tight shut-off valves; The functional relationship between process inputs and outputs, including logic, mathematical functions and any required permissives; Requirements for manual shutdown; Requirements relating to energize or de-energize to trip; Requirements for resetting the SIS after a shutdown; Page 8 of 8

9 Maximum allowable spurious trip rate; Failure modes and desired response of the SIS; Any specific procedure requirements for starting up and restarting the SIS; All interfaces between the SIS and any other system (including the BPCS and operators); Description of the modes of operation of the plant and identification of the safety instrumented functions required to operate within each mode; The application software safety requirements; Requirements for overrides/inhibits/bypasses including how they will be cleared; The specification of any action necessary to achieve or maintain a safe state in the event of fault(s) being detected in the SIS; The mean time to repair which is feasible for the SIS; Identification of the dangerous combinations of output states of the SIS that need to be avoided; The extremes of all environmental conditions that are likely to be encountered by the SIS shall be identified; Identification of normal and abnormal modes for both the plant as a whole (for example, plant start-up) and individual plant operational procedures (for example, equipment maintenance, sensor calibration and/or repair). Additional safety instrumented functions may be required to support these modes of operation; Definition of the requirements for any safety instrumented function necessary to survive a major accident event, for example, time required for a valve to remain operational in the event of a fire. Note: Non-safety instrumented functions may be carried out by the SIS to ensure orderly shutdown or faster start-up. These should be separated from the safety instrumented functions. SRS - Safety Requirement Specifications Development: Inputs: Deliverables: PHA / Process design data - Functional Safety Requirements Process dynamics for each SIF - Integrity Safety Requirements Process common cause considerations - Software Safety Requirements List of SIF with individual SIL targets. - Comprehensive SRS Report Process design drawings /narratives SIF Cause & Effect Matrices P&ID / Electrical drawings Data gathered during SRS development. Page 9 of 9

10 E SIS Device Selection PIU - MHFT IEC and ANSI/ISA S require that components and subsystems (sensors, logic solvers and final elements) for use as part of a SIS for SIL 1 to SIL 3 applications, be designed in accordance with IEC and IEC , as appropriate, or else comply with the Proven-In-Use (PIU) requirements of IEC Additionally, the standards require that sensors, logic solvers and final elements selected for use as part of a SIS for SIL 1 to SIL 3 applications conform to a Minimum Hardware Fault Tolerance (MHFT) criteria. The MHFT has been defined to alleviate potential shortcomings in SIF design that may result due to the number of assumptions made in the design of the SIF, along with uncertainty in the failure rate of components or subsystems used in various process applications. IEC and ANSI/ISA S have further design requirements regarding the independence of the SIS and the BPCS (sensors, logic solver and final elements). IEC clause deals with the special concern for SIS-BPCS Separation, Independence, Diversity, Hardware common cause, Systematic (software) common cause and Human errors. Premier Consulting Services provides expert consulting in the selection of components and subsystems (sensors, logic solvers and final elements), addressing the requirements of proven-in-use and minimum hardware fault tolerance in IEC and ANSI ISA S Specific emphasis is made on determining the adequacy of field devices with prior use records, including the number of these devices with sufficient operating experience in a similar operating profile and process application environment. PCS provides further guidance and analysis of test results (i.e. FMEDA s) or third party certifications (i.e. TUV, FM, etc) for field devices with certain SIL claim limits and their adequacy for the SIS application, including any application guidelines and/or restrictions. Bearing in mind that the logic solver is normally shared by a number of safety functions, selection of the safety PLC technology is crucial to a safe and reliable SIS. Page 10 of 10

11 Premier Consulting Services expertise can prove invaluable in the analysis of logic solvers manufacturers claims for safety availability, reliability, fault tolerance, safe failure fraction as it relates to demand mode or continuous mode of operation. Furthermore, an analysis of any third party (i.e. TUV, FM, etc.) certification guidelines and restrictions, as well as an analysis of the manufacturer s safety manual becomes an essential review process in the selection of the logic solver technology. Premier Consulting Services recognizes that third party certifications (i.e. TUV, FM, etc) to IEC and other applicable standards are focused exclusively on a fail safe mode of operation of the device. Premier Consulting Services also recognizes the importance of process up-time and therefore provides the expertise for the selection of SIS devices that will issue not only safety, but a high degree of reliability and low spurious trip rate. There are some devices and PLCs on the market that have low fault tolerance and low redundancy but high safe failure fraction, and thus get certified to even a SIL 2 or SIL 3 rating. PCS expert analysis and recommendations build towards avoiding the trap of designing a safe but unreliable SIS. SIS Device Selection PIU - MHFT Inputs: Field equipment performance data Site environmental data Process up-time requirements List of SIF with individual SIL targets. Project data gathered during study Deliverables: - Proven-in-use device analysis - Fault Tolerance device analysis - Third party certification analysis - Application restrictions analysis - Device safety & reliability analysis - BPCS-SIS independence analysis Page 11 of 11

12 F CONCEPTUAL DESIGN The SIS design and engineering phase of the Safety Lifecycle requires a solid Conceptual design which develops and verifies that all the items defined in the SRS Safety Requirements Specification are fulfilled. The following considerations shall be accounted for: Field instrumentation redundancy requirements and voting scheme. Field instrumentation process connection requirements, considering possible tap plugging, freezing, etc. Logic solver technology per the SRS. Cabinet integration requirements, material/ temperature/ humidity limits. BPCS technology and communication requirements. Field and communication wiring / routing requirements. Power source requirements, such as redundancy and/ or UPS. Environmental requirements, lightning, flooding, extreme temperatures. Requirements for intrinsic safety / explosion proof. SIS equipment and junction boxes identification / tags / color painted, etc. Possible sources of common cause failures of the SIS. Non-safety instrumented functions in the SIS that may negatively affect a SIF shall be treated as part of the SIS complying with the highest SIL requirements Common hardware and software SIS that share SIF of different SIL will be designed to meet the highest SIL. BPCS-SIS separation, independence and diversity shall be assessed. Requirements for operability, maintainability and testability shall be assessed. (i.e. bypass facilities for on-line testing, including alarms when in bypass). Design of HMI shall account for human capabilities and limitations and accommodate level of operator training. Manual E-Stop should be implemented per the SRS. Subsystems that do not fail to the safe state on loss of power require line monitoring and special power loss detection measures. Action required upon detection of a fault, either by diagnostics or proof testing. Operator response time to critical alarms shall be accounted for. Bypasses protection by key locks or passwords shall be implemented. SIS status, such as active, bypassed or tripped shall be a function of the HMI. SIS operator interface shall be protected against unauthorized changes. Page 12 of 12

13 Any failure of the SIS maintenance/engineering interface should not prevent the SIS from bringing the process to its safe state. The maintenance /engineering interface should not be used as operator interface. SIS communication failures should not prevent the SIS from bringing the process to its safe state. Electromagnetic interference and power surges in the SIS communication should not cause dangerous failures. Where required by the SRS, the design should allow for on-line proof testing of the SIS, either end to end or in parts. Operator should be alerted of the bypass of any part of the SIS by an alarm or procedure. Forcing of I/O in the PES should not be allowed, unless supplemented by procedures and access security. Conceptual Design Inputs: SRS- Safety Requirements Spec. Field technology / voting PES technology Power sources data Environmental data Project data gathered during study Deliverables: - Power & Grounding conceptual drawings - Field installation typical drawings - Bypass typical drawings - E-Stop typical drawings - HMI Requirements - Communication requirements - SIS P & ID s (as applicable) - SIS Cause & Effect Matrix (as applicable) G SIL Verification IEC and ANSI/ISA S require a quantitative verification of the SIL of each SIF to meet the target SIL determined in the SRS. Modeling methods are referred to in IEC Annex A and described in IEC and ISA TR a- Reliability block diagram technique b- Simplified equations technique c- Fault tree analysis technique d- Markov modeling technique Page 13 of 13

14 The modeling technique is selected as appropriate for each application. Fault Tree Analysis (FTA) was developed in the 1960s by Bell Laboratories in the United States. During the Polaris Missile Project, FTA was utilized to evaluate the probability of an inadvertent launching of a Minuteman missile. FTA has been used extensively by the military, the space program, and the nuclear industry. It is a highly adaptable logic diagram based technique that can be readily applied to the processes of the refining, petrochemical, chemical, oil and gas production, pipeline, pulp and paper, utility, nuclear, manufacturing and pharmaceutical industries. Premier Consulting Services recommends this FTA technique for complete SIF SIL quantified verification. The principal benefits include: A clear graphical representation of the system. Mathematical models for numerous modes of operation (i.e., repairable, non-repairable, and stand-by). Results directly indicate key contributors to system unavailability. Consideration of sensitivity cases for modifications to system components, architecture, and component testing intervals. Easy conversion of system model for evaluation of nuisance trip rates Fault tree analysis is a top down deductive method for identifying the numerous ways in which equipment failures, software failures, human error, environmental factors, and external events can lead to accidents or other undesirable conditions. A fault tree model consists of a top event and a connecting logic structure of events that must take place in order for the undesired top event to result. In the evaluation of Safety Instrumented Systems, there are two scenario top events that are typically of interest: SIS Failure on Demand and SIS Spurious Trip. A model of the SIS failure on demand investigates the potential for the SIS failing to perform its designed safety function. In the event of a failure on demand, the process plant is experiencing an undesired condition that the SIS has been designed to detect and, upon detection, automatically take the process to a safe state but because of a latent failure, the SIS fails to function, allowing the undesired condition and the subsequent consequences to continue. Simply stated, the SIS fails to perform its designed function when needed. The second scenario top event that is considered in the evaluation of SIS is a spurious trip. In the event of a spurious trip, the SIS has taken action when no process condition warranting such action is present. Both the failure on demand and the spurious trip are critical performance characteristics of an SIS. Page 14 of 14

15 The fault tree model consists of a single top event, a number of simple faults called basic events and logical operators that dictate how the basic events must combine to result in failure described by the fault tree top event. Basic events, which represent a simple failure or fault, are the building blocks of the model. It may be a hardware failure, a human error, or an adverse condition. Basic events are always assumed to be independent of each other. A common cause event must be modeled as its own basic event, and be assigned its own failure probability or failure rate. This event is then regarded as statistically independent of all other basic events. Logical gates are used to connect the basic events and the resulting secondary conditions, in order to represent the ways to achieve the top event. The basic events are assigned a corresponding failure rate, proof test interval and mission time data for computation in the Fault Tree. The resulting PFD avg calculation for each SIF is referenced to the SIL number and compared with the target SIL determined in the SRS. This constitutes the quantified SIL verification process for the fail to function or Safety Availability. A second Fault Tree is constructed to verify the MTTF spurious. The computed result is compared with the maximum spurious trip rate established in the SRS. This constitutes the quantified verification of the spurious trip rate. Special Tools Fault Tree Analysis requires the use of Boolean algebra for the mathematical quantification in order to achieve correct and repeatable results. Therefore, a computer model is recommended for quantification of the fault trees. The US Department of Energy supports a fault tree analysis program with the appropriate mathematics capability and minimum cut sets assessments, which was initially developed for the Nuclear Industry. The software package, SAPHIRE (Systems Analysis Programs for Hands-on Integrated Reliability Evaluations), is utilized by Premier Consulting Services. Additionally, PCS may also utilize SILwatch, which is a Fault Tree based computer modeling tool for the simpler safety instrumented functions. Both tools have been verified to yield equivalent and repeatable results. Page 15 of 15

16 SIL Verification Inputs: Deliverables: SRS- Safety Requirements Spec. - Safety Availability (PFD avg ) P&ID s and /or Cause and effect Matrix - Minimal cut-sets Instrumentation description - Devices % contributions to PFD avg Interlock description - SIL verification to SRS targets Expected proof testing frequency - MTTF spurious (Spurious trip rate) Process Safety Hazard Analysis - Devices % contributions to MTTF spurious - Recommendations for proof test intervals - Recommendations for SIS improvements Tools: SAPHIRE and SILwatch H Detailed Design The detailed design phase of a typical SIS project entails implementing the Conceptual Design through good engineering practices, verifying all the requirements in the SRS (Safety Requirements Specification). The detailed design is usually performed by the SIS vendor and/or the engineering contractor. The following considerations are accounted for: Verification of site applicable standards (API, NFPA, MMS, Authority having Jurisdiction, etc) Power and Grounding drawings Field equipment installation drawings Field wiring layouts / junction boxes, etc Intrinsic safety, explosion proof considerations. Environmental considerations. Logic solver equipment layout drawings. Cabinet integration drawings. Communications wiring drawings HMI workstations layout Application program development Verification of use of Fixed or Limited Variability Languages Page 16 of 16

17 Use of V-Model or other verification process Peer review and testing of application software Application software behavior in presence of hardware failures. Security implementation (access restrictions) HMI screens development Critical alarms implementation. Implementation of bypass keys / permissives / inhibits. Maintenance procedures development Proof Testing procedures development. FAT - Factory Acceptance Test. I Installation & Commissioning Installation and Commissioning activities involve strict planning and implementation activities in compliance with the detail design and the SRS. This phase of the SIS project is usually implemented by a combination of the engineering contractor, SIS vendor and the user. The following considerations are accounted for: Installation and Commissioning plan. Procedures, measures and techniques to be used. Persons, departments and organizations responsible. Safety loop drawings / instrument lists. Field instrumentation calibration. Power and grounding verified. Equipment functional tests Loop checks Interface communications tests Application software version control. As built drawings verified against SRS. PSAT Pre-Startup Acceptance Test Page 17 of 17

18 J Functional Safety Assessment IEC requires that a functional safety assessment (FSA) be performed prior to the introduction of process materials in to the equipment under control (EUC). This requirement is similar to the pre-startup safety review (PSSR) called for by OSHA and other regulatory bodies around the world. IEC requires that at least one senior, competent, independent (from the project team) person, take part in the FSA. This independent individual must have the authority to prevent the process unit startup, if necessary. The Functional Safety Assessment is documented in a SIS validation plan and is usually performed by the user/operator in conjunction with the engineering contractor and/or the SIS vendor. The FSA should at minimum verify the following: The SIS has been constructed, installed and tested in accordance with the SRS. All procedures for safety, operation, maintenance and management of change (MOC) are complete and in place. Any pending PHA and/or SRS issues are resolved and implemented Operations and maintenance personnel are trained and competence is documented. Application software is validated in accordance with validation plan. All safety instrumented functions perform according to the SRS. Bypasses, overrides and reset functions perform in accordance with SRS. SIS is not affected by adverse interactions of the BPCS or any shared instrumentation. Loss of utilities do not impede proper SIS action. Verification of EMC immunity. BRPB or other manual independent e-stop operate correctly. Critical Safety alarms function as per the SRS. HMI graphics function correctly. SIS safety validation (SAT) completed prior to startup. PSSR completed. All bypasses returned to normal, isolation valves set to startup position, test materials removed and all forces removed. Page 18 of 18

19 K Operation & Maintenance IEC requires that the SIS be operated and maintained so that the designed safety function is preserved. The SIL of each SIF must be maintained throughout the lifecycle of the plant. This function is usually performed by the user/operator and/or a maintenance contractor. However, the responsibility resides with the owner. The operation and maintenance plan should address, at minimum, the following: Proof testing, preventive and breakdown maintenance activities. Verification of adherence to operation and maintenance procedures. Designation and competence of persons, departments and organizations responsible. Schedule adherence to all activities. Additional mitigation actions necessary during bypass and/or testing. Recording of actual process demand rate on the SIS. Identification of the cause of process demands Recording of actual failure rates of SIS devices, including field equipment. Identification of the cause of false trips. Correct operation of each field sensor and final element. Correct logic action of the SIS Correct alarms and indicators. Verification and Validation of actual SIL of each SIF and confirmation of equipment failure rate assumptions during the design phase, as well as adequacy of the proof test interval necessary to maintain the designed safety function. Note: COSIL Safety System management tool-set for on-line / real time continuous SIL monitoring of all the Safety Instrumented Functions (SIF) in a process plant s SIS is an excellent tool that provides the mechanism for SIS operation and maintenance validation. COSIL additionally provides the functionality to perform continuous on-line calculations of the Safety Instrumented Function s (SIF) instantaneous probability to fail on demand (PFD). This measurement provides plant engineers with real time data for evaluating the actual instantaneous Risk Reduction Factor (RRF), conducive to better decision making in the area of improvements in plant safety. Knowledge of the instantaneous PFD provides a wealth of information over and above the PFD avg based SIL. Page 19 of 19

20 COSIL is applicable to both Demand mode of operation and Continuous mode of operation as defined in IEC paragraph L Safety Audits SIS safety audits are requirements for validation of the design safety function. IEC 61511, true to the criteria of a performance base standard, has no specific requirements regarding the frequency or the procedures. However, the safety audits must be independent and objective. Process industry experience would indicate that: Audit frequency of 3 years is a starting point. Based on the number of negative findings, the frequency may be adjusted accordingly. Individuals conducting the audit should be independent of the plant personnel. Standards and/or Corporate documents against which the audit is to be conducted, should be agreed upon in anticipation. Procedures review should reveal if they are in place, understood and followed. Interviews should start with managers, followed by engineering and finally operation and maintenance personnel. All maintenance and testing records should be reviewed in detail. Especially critical is the review of management of change records. Visual inspection of field equipment condition and tagging is a key indicator of general health. Checking for unauthorized systems in bypass is critical. Records of the SIL for each SIF should be clearly documented. Records of the validation of the SIL and RRF for each SIF should be documented. Records of the number and cause of process demands should be clearly documented. Records of the number and cause of nuisance trips should be clearly documented. Records of the actual failure rates of the SIS devices, as they compare to the design assumptions, should be clearly documented. Documentation should reflect up to date installed hardware and software. Page 20 of 20

21 The safety audits are normally conducted by corporate personnel independent of the plant and/or by specialized consulting companies, such as Premier Consulting Services. SCAMP Safety Compliance Auditing and Maintenance Program is an excellent service for this phase of the safety lifecycle and compliance to IEC clause , which states: To ensure that the required SIL of each safety instrumented function is maintained during operation and maintenance. To operate and maintain the SIS so that the designed functional safety is maintained. M Modifications / MOC IEC requires that modifications to any safety instrumented system (SIS) are properly planned, reviewed and approved prior to making the change. Additionally, the required safety integrity of the SIS should be maintained despite any changes performed. Management of Change (MOC) procedures should be in place and all requirements of the SRS should be assessed. Prior to making any modifications to the SIS, procedures for authorizing and controlling changes should be effective and understood. MOC authorizations should identify the hazards which may be affected. Modifications require a functional safety impact analysis prior to authorization. Any impact on safety requires returning to the first affected step in the safety lifecycle Modifications that imply a change of hardware or software calls for returning to the first affected step in the safety lifecycle (i.e. replacement in kind, proven-in-use, minimum hardware fault tolerance, maximum SIL claim limit, etc). Tests should verify that the changes were properly implemented. Tests should ensure that functional safety is not negatively affected. Modifications should be performed by qualified and competent personnel. All affected and appropriate personnel should be notified and trained regarding the change and its implications. Documentation should be updated to reflect the modifications, including the reason for the change, the hazards affected and the tests performed to verify that the safety integrity is maintained. Page 21 of 21

22 Modifications are normally performed by the user/operator and or a maintenance contractor, with supervision of competence engineering and safety personnel. For more information about how Premier Consulting Services can help you solve your critical control system problems, contact: Page 22 of 22

Safety Requirements Specification Guideline

Safety Requirements Specification Guideline Safety Requirements Specification Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary Safety Requirement

More information

Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)

Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA

More information

Viewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

Viewpoint on ISA TR84.0.02 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Viewpoint on ISA TR84.0.0 Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President Presented at Interkama, Dusseldorf, Germany, October 1999, Published in ISA Transactions,

More information

PFSE Premier Functional Safety Engineering Safety Instrumented Systems Course Outline

PFSE Premier Functional Safety Engineering Safety Instrumented Systems Course Outline in cooperation with TÜV Industrie Service GmbH Automation, Software and Information Technology - ASI PCS is TÜV Industrie Service GmbH, ASI accepted course provider for the TÜV Functional Safety Program

More information

Is your current safety system compliant to today's safety standard?

Is your current safety system compliant to today's safety standard? Is your current safety system compliant to today's safety standard? Abstract It is estimated that about 66% of the Programmable Electronic Systems (PES) running in the process industry were installed before

More information

Hardware safety integrity Guideline

Hardware safety integrity Guideline Hardware safety integrity Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed

More information

Basic Fundamentals Of Safety Instrumented Systems

Basic Fundamentals Of Safety Instrumented Systems September 2005 DVC6000 SIS Training Course 1 Basic Fundamentals Of Safety Instrumented Systems Overview Definitions of basic terms Basics of safety and layers of protection Basics of Safety Instrumented

More information

Safety controls, alarms, and interlocks as IPLs

Safety controls, alarms, and interlocks as IPLs Safety controls, alarms, and interlocks as IPLs Angela E. Summers, Ph.D., P.E. SIS-TECH Solutions 12621 Featherwood Dr. Suite 120, Houston, TX 77034 Keywords: safety controls, alarms, interlocks, SIS,

More information

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR The information and any recommendations that may be provided herein are not intended

More information

IEC 61508 Overview Report

IEC 61508 Overview Report IEC 61508 Overview Report A Summary of the IEC 61508 Standard for Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems exida Sellersville, PA 18960, USA +1-215-453-1720

More information

USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION. Dr. Angela E. Summers, PE. SIS-TECH Solutions, LLC Houston, TX

USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION. Dr. Angela E. Summers, PE. SIS-TECH Solutions, LLC Houston, TX USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION By Dr. Angela E. Summers, PE SIS-TECH Solutions, LLC Houston, TX Prepared for Presentation at the 34 th Annual Loss Prevention Symposium, March 6-8,

More information

A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION

A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION Published in Chemical Engineering Progress, December 2008. Angela E. Summers, SIS-TECH Solutions, LP This step-by-step procedure applies instrumented safety

More information

A methodology For the achievement of Target SIL

A methodology For the achievement of Target SIL A methodology For the achievement of Target SIL Contents 1.0 Methodology... 3 1.1 SIL Achievement - A Definition... 4 1.2 Responsibilities... 6 1.3 Identification of Hazards and SIL Determination... 8

More information

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A AS SEEN IN THE SUMMER 2007 ISSUE OF... HOW TO IMPLEMENT A SAFETY LIFE-CYCLE A SAFER PLANT, DECREASED ENGINEERING, OPERATION AND MAINTENANCE COSTS, AND INCREASED PROCESS UP-TIME ARE ALL ACHIEVABLE WITH

More information

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification The TÜV Rheinland Functional Safety Program is a unique opportunity to provide certified evidence of competency in functional

More information

Version: 1.0 Latest Edition: 2006-08-24. Guideline

Version: 1.0 Latest Edition: 2006-08-24. Guideline Management of Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se Quoting of this report is allowed but please

More information

Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System

Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System Whether standalone or integrated, choose a smart, modern safety system designed

More information

What Now? More Standards for Safety and Regulatory Compliance

What Now? More Standards for Safety and Regulatory Compliance What Now? More Standards for Safety and Regulatory Compliance Mike Schmidt, P.E., CFSE Bluefield Process Safety Chuck Miller, CFSP Emerson Process Management Presenters Mike Schmidt, P.E., CFSE Bluefield

More information

IEC 61508 Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

IEC 61508 Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands IEC 61508 Functional Safety Assessment Project: Series 327 Solenoid Valves Customer: ASCO Numatics Scherpenzeel, The Netherlands Contract No.: Q09/04-59 Report No.: ASC 09-04-59 R003 V1 R3 61508 Assessment

More information

DeltaV SIS for Burner Management Systems

DeltaV SIS for Burner Management Systems January 2011 Page 1 DeltaV SIS for Burner Management Systems RESULTS Inhibit startup when unsafe conditions exist Protect against unsafe operating conditions, including improper fuel quantities Provide

More information

Failure Modes, Effects and Diagnostic Analysis

Failure Modes, Effects and Diagnostic Analysis Failure Modes, Effects and Diagnostic Analysis Project: Plant-STOP 9475 Company: R. STAHL Schaltgeräte GmbH Waldenburg Germany Contract No.: STAHL 13/04-027 Report No.: STAHL 13/04-027 R024 Version V1,

More information

Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems

Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems Srinivasan N. Ganesan, M.S., P.E. MENA Region Manager, Kenexis DMCC, Dubai, UAE Edward M. Marszal, PE, ISA 84 Expert ABSTRACT

More information

TÜV FS Engineer Certification Course www.silsupport.com www.tuv.com. Being able to demonstrate competency is now an IEC 61508 requirement:

TÜV FS Engineer Certification Course www.silsupport.com www.tuv.com. Being able to demonstrate competency is now an IEC 61508 requirement: CC & technical support services TÜV FS Engineer Certification Course www.silsupport.com www.tuv.com Being able to demonstrate competency is now an IEC 61508 requirement: CAPITALISE ON EXPERT KNOWLEDGE

More information

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments Introduction The Industrial process industry is experiencing a dynamic growth in Functional Process Safety applications.

More information

On-Site Risk Management Audit Checklist for Program Level 3 Process

On-Site Risk Management Audit Checklist for Program Level 3 Process On-Site Risk Management Audit Checklist for Program Level 3 Process Auditor name: Date: I. Facility Information: Facility name: Facility location: County: Contact name: RMP Facility I.D. Phone Number:

More information

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry.

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September 2010. Answers for industry. SIMATIC Safety Matrix The Management Tool for all Phases of the Safety Lifecycle Brochure September 2010 Safety Integrated Answers for industry. Functional safety and Safety Lifecycle Management Hazard

More information

Version: 1.0 Last Edited: 2005-10-27. Guideline

Version: 1.0 Last Edited: 2005-10-27. Guideline Process hazard and risk Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary This report will try

More information

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany FMEDA and Proven-in-use Assessment Project: Inductive NAMUR sensors Customer: Pepperl+Fuchs GmbH Mannheim Germany Contract No.: P+F 03/11-10 Report No.: P+F 03/11-10 R015 Version V1, Revision R1.1, July

More information

What is CFSE? What is a CFSE Endorsement?

What is CFSE? What is a CFSE Endorsement? ENDORSEMENT PROGRAM The CFSE endorsement program helps current holders of CFSE and CFSP certification build /demonstrate expertise and knowledge in specific focus areas of functional safety. What is CFSE?

More information

Is Cost Effective Compliance with the IEC61511 Safety Lifecycle Sustainable?

Is Cost Effective Compliance with the IEC61511 Safety Lifecycle Sustainable? Is Cost Effective Compliance with the IEC61511 Safety Lifecycle Sustainable? Michael Scott, PE, CFSE Exec VP - Global Process Safety Technology aesolutions Carolyn Presgraves, CFSP Senior Director of Software

More information

Functional Safety Management: As Easy As (SIL) 1, 2, 3

Functional Safety Management: As Easy As (SIL) 1, 2, 3 Functional Safety Management: As Easy As (SIL) 1, 2, 3 Abstract This paper outlines the need for planning in functional safety management. Recent events such as the Montara blowout and the Deepwater Horizon

More information

IEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

IEC 61508 Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter. 61508 SIL 3 CAPABLE IEC 61508 Functional Safety Assessment Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter Customer: K-TEK Corporation Prairieville, LA USA Contract No.:

More information

www.klmtechgroup.com TABLE OF CONTENT

www.klmtechgroup.com TABLE OF CONTENT Page : 1 of 13 Project Engineering Standard www.klmtechgroup.com KLM Technology #03-12 Block Aronia, Jalan Sri Perkasa 2 Taman Tampoi Utama 81200 Johor Bahru Malaysia TABLE OF CONTENT SCOPE 2 REFERENCES

More information

ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM

ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM ISA CERTIFIED AUTOMATION PROFESSIONAL (CAP ) CLASSIFICATION SYSTEM Domain I: Feasibility Study - identify, scope and justify the automation project Task 1: Define the preliminary scope through currently

More information

Safety Integrity Level (SIL) Assessment as key element within the plant design

Safety Integrity Level (SIL) Assessment as key element within the plant design Safety Integrity Level (SIL) Assessment as key element within the plant design Tobias WALK ILF Consulting Engineers GmbH Germany Abstract Special attention has to be provide to safety instrumented functions

More information

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP Software-Implemented Safety Logic, Loss Prevention Symposium, American Institute of Chemical Engineers,

More information

Alarm Management Standards Are You Taking Them Seriously?

Alarm Management Standards Are You Taking Them Seriously? Alarm Management Standards Are You Taking Them Seriously? Executive Summary EEMUA Publication 191 ALARM SYSTEMS - A Guide to Design, Management, and Procurement was first released in 1999 and is well acknowledged

More information

ESTIMATION AND EVALUATION OF COMMON CAUSE FAILURES IN SIS

ESTIMATION AND EVALUATION OF COMMON CAUSE FAILURES IN SIS ESTIMATION AND EVALUATION OF COMMON CAUSE FAILURES IN SIS Angela E. Summers, Ph.D., Director Kimberly A. Ford, Senior Risk Analyst, and Glenn Raney, Technical Specialist Premier Consulting + Engineering,

More information

Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator

Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator Instruction Manual Supplement ED, ES, ET, EZ, HP, HPA Valves with 657/667 Actuator Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator Purpose This safety manual provides information

More information

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC 61508 AND IEC 61511 IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC 61508 AND IEC 61511 IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC 61508 AND IEC 61511 IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF No.: 070 Date effective: 1.02.2001 Revision no.: 01 Date revised: NA

More information

SIS 401 - Smart SIS 15 minutes

SIS 401 - Smart SIS 15 minutes 2005 Emerson Process Management. All rights reserved. View this and other courses online at www.plantwebuniversity.com. SIS 401 - Smart SIS 15 minutes In this course: 1 Overview 2 Why It Matters 3 What

More information

Planning Your Safety Instrumented System

Planning Your Safety Instrumented System Planning Your Safety Instrumented System Executive Summary Industrial processes today involve innate risks due to the presence of gases, chemicals and other dangerous materials. Each year catastrophes

More information

Safety Integrity Level (SIL) Studies Germanischer Lloyd Service/Product Description

Safety Integrity Level (SIL) Studies Germanischer Lloyd Service/Product Description Safety & Risk Management Services Safety Integrity Level (SIL) Studies Germanischer Lloyd Service/Product Description Germanischer Lloyd Service/Product Description Safety Integrity Level (SIL) Studies

More information

Integrating Control and Safety with Secure System Segregation

Integrating Control and Safety with Secure System Segregation Integrating Control and Safety with Secure System Segregation Integrating Control and Safety with Secure System Segregation 2 Table of Contents Introduction...3 A Full Range of Solutions...4 Foundation

More information

Logic solver application software and operator interface

Logic solver application software and operator interface Logic solver application software and operator interface By RJ Perry, Control Systems Consultant Correctly implemented and structured functional logic, together with operator interface displays, can improve

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions The exida Certification Program Functional Safety (SIL) Cyber-Security V2 R3 June 14, 2012 exida Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547

More information

Fire and Gas Solutions. Improving Safety and Business Performance

Fire and Gas Solutions. Improving Safety and Business Performance Fire and Gas Solutions Improving Safety and Business Performance Industrial Fire & Gas (F&G) systems play a critical role in protecting people, processes and the environment. They continuously monitor

More information

A holistic approach to Automation Safety

A holistic approach to Automation Safety A holistic approach to Automation Safety Mark Eitzman - Manager, Safety Business Development How technology, global standards and open systems help increase productivity and overall equipment effectiveness.

More information

The Role of Automation Systems in Management of Change

The Role of Automation Systems in Management of Change The Role of Automation Systems in Management of Change Similar to changing lanes in an automobile in a winter storm, with change enters risk. Everyone has most likely experienced that feeling of changing

More information

SIL manual. Structure. Structure

SIL manual. Structure. Structure With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery for Products and Services of the Electrical Industry, published by the Central

More information

Owner-User Pressure Equipment Integrity Management Requirements

Owner-User Pressure Equipment Integrity Management Requirements the pressure equipment safety authority Owner-User Pressure Equipment Integrity Management Requirements AB-512 Edition 2, Revision 0 Issued 2015-06-25 Owner-user Pressure Equipment Integrity Management

More information

Powerful information management services and software for the oil, gas, and chemical industries

Powerful information management services and software for the oil, gas, and chemical industries Powerful information management services and software for the oil, gas, and chemical industries RELIEF SYSTEM SERVICES Provenance Consulting has relief system design experience in all aspects of the petrochemical

More information

Frequently Asked Questions

Frequently Asked Questions Frequently Asked Questions The exida 61508 Certification Program V1 R8 October 19, 2007 exida Geneva, Switzerland Sellersville, PA 18960, USA, +1-215-453-1720 Munich, Germany, +49 89 4900 0547 1 Exida

More information

SAFETY MANUAL SIL Switch Amplifier

SAFETY MANUAL SIL Switch Amplifier PROCESS AUTOMATION SAFETY MANUAL SIL Switch Amplifier KCD2-SR-(Ex)*(.LB)(.SP), HiC282* ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable: The General

More information

Alarm Philosophy Document Template. Prepared for: Customer Company Name

Alarm Philosophy Document Template. Prepared for: Customer Company Name Alarm Philosophy Document Template Prepared for: Customer Company Name exida Consulting, LLC 64 N. Main Street Sellersville, PA, 18960 USA exida Page 1 of 93 Distribution: This alarm philosophy template

More information

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity Value Paper Author: Edgar C. Ramirez Diverse redundancy used in SIS technology to achieve higher safety integrity Diverse redundancy used in SIS technology to achieve higher safety integrity Abstract SIS

More information

Final Element Architecture Comparison

Final Element Architecture Comparison Final Element Architecture Comparison 2oo2 with diagnostics: Lower False Trip Rate and High Safety Project: Safety Cycling Systems Architecture Review Customer: Safety Cycling Systems, L.L.C. 1018 Laurel

More information

Management of Change: Addressing Today s Challenge on Documenting the Changes

Management of Change: Addressing Today s Challenge on Documenting the Changes White Paper Management of Change: Addressing Today s Challenge on Documenting the Changes Executive Summary Our industry is facing the challenge of ever increasing system complexity with large systems

More information

Controlling Risks Safety Lifecycle

Controlling Risks Safety Lifecycle Controlling Risks Safety Lifecycle Objective Introduce the concept of a safety lifecycle and the applicability and context in safety systems. Lifecycle Management A risk based management plan for a system

More information

Effective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers

Effective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers Effective Compliance with IEC 61508 When Selecting Solenoid Valves for Safety Systems by David Park and George Wahlers A White Paper From ASCO Valve, Inc. Introduction Regulatory modifications in 2010

More information

FAQ SHEET - LAYERS OF PROTECTION ANALYSIS (LOPA)

FAQ SHEET - LAYERS OF PROTECTION ANALYSIS (LOPA) FAQ SHEET - LAYERS OF PROTETION ANALYSIS (LOPA) Acronyms and Abbreviations Used ANSI - American National Standards Institute IPL - Independent Protection Layer ISA - The Instrumentation, Systems and Automation

More information

AP1000 European 18. Human Factors Engineering Design Control Document

AP1000 European 18. Human Factors Engineering Design Control Document 18.2 Human Factors Engineering Program Management The purpose of this section is to describe the goals of the AP1000 human factors engineering program, the technical program to accomplish these goals,

More information

Why SIL3? Josse Brys TUV Engineer j.brys@hima.com

Why SIL3? Josse Brys TUV Engineer j.brys@hima.com Why SIL3? Josse Brys TUV Engineer j.brys@hima.com Agenda Functional Safety Good planning if specifications are not right? What is the difference between a normal safety and SIL3 loop? How do systems achieve

More information

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Announcement of a new IAEA Co-ordinated Research Programme (CRP) Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C)

More information

SAFETY MANUAL SIL RELAY MODULE

SAFETY MANUAL SIL RELAY MODULE PROCESS AUTOMATION SAFETY MANUAL SIL RELAY MODULE KFD0-RSH-1.4S.PS2 ISO9001 3 With regard to the supply of products, the current issue of the following document is applicable: The General Terms of Delivery

More information

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities II.2 Life Cycle and Safety Safety Life Cycle: The necessary activities involving safety-related systems, occurring during a period of time that starts at the concept phase of a project and finishes when

More information

GUIDELINES FOR THE CONDUCT OF OIL, GAS & PETROCHEMICAL RISK ENGINEERING SURVEYS

GUIDELINES FOR THE CONDUCT OF OIL, GAS & PETROCHEMICAL RISK ENGINEERING SURVEYS GUIDELINES FOR THE CONDUCT OF OIL, GAS & PETROCHEMICAL RISK ENGINEERING SURVEYS Developed by: Ron Jarvis Andy Goddard Swiss Re, London Talbot Syndicate, London Contributions made by the London market engineers

More information

CASS TEMPLATES FOR SOFTWARE REQUIREMENTS IN RELATION TO IEC 61508 PART 3 SAFETY FUNCTION ASSESSMENT Version 1.0 (5128)

CASS TEMPLATES FOR SOFTWARE REQUIREMENTS IN RELATION TO IEC 61508 PART 3 SAFETY FUNCTION ASSESSMENT Version 1.0 (5128) CASS TEMPLATES FOR SOFTWARE REQUIREMENTS IN RELATION TO PART 3 SAFETY FUNCTION ASSESSMENT Version 1.0 (5128) Report No. T6A01 Prepared for: The CASS Scheme Ltd By: The 61508 Association All comment or

More information

Reduce Risk with a State-of-the-Art Safety Instrumented System. Executive Overview... 3. Risk Reduction Is the Highest Priority...

Reduce Risk with a State-of-the-Art Safety Instrumented System. Executive Overview... 3. Risk Reduction Is the Highest Priority... ARC WHITE PAPER By ARC Advisory Group SEPTEMBER 2004 Reduce Risk with a State-of-the-Art Safety Instrumented System Executive Overview... 3 Risk Reduction Is the Highest Priority... 4 Safety Standards

More information

Vetting Smart Instruments for the Nuclear Industry

Vetting Smart Instruments for the Nuclear Industry TS Lockhart, Director of Engineering Moore Industries-International, Inc. Vetting Smart Instruments for the Nuclear Industry Moore Industries-International, Inc. is a world leader in the design and manufacture

More information

Overview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems

Overview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems Overview of IEC 61508 - Design of electrical / electronic / programmable electronic safety-related systems Simon Brown The author is with the Health & Safety Executive, Magdalen House, Bootle, Merseyside,

More information

ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL

ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL 61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable

More information

Testing Automated Manufacturing Processes

Testing Automated Manufacturing Processes Testing Automated Manufacturing Processes (PLC based architecture) 1 ❶ Introduction. ❷ Regulations. ❸ CSV Automated Manufacturing Systems. ❹ PLCs Validation Methodology / Approach. ❺ Testing. ❻ Controls

More information

AMS Suite: Intelligent Device Manager with the DeltaV system

AMS Suite: Intelligent Device Manager with the DeltaV system with the DeltaV TM system AMS Suite: Intelligent Device Manager with the DeltaV system Manage your HART, FOUNDATION fieldbus, WirelessHART, and Profibus DP devices using a single, integrated application

More information

Designing an Effective Risk Matrix

Designing an Effective Risk Matrix Designing an Effective Risk Matrix HENRY OZOG INTRODUCTION Risk assessment is an effective means of identifying process safety risks and determining the most cost-effective means to reduce risk. Many organizations

More information

AMS Suite: Intelligent Device Manager

AMS Suite: Intelligent Device Manager Product Data Sheet AMS Suite: Intelligent Device Manager with the DeltaV System Predict necessary maintenance activities instead of reacting to problems that are already impacting your process. Manage

More information

> THE SEVEN GREATEST THREATS TO PROCESS PLANT > WHAT S INSIDE: SAFETY, AND HOW TO MANAGE THEM WHITE PAPER

> THE SEVEN GREATEST THREATS TO PROCESS PLANT > WHAT S INSIDE: SAFETY, AND HOW TO MANAGE THEM WHITE PAPER WHITE PAPER > THE SEVEN GREATEST THREATS TO PROCESS PLANT SAFETY, > WHAT S INSIDE: Introduction 1. Nuisance Trips 2. Not Using the Full Functionality of the Control and Safety System 3. Human Error 4.

More information

SAFETY MANUAL SIL SWITCH AMPLIFIER

SAFETY MANUAL SIL SWITCH AMPLIFIER PROCESS AUTOMATION SAFETY MANUAL SIL SWITCH AMPLIFIER KF**-SR2-(Ex)*(.LB), KFD2-SR2-(Ex)2.2S ISO9001 2 With regard to the supply of products, the current issue of the following document is applicable:

More information

Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons

Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons 1 Introduction by W G Gulland (4-sight Consulting) The concept of safety integrity levels (SILs) was introduced during the

More information

Overview of Standards for CO Detection Products

Overview of Standards for CO Detection Products Overview of Standards for CO Detection Products Rev 1.1 INTEC Controls 12700 Stowe Dr., Suite 100 Poway, CA 92064 The Right Choice info@inteccontrols.com www.inteccontrols.com Phone: (858) 578-7887 Fax:

More information

Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9

Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen Safety instrumented systems in the oil and gas industry: Concepts and methods for safety and reliability assessments in design and

More information

A supplement to Control Engineering and PLANT ENGINEERING magazines ELECTRONICALLY REPRINTED FROM APRIL 2013

A supplement to Control Engineering and PLANT ENGINEERING magazines ELECTRONICALLY REPRINTED FROM APRIL 2013 A supplement to Control Engineering and PLANT ENGINEERING magazines ELECTRONICALLY REPRINTED FROM APRIL 2013 Alarm Management Tips for starting an alarm management program Using the ISA-18.2 standard can

More information

WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS)

WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS) WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS) Angela E. Summers, Ph.D., P.E., President, SIS-Tech Solutions, LP Bryan A. Zachary, Director, Product & Application

More information

SAFETY MANUAL SIL SMART Transmitter Power Supply

SAFETY MANUAL SIL SMART Transmitter Power Supply PROCESS AUTOMATION SAFETY MANUAL SIL SMART Transmitter Power Supply KFD2-STC4-(Ex)*, KFD2-STV4-(Ex)*, KFD2-CR4-(Ex)* ISO9001 2 3 With regard to the supply of products, the current issue of the following

More information

Fisher FIELDVUE Instrumentation Improving Safety Instrumented System Reliability

Fisher FIELDVUE Instrumentation Improving Safety Instrumented System Reliability Fisher FIELDVUE Instrumentation Improving Safety Instrumented System Reliability 2 Improving Safety Instrumented System Reliability Improving Safety Instrumented System Reliability 3 Safety Instrumented

More information

UFGS-28 33 00.00 40 (February 2011) UNIFIED FACILITIES GUIDE SPECIFICATIONS

UFGS-28 33 00.00 40 (February 2011) UNIFIED FACILITIES GUIDE SPECIFICATIONS USACE / NAVFAC / AFCEC / NASA UFGS-28 33 00.00 40 (February 2014) ----------------------------------- Preparing Activity: NASA Superseding UFGS-28 33 00.00 40 (February 2011) UNIFIED FACILITIES GUIDE SPECIFICATIONS

More information

Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance

Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance 1 Table of Contents Table of Figures...1

More information

Industrial IT System 800xA Satt Products and Systems

Industrial IT System 800xA Satt Products and Systems Industrial IT System 800xA Satt Products and Systems Overview Features and Benefits Reducing Time to Decision and Action: System 800xA Process Portal delivers the exact information, filters out noise to

More information

Asset Integrity - Process Safety Management

Asset Integrity - Process Safety Management Asset Integrity - Process Safety Management Commit to Process Safety Understand Hazards & Risks Manage Risk Learn from experience Process safety culture Compliance with standards Process safety competency

More information

Controlling Risks Risk Assessment

Controlling Risks Risk Assessment Controlling Risks Risk Assessment Hazard/Risk Assessment Having identified the hazards, one must assess the risks by considering the severity and likelihood of bad outcomes. If the risks are not sufficiently

More information

INTEGRATED MANAGEMENT SYSTEM MANUAL IMS. Based on ISO 9001:2008 and ISO 14001:2004 Standards

INTEGRATED MANAGEMENT SYSTEM MANUAL IMS. Based on ISO 9001:2008 and ISO 14001:2004 Standards INTEGRATED MANAGEMENT SYSTEM MANUAL IMS Based on ISO 9001:2008 and ISO 14001:2004 Standards Approved by Robert Melani Issue Date 30 December 2009 Issued To Management Representative Controlled Y N Copy

More information

Safety Manual BT50(T) Safety relay / Expansion relay

Safety Manual BT50(T) Safety relay / Expansion relay Safety Manual BT50(T) Safety relay / Expansion relay ABB Jokab Safety Varlabergsvägen 11, SE-434 39, Sweden www.abb.com/jokabsafety Read and understand this document Please read and understand this document

More information

Reliability Block Diagram RBD

Reliability Block Diagram RBD Information Technology Solutions Reliability Block Diagram RBD Assess the level of failure tolerance achieved RELIABIL ITY OPTIMIZATION System reliability analysis for sophisticated and large scale systems.

More information

U.S. Department of Energy

U.S. Department of Energy U.S. Department of Energy Washington, D.C. NOTICE DOE N 203.1 Approved: Expires: 06-02-01 SUBJECT: SOFTWARE QUALITY ASSURANCE 1. OBJECTIVES. To define requirements and responsibilities for software quality

More information

The Locomotive. Risk-Informed Fire Protection

The Locomotive. Risk-Informed Fire Protection Risk-Informed Fire Protection By Thomas F. Barry, P.E., and Theresa Stone, HSB Professional Loss Control, The Hartford Steam Boiler Fire Safety And Tight Budgets Fire safety specialists are meeting the

More information

3.0 Risk Assessment and Analysis Techniques and Tools

3.0 Risk Assessment and Analysis Techniques and Tools 3.0 Risk Assessment and Analysis Techniques and Tools Risks are determined in terms of the likelihood that an uncontrolled event will occur and the consequences of that event occurring. Risk = Likelihood

More information

SHE Standards. Safety, Health and Environmental Protection Standards

SHE Standards. Safety, Health and Environmental Protection Standards SHE Standards Safety, Health and Environmental Protection Standards Revision 2.01 December 2010, Valid from December 01, 2010 2 Contents SHE Standards Contents Foreword 3 1 Management Process 1.1 Policy,

More information

Alarm Management What, Why, Who and How?

Alarm Management What, Why, Who and How? Alarm Management What, Why, Who and How? Executive Summary The introduction of the DCS has made it possible to create alarms more easily and at a lower cost. Although software alarms are convenient, the

More information

PTP-Global. Alarm Management An Introduction

PTP-Global. Alarm Management An Introduction Alarm Management An Introduction Presentation Contents 1. The Old and the New 2. Importance of Alarm Management & Historical Context 3. Guides, Standards and Regulations 4. Benefits & Design of Alarm Management

More information