Safety Integrity Level (SIL) Assessment as key element within the plant design



Similar documents
Safety Integrity Level (SIL) Studies Germanischer Lloyd Service/Product Description

Critical IT-Infrastructure (like Pipeline SCADA systems) require cyber-attack protection

Michael A. Mitchell, Cameron Flow Control, DYNATORQUE Product Manager

Basic Fundamentals Of Safety Instrumented Systems

Designing an Effective Risk Matrix

Version: 1.0 Last Edited: Guideline

Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

A methodology For the achievement of Target SIL

Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems

Hazard Operability Studies (HAZOP) Germanischer Lloyd Service/Product Description

TÜV FS Engineer Certification Course Being able to demonstrate competency is now an IEC requirement:

Hardware safety integrity Guideline

On-Site Risk Management Audit Checklist for Program Level 3 Process

Defining and operationalizing the barrier concept

USING INSTRUMENTED SYSTEMS FOR OVERPRESSURE PROTECTION. Dr. Angela E. Summers, PE. SIS-TECH Solutions, LLC Houston, TX

Safety Assessment for a major hazard facility

FAQ SHEET - LAYERS OF PROTECTION ANALYSIS (LOPA)

PFSE Premier Functional Safety Engineering Safety Instrumented Systems Course Outline

Overview of IEC Design of electrical / electronic / programmable electronic safety-related systems

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A

Final Element Architecture Comparison

Safety Requirements Specification Guideline

by Paul Baybutt and Remigio Agraz-Boeneker Primatech Inc. 50 Northwoods Blvd. Columbus, Ohio, USA

Brochure. Hazard identification and risk assessment For the hazardous process industries

Mitigating safety risk and maintaining operational reliability

Fire and Gas Solutions. Improving Safety and Business Performance

Layer of protection analysis (LOPA) for determination of safety integrity level (SIL) stud. techn. Christopher A. Lassen

WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS)

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

S a f e t y & s e c u r i t y a l i g n m e n t b e n e f i t s f o r h i g h e r o p e r a t i o n a l i n t e g r i t y R A H U L G U P TA

Safety controls, alarms, and interlocks as IPLs

Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September Answers for industry.

SAFETY MANUAL SIL Switch Amplifier

Systems Assurance Management in Railway through the Project Life Cycle

What is CFSE? What is a CFSE Endorsement?

Master Class. Electrical and Instrumentation (E &I) Engineering for Oil and Gas Facilities

ESTIMATION AND EVALUATION OF COMMON CAUSE FAILURES IN SIS

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

Alarm Management Standards Are You Taking Them Seriously?

Model RFQ for Performance Based Fire and Gas System Design Basis Development and Validation. Revision 0, 7 June 2011

3.4.4 Description of risk management plan Unofficial Translation Only the Thai version of the text is legally binding.

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

GUIDELINES FOR THE CONDUCT OF OIL, GAS & PETROCHEMICAL RISK ENGINEERING SURVEYS

1997 CCPS Conference and Workshop Proceedings Layer of Protection Analysis: A New PHA Tool After HAZOP, Before Fault Tree Analysis

The SPE Foundation through member donations and a contribution from Offshore Europe

Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance

Guidance note. Risk Assessment. Core concepts. N GN0165 Revision 4 December 2012

DeltaV SIS for Burner Management Systems

CYBER SECURITY RISK ANALYSIS FOR PROCESS CONTROL SYSTEMS USING RINGS OF PROTECTION ANALYSIS (ROPA)

SAFETY MANUAL SIL RELAY MODULE

IEC Overview Report

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

Fisher FIELDVUE Instrumentation Improving Safety Instrumented System Reliability

Control of Major Accident Hazards

Select the Right Relief Valve - Part 1 Saeid Rahimi

Reduce Risk with a State-of-the-Art Safety Instrumented System. Executive Overview Risk Reduction Is the Highest Priority...

Controlling Risks Risk Assessment

Risk Matrix as a Tool for Risk Assessment in the Chemical Process Industry

A PROGRESSIVE RISK ASSESSMENT PROCESS FOR A TYPICAL CHEMICAL COMPANY: HOW TO AVOID THE RUSH TO QRA

Version: 1.0 Latest Edition: Guideline

Gas Standards and Safety. Guidance Note GAS INSTALLATIONS SUPPLIED FROM BIOGAS FACILITIES - ACCEPTANCE REQUIREMENTS GAS ACT 2000

What Now? More Standards for Safety and Regulatory Compliance

Viewpoint on ISA TR Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

PSAC/SAIT Well Testing Training Program Learning Outcomes/Objectives Level D

SAFETY MANUAL SIL SMART Transmitter Power Supply

Using the Linear Risk Integral (LRI) approach in pipeline QRA for a better application of risk mitigation measures

An analysis of common causes of losses in the Oil, Gas & Petrochemicals Industries

FUNCTIONAL SAFETY CERTIFICATE

PROJECT DESIGN DELIVERABLES SEQUENCE (PDD)

Process Safety Management Training

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC AND IEC IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF

A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. March Valves

Functional safety in process instrumentation with SIL rating Questions, examples, background

PROCESS SAFETY CENTER

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

3.0 Risk Assessment and Analysis Techniques and Tools

Events Calendar. ABB Consulting Seminar, training course, conference, webinar and forum programme 2016

> THE SEVEN GREATEST THREATS TO PROCESS PLANT > WHAT S INSIDE: SAFETY, AND HOW TO MANAGE THEM WHITE PAPER

TABLE OF CONTENT

THE GAS UTILITIES S AND THE JAPAN GAS ASSOCIATION S EFFORTS TO IMPROVE SAFETY

Pedestrian Struck By Forklift

The ABB i-bus KNX Room Master Concept Your first step into the KNX world

Directory. Maintenance Engineering

Valves and Solenoid Valves testet and certified byrheinhold & Mahla according to IEC 61508/61511

Functional Safety Management: As Easy As (SIL) 1, 2, 3

THEME Competence Matrix - Electrical Engineering/Electronics with Partial competences/ Learning outcomes

Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator

Brochure. Projects and engineering Engineering expertise to enhance your operations

Nitrogen Blanketing for Methanol Storage and Transportation

DET NORSKE VERITAS TM

ISA108 Intelligent Device Management (IDM)

HSE information sheet. Fire and explosion hazards in offshore gas turbines. Offshore Information Sheet No. 10/2008

Fault Tree Analysis (FTA) and Event Tree Analysis (ETA)

Practical Implementation of Safety Management Systems at Unregulated Upstream Oil & Gas Facilities

TABLE OF CONTENT

Transcription:

Safety Integrity Level (SIL) Assessment as key element within the plant design Tobias WALK ILF Consulting Engineers GmbH Germany Abstract Special attention has to be provide to safety instrumented functions during the plant design and their classification within the safety integrity levels (SIL). The classification has a direct effect on the plant safety, it s operability as well as on the investment costs. During the pipeline design phase various safety review studies - e.g. Hazards and Operability Analysis (HAZOP), Quantitative Risk Analysis (QRA), Project Health, Safety, Environmental Review (PHSER) - are required and the determination of the SIL is ranked as one element within the safety aspects design workflow. The approach how to determine the proper integrity level is demonstrated in detail on risk graphs. The risk graph approach is not only limited to safety aspects as it is more and more common to use these also for environmental and commercial aspects. This requires a proper calibration of the risk graphs which big oil & gas operators define within their company standards. The article provides examples for a SIL review assessment including its reporting and flags the required input data. It refers to the relevant norms and standards and explain how pipeline operators are calibrating the risk graphs for the environmental and commercial aspects within their company standards. ILF Consulting Engineers is involved as a designer within many international Oil & Gas projects for more than 40 years. Acting as an independent owners engineer various types of plant safety systems had to be specified, procured and commissioned depending on the project specific process conditions and environmental requirements. 1. Introduction The boundary conditions for the safe operation of an industrial plant are already identified and mitigated within the project define phase. During the Basic Design (or Front-End Engineering & Design) of an industrial plant all safeguards and Layers of Protection needs to be properly identified and defined. The various process protection layers are illustrated within the figure 1 and 2. The Safety Instrumented Function (SIF) forms the third protection layer. The SIF is required to interfere in case the basic process control system as well as the process alarms could not bring back the process values under normal control. Within that respect the SIF initiates on critical process demand a unit trip to avert further process escalation and mitigate hazardous process conditions. Therefore an adequate and unambiguous SIF definition is very important. \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 1 of 8

Process Plant Basic Process Control System Process Alarms Safety Instrumented Functions SIF Mechanical Protective Systems Incident & Emergency Management Procedures Figure 1: Process Protection Layers The SIF definition is mandatory necessary and important for every Safety Integrity Level (SIL) classification. An incorrect definition easily leads to over or under engineering. Risk Reduction by Safety Integrated Function (SIF) Figure 2: Risk Reduction by Process Protection Layers \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 2 of 8

Obviously, the intention of a safety function is to prevent or mitigate the consequences of a hazardous event. Therefore, it needs to function properly and it needs to be reliable. Adequate definition of a safety function can only be achieved if a full understanding of its demand scenarios, design intent and consequences of failure on demand are known: 1. The demand scenario describes the initiating events (e.g. failure of control instruments or failure of equipment), which will ultimately lead to a demand on the SIF. 2. The design intent specifies the released hazard to be averted (e.g. loss of containment). 3. The consequences of failure on demand describe the ultimate consequences (of a SIF failure) and the way they are achieved. Process demand scenario design intend: prevent released hazard consequences of failure on demand under control trip event deviation / disturbance out of control SIF hazardous situation released hazard hazardous event consequences Figure 3: SIF designed to stop / avert a specific hazardous event During the Hazard and Operability (HAZOP) study potential out-of-control process situations are identified, by analyzing variations of process parameter values (e.g. more / less / none / negative pressure). Variations can cause a potential hazardous situation which can lead to a hazardous event (e.g. leakage of toxic products, explosion, fire, etc.). The consequences of the hazardous event can have an impact on human safety, environmental pollution, damage to the installation, production loss and other negative effects. As a result the HAZOP study identifies the required safeguards for the process. \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 3 of 8

In a SIL classification the demand scenario frequency and the severity of the consequences of the hazardous event are used to establish the Safety Integrity Level (see also the generic norm for safety IEC 61508 and the adapted safety norm for process industry IEC 61511), which determines the required level of risk reduction. The SIL indicates the minimum probability that the equipment will successfully do what it is desired to do when it is called upon to do it. As soon as the required risk reduction is known, it can be converted into a Probability of Failure on Demand (PFD) which is required for the SIF and which results into the SIL. Safety Integrity Level (SIL) Probability of Failure on Demand (PFD) Probability of Success on demand Risk Reduction Factor (RRF) 4 > 10-5 to < 10-4 99,99 99,999 % 10.000 100.000 3 > 10-4 to < 10-3 99,9 99,99 % 1.000 10.000 2 > 10-3 to < 10-2 99 99,9 % 100 1.000 1 > 10-2 to < 10-1 90 99 % 10 100 Table 1: SIL Definition (for Low Demand Application) as per IEC 61508-1 The norms are focused primary on personnel safety and do not provide any quantitative values for tolerable risk. The tolerable risk has to be defined by company standards and/or local authorities. Many companies have developed their own internal standards which provide the necessary quantitative values for the tolerable risk. Furthermore these company standards are not only focused on personnel safety issues as they adapt the same risk reduction methods also for environmental issues (Environmental Integrity Level, EIL) and asset loss issues (Asset Integrity Level, AIL). Obviously, it is of key importance that the allocated safeguarding measures can realize the required level of risk reduction. Therefore, their functionality and their reliability need to be defined properly. \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 4 of 8

2. Example Control Room SIF loop Plant Area High Pressure Sensor Mechanical Relief Valve to Flare Gas ESD Valve Separator Well Fluids Operator Interface Shutdown System Logic Solver Water Oil Figure 4: SIF loop to protect high pressure event within separator vessel The pressure sensor of the separator vessel detects high pressure that may lead to the hazardous event rupture of the separator and to the consequences oil and gas leakage to the environment which could ignite. The shutdown system receives the pressure sensor trip signal and close the ESD Valve on the inlet side. The SIF consists of the entire loop, the high pressure sensor, the Shutdown System and the ESD valve actuator. The entire SIF loop needs to be implemented in accordance with the defined SIL. 3. SIF definition process Based on experience, based on the initial basic design, the process design is detailed including protection systems, safety instrumented functions, mechanical devices, mitigating measures, etc. A HAZOP study has been carried out already to verify if all protection layers are provided and, if required, additional protection layers needs to be added. As far as SIF are concerned the design is mainly reflected in Piping & Instrumentation Diagrams (P&ID) and Cause & Effect Charts (C&E). Therefore, the starting point of a SIL assessment is often a set of P&ID and C&E, detailing the SIF envisaged. It is an interdisciplinary team approach to derive from these information the hazardous situations and events that the SIF intent to detect and prevent. Those \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 5 of 8

hazardous situations are often not specifically defined in design memoranda and HAZOP reports. The interdisciplinary team mainly consists of a safety engineer, process engineer, operation expert, instrumentation and control engineer and other skilled people (e.g. machinery expert) who can distribute on this exercise. It is common practice to nominate an independent experienced chairman for the SIL assessment who is not directly involved within the project. The chairman will guide the exercise and generate the SIL assessment report. There are two common methods for selection of the Integrity Level (IL): - Risk Graph method: it relates consequence severities to demand rates considering possibilities of avoiding the hazard (one risk graph for each consequence category). Using the risk graph is a semi-quantitative method. It can be applied quickly to large numbers of SIFs, but it is a conservative approach. Figure 5: Risk Graph from IEC 61508 / 61511 - Layer Of Protection Analysis (LOPA) method: to be conducted for all SIFs with an IL of 3 or higher. The LOPA method is more complex that the Risk Graph \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 6 of 8

method and it can mitigate Integrity Level after analysis of protection layers. Typically the LOPA method reduces the IL category by 1 class compared with the Risk Graph method. In case the LOPA method result is still indicating an IL 3 or 4 a detailed quantitative analysis would be required which is using fault trees to estimate the frequency of the undesired event and event trees to understand all possible outcomes including their frequencies. The use of the above mentioned methods are illustrated within the following flow chart (refer to figure 6). Figure 6: usage of IL methods The results of all identified Integrity Levels (for Safety, Environmental and Asset Loss) are compared with each other and the most stringent has to be chosen for the SIF. The SIL assessment report is documenting all the findings including the description of the description of the demand scenarios and consequences of failures on demand of each SIF. The report will be updated during the entire lifetime of the plant and it will be also used to determine the proper maintenance cycles for all SIF loops as more frequent maintenance cycles would have a positive effect on the probability of success on demand. \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 7 of 8

CV of the author As a native German, Tobias Walk studied Electrical Engineering and Information Technology at the Technical University in Munich with special focus on Automation and Control Systems. In 1996 he received his Diploma and he started 1997 to work as project engineer for ILF Consulting Engineers within the Oil & Gas market. Over the past 13 years, he has held a number of positions of increasing responsibility within ILF. Since 2008 he is the ILF Director for Electrical Engineering, Automation and IT-Systems. Furthermore, end of 2009 he was nominated as Corporate Director for the ILF Russia Oil & Gas activities. He has been deeply involved as owners engineer within the design and commissioning of various international pipeline projects (amongst others: BTC Crude Oil Pipeline, ADCOP Habshan - Fujairah Pipeline, Bourgas-Alexandroupolis Crude Oil Pipeline, ESPO Pipeline, Revamp of Janaf Crude Oil Pipeline) during the last decade. Within these projects he was also responsible for the design of various process control and safety systems. Furthermore he was involved as an external expert or chairman within various SIL review workshops to identify and validate the required integrity level. Contact Tobias Walk ILF Consulting Engineers GmbH Werner-Eckert-Street 7 D-81829 Munich phone: +49 (0)89 25 55 94 244 fax: +49 (0)89 25 55 94 44 244 email: Tobias.Walk@ilf.com \\demucsfs002\projects\xx01\xx0102\sv&doc\ilfm_ad\xx0102-ilfm-ad-0110-rev-0.doc Page 8 of 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information