Welcome to PHOENIX CONTACT

Similar documents
Basic Fundamentals Of Safety Instrumented Systems

Understanding Safety Integrity Levels (SIL) and its Effects for Field Instruments

Effective Compliance. Selecting Solenoid Valves for Safety Systems. A White Paper From ASCO Valve, Inc. by David Park and George Wahlers

SIL manual. Structure. Structure

Failure Modes, Effects and Diagnostic Analysis

A methodology For the achievement of Target SIL

Final Element Architecture Comparison

Hardware safety integrity Guideline

Selecting Sensors for Safety Instrumented Systems per IEC (ISA )

Machineontwerp volgens IEC 62061

SAFETY MANUAL SIL SMART Transmitter Power Supply

SAFETY MANUAL SIL RELAY MODULE

Overview of IEC Design of electrical / electronic / programmable electronic safety-related systems

MXa SIL Guidance and Certification

Safety Requirements Specification Guideline

SAFETY MANUAL SIL Switch Amplifier

FMEDA and Proven-in-use Assessment. Pepperl+Fuchs GmbH Mannheim Germany

Viewpoint on ISA TR Simplified Methods and Fault Tree Analysis Angela E. Summers, Ph.D., P.E., President

Version: 1.0 Latest Edition: Guideline

IEC Functional Safety Assessment. Project: K-TEK Corporation AT100, AT100S, AT200 Magnetostrictive Level Transmitter.

SAFETY MANUAL SIL SWITCH AMPLIFIER

WELLHEAD FLOWLINE PRESSURE PROTECTION USING HIGH INTEGRITY PROTECTIVE SYSTEMS (HIPS)

Value Paper Author: Edgar C. Ramirez. Diverse redundancy used in SIS technology to achieve higher safety integrity

Safety manual for Fisherr ED,ES,ET,EZ, HP, or HPA Valves with 657 / 667 Actuator

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A

DeltaV SIS for Burner Management Systems


Functional safety. Essential to overall safety

IEC Functional Safety Assessment. ASCO Numatics Scherpenzeel, The Netherlands

IEC Overview Report

Michael A. Mitchell, Cameron Flow Control, DYNATORQUE Product Manager

Chemical Accidents. Dr. Omid Kalatpour CEOH

Version: 1.0 Last Edited: Guideline

Safety Integrity Level (SIL) Assessment as key element within the plant design

Safety Integrated. SIMATIC Safety Matrix. The Management Tool for all Phases of the Safety Lifecycle. Brochure September Answers for industry.

Safety Manual BT50(T) Safety relay / Expansion relay

Why SIL3? Josse Brys TUV Engineer

SAFETY LIFECYCLE WORKBOOK FOR THE PROCESS INDUSTRY SECTOR

University of Paderborn Software Engineering Group II-25. Dr. Holger Giese. University of Paderborn Software Engineering Group. External facilities

TÜV FS Engineer Certification Course Being able to demonstrate competency is now an IEC requirement:

Controlling Risks Safety Lifecycle

Guidelines. Safety Integrity Level - SIL - Valves and valve actuators. March Valves

SIL in de praktijk (Functional Safety) Antwerpen Compliance of Actuators and Life Cycle Considerations. SAMSON AG Dr.

Fisher FIELDVUE Instrumentation Improving Safety Instrumented System Reliability

PABIAC Safety-related Control Systems Workshop

Process Safety & Barrier Management. Lessons from major hazard industries

FUNCTIONAL SAFETY CERTIFICATE

Planning Your Safety Instrumented System

I requisiti delle Norme IEC EN Ed 2: 2010 e IEC EN Ed. 2: 2016

Integrated Fire and Gas Solution - Improves Plant Safety and Business Performance

Functional Safety Management: As Easy As (SIL) 1, 2, 3

Safety Integrity Level (SIL) Studies Germanischer Lloyd Service/Product Description

Mitigating safety risk and maintaining operational reliability

Safety Culture Lessons from CSB and Other Major Incident Investigations

Methods of Determining Safety Integrity Level (SIL) Requirements - Pros and Cons

Logic solver application software and operator interface

How to design safe machine control systems a guideline to EN ISO

Application of IEC and IEC in the Norwegian Petroleum Industry

Performance Based Gas Detection System Design for Hydrocarbon Storage Tank Systems

The SISTEMA Cookbook 4

A PROCESS ENGINEERING VIEW OF SAFE AUTOMATION

HSE information sheet. Fire and explosion hazards in offshore gas turbines. Offshore Information Sheet No. 10/2008

SOFTWARE-IMPLEMENTED SAFETY LOGIC Angela E. Summers, Ph.D., P.E., President, SIS-TECH Solutions, LP

Lessons from Offshore Accidents

SIS Smart SIS 15 minutes

3.4.4 Description of risk management plan Unofficial Translation Only the Thai version of the text is legally binding.

Certification Report of the STT25S Temperature Transmitter

APPLICATION OF IEC AND IEC IN THE NORWEGIAN PETROLEUM INDUSTRY

TÜV Rheinland Functional Safety Program Functional Safety Engineer Certification

Vetting Smart Instruments for the Nuclear Industry

Safety Integrity Levels

Hydraulic control unit series

ESTIMATION AND EVALUATION OF COMMON CAUSE FAILURES IN SIS

GUIDANCE FOR DEVELOPMENT OF SPILL AND SLUG PREVENTION CONTROL PLANS AND FACILITIES FOR THE CITY OF ATTLEBORO SEWER USERS

Reduce Risk with a State-of-the-Art Safety Instrumented System. Executive Overview Risk Reduction Is the Highest Priority...

Functional safety in process instrumentation with SIL rating Questions, examples, background

Mobrey Magnetic Level Switches

ELECTROTECHNIQUE IEC INTERNATIONALE INTERNATIONAL ELECTROTECHNICAL

Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9 Mary Ann Lundteigen. Doctoral theses at NTNU, 2009:9

Reducing Steps to Achieve Safety Certification

Alarm Management Standards Are You Taking Them Seriously?

Take a modern approach to increase safety integrity while improving process availability. DeltaV SIS Process Safety System

What is CFSE? What is a CFSE Endorsement?

High Availability and Safety solutions for Critical Processes

OFFSHORE OIL & GAS SECTOR STRATEGY 2014 TO 2017

Process Safety Management of Highly Hazardous & Explosive Chemicals. Management of Change

Safe Torque Off Option (Series B) for PowerFlex 40P and PowerFlex 70 Enhanced Control AC Drives

Hazard Operability Studies (HAZOP) Germanischer Lloyd Service/Product Description

Valves and Solenoid Valves testet and certified byrheinhold & Mahla according to IEC 61508/61511

Backup Fuel Oil System Decommissioning & Restoration Plan

Intelligent Solutions DTS Applications LNG Facilities

RECOMMENDED GUIDELINES FOR THE APPLICATION OF IEC AND IEC IN THE PETROLEUM ACTIVITIES ON THE NORWEGIAN CONTINENTAL SHELF

Funktionale Sicherheit IEC & IEC 62443

PTP-Global. Alarm Management An Introduction

IEC Functional Safety Assessment. United Electric Controls Watertown, MA USA

Practical Examples of Fire Protection Engineering Practices and Technology for PSM

An introduction to Functional Safety and IEC 61508

Transcription:

Welcome to PHOENIX CONTACT Basics of Functional Safety in Process Industry A practical approach to IEC 61511 / EN61511 (SIL) And safety is a life time commitment!! 2 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 1

AGENDA 1. Introduction 2. Why do we care for Functional Safety? Examples of historical accidents in process industry Short overview of standards and regulations 3. Identification and Quantification of Risks What is a risk? Risk identification (HAZOP) Risk Analysis How to quantify the risk? 4. Parameter for SIL-Classification Types of failure HFT, SFF, PFD, λ, MTBF SIF / SIS SFF Analysis / PFD 3 Basics of Functional Safety in Process Industry W. Grote Just one week news from the paper (1) 07.10 Canada 050710-04 Sarnia, Ontario. Suncor Energy Products Inc. A fire broke out but was contained to a process heater in the refinery's naphtha pretreating unit.... 07.10 Japan 050710-05 Ehime Prefecture, on the island of Shikoku. Shikoku Electric Power Co Inc. The Ikata Nuclear Power Plant experienced a vapour leak, but the leak was contained and there was no danger of radiation escaping... 07.12 USA 050712-06-A Naturita, CO. EnCana Oil & Gas. A natural gas well about 30km (20 miles) west of Naturita leaked, sending gas into the air over southern Colorado, prompting flight restrictions and forcing EnCana to evacuate some of its employees from the area.... 07.12 USA 050712-09 Ponder, Denton County, TX. Lightning apparently struck a chemical tank at a gas well, starting a fire.... 4 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 2

Just one week news from the paper (2) 07.12 USA 050712-13-A North Slope, AK. ConocoPhillips Alaska Inc. A leaky well casing reportedly caused a spill of about 4,000 litres (1,050 US gallons) of diesel fuel and an unknown amount of salty produced water at the Kuparuk oil field.... 07.12 USA 050712-14 Fort Atkinson, WI. NASCO. According to the Fort Atkinson Fire Chief, petroleum-based products fuelled a fire that destroyed one of two main buildings at a plastics manufacturing plant.... 07.13 USA 050713-05 Commerce City, CO. Suncor Energy USA. A gasoline leak in an underground pipeline forced the evacuation of a refinery and a wastewater treatment plant.... 07.13 Mexico 050713-12 Gulf coast port of Coatzacoalcos, in eastern Veracruz state. Pemex. Mexico's state-owned oil company, Pemex, said two researchers were killed in a pipeline explosion.... 5 Basics of Functional Safety in Process Industry W. Grote Just one week news from the paper (3) 07.14 China 050714-08 Taiyuan, Shanxi Province. Two people were killed in an oil tanker explosion in a suburban village.... 07.14 Norway 050714-11 Oslo. Shell. The E18, the main highway leading to Oslo from the west, was closed to all traffic for nearly eight hours after an explosion at a Shell gas station.... 07.14 Netherlands 050714-14 Rotterdam, Rotterdam. Royal Dutch/Shell. The 416,000 bpd Rotterdam refinery, the largest in Europe and one of the biggest in the world, shut down at 11.00 because of a power outage.... 07.15 USA 050715-03 Pearland, Brazoria County, TX. A fuel tank caught fire and exploded, possibly after being struck by lightning.... 07.15 USA 050715-08 Brownsville, TX. Texas Gas Co. A gas leak prompted street closures around the Port of Brownsville, but did not pose any health dangers.... 67 incidents in 1 week ; this selection petroleum/gas/oil : 13 incidents 6 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 3

What we want to avoid! Major Incidents Flixborough, UK 1974 Chemical plant explosion killed 28 people and seriously injured 36 Start to change the laws for chemical processes to increase the safety of the industry 7 Basics of Functional Safety in Process Industry W. Grote What we want to avoid! Major Incidents Piper Alpha, UK 1988 Oil rig explosion and fire Killed 167 men. Total insured loss was about 1.7 billion (US$ 3.4 billion) Biggest offshore disaster in history 15 years after Flixborough, UK 1974! 8 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 4

What we want to avoid! Major Incidents Buncefield UK, December 2005 UK's biggest peacetime blaze Handled around 2.37 million metric tonnes of oil products a year Disaster struck early in the morning when unleaded motor fuel was pumped into storage tank Safeguards on the tank failed and none of the staff on duty realized its capacity had been reached 9 Basics of Functional Safety in Process Industry W. Grote What we want to avoid! Major Incidents Texas City, Texas 2005 Oil refinery explosion The third largest refinery in the U.S. Killed 15 people 10 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 5

What we want to avoid! Major Incidents Deepwater Horizon, Gulf of Mexico, April 2010 Extend of damage: HSE; 11 Workers missing Economic damage: Sept 2010: 11 Billion $ Environmental damage: mid June 2010 approximately 5 million barrels of oil spilled 11 Basics of Functional Safety in Process Industry W. Grote History of functional safety standards 1974 1976 Flixborough (U.K.) Seveso (Italy) Vapor cloud TCDD cloud explosion Accidents Law / rules 1982 Seveso directive EC 1984 Bhopal (India) MIC cloud (US company) 1984 CIMAH HSE U.K. 1989 Piper Alpha (U.K.) Oil platform fire 1992 PSM / PSA OHSA U.S. 1999 Seveso directive II EC Standards 1989 DIN Germany 1996 ISA S84 U.S. 1999 IEC 61508 2003 IEC 61511 1970 1980 1990 2000 12 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 6

IEC 61508 and Sector Specific Standards IEC 61508: 1999 Functional Safety of E/E/PE Safety-Related Systems Basic Standard Sector Specific Standards IEC 61800-5-2 Electrical Drives IEC 60601 Medical Devices IEC 62061 Machines IEC 61513 Nuclear Sector IEC 61511 Process Industry Other Sectors EN 50128 Railway Apps. IEC 50156 Furnaces 13 Basics of Functional Safety in Process Industry W. Grote AGENDA 1. Introduction 2. Why do we care for Functional Safety? Examples of historical accidents in process industry Short overview of standards and regulations 3. Identification and Quantification of Risks What is a risk? Risk identification (HAZOP) Risk Analysis How to quantify the risk? 4. Parameter for SIL-Classification Types of failure HFT, SFF, PFD, λ, MTBF SIF / SIS SFF Analysis / PFD 14 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 7

Overall Safety Lifecycle 1 2 Concept Overall scope definition 3 Hazard and risk analysis 4 Overall safety requirements 5 Overall Safety requirements allocation 6 Overall operation & maintenance planning Overall planning 7 Overall safety validation planning 8 Overall installation & commissioning planning 9 10 E/E/PE system safety requirements specification E/E/PE safety-related systems Realisation (see E/E/PE system safety lifecycle) Other risk 11 reduction measures Specification and Realisation 12 Overall installation & commissioning 13 Overall safety validation Back to appropriate overall safety lifecycle phase 14 Overall operation, maintenance & repair 15 Overall modification and retrofit Source: IEC 61508-1 ED2.0 2010 fig. 2 16 Decommissioning or disposal 15 Basics of Functional Safety in Process Industry W. Grote Overall Safety Lifecycle 1 2 Concept Overall scope definition 3 Hazard and risk analysis 4 Overall safety requirements 5 Overall Safety requirements allocation 6 Overall operation & maintenance planning Overall planning 7 Overall safety validation planning 8 Overall installation & commissioning planning 9 10 E/E/PE system safety requirements specification E/E/PE safety-related systems Realisation (see E/E/PE system safety lifecycle) Other risk 11 reduction measures Specification and Realisation 12 Overall installation & commissioning 13 Overall safety validation Back to appropriate overall safety lifecycle phase 14 Overall operation, maintenance & repair 15 Overall modification and retrofit Source: IEC 61508-1 ED2.0 2010 fig. 2 16 Decommissioning or disposal 16 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 8

What is a Hazardous Situation? A hazardous situation can be caused by a potential source of danger. 17 Basics of Functional Safety in Process Industry W. Grote What is a Risk? Combination of the probability of occurrence of harm and the severity of that harm. (IEC 61508-4, 3.1.6) Process risk R High Risk Probability Low Risk Lines of equal risk Severity of harm 18 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 9

Example (oil storage) Level Control LC controlroom Valve LCV Let s have a look at this Control valve. How can it fail? 19 Basics of Functional Safety in Process Industry W. Grote Is there a risk? Failure modes of control valve Failure Sticky Cavitation Passing Leaking gland Noise Corrosion Closing Not closing Consequence Loss of control Damage Integrity HSE Spill small HSE Damage valve Major leak Spurious Trip (random error) Hazard (HSE) 20 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 10

Examples for deviation Guideword + Parameter = Deviation No amount / flow No flow High pressure High pressure Low level Low level High temperature High temperature Guideword + Parameter = Deviation 21 Basics of Functional Safety in Process Industry W. Grote Example (oil storage) Level Control LC Valve LCV No Guideword Deviation Reason Effect/Impact Take action 1. 2. High High level Stuck open High Level High level protection High High level Defective level control High Level High level protection 22 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 11

Result, HAZOP for High Level protection Example (oil storage) Level Control LC Level LZA HH Valve LCV Valve LZV SIF SIF (Safety Instrumented Function) 23 Basics of Functional Safety in Process Industry W. Grote What is a HAZOP - Analysis? HAZOP (Hazard and operability): - Prognosis - Locating - Estimation - Counteractions 24 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 12

What has to be protected? Society Plant owner People outside plant Process RISK Environment and inside plant RISK Assets Off-spec production Corporate image 25 Basics of Functional Safety in Process Industry W. Grote Risk Reduction Hazard Hazard Rate Rate Risk without any Protection Demand Tolerable Risk?? Reduction DCS Low 26 Basics of Functional Safety in Process Industry W. Grote Consequence Consequence Wilfried Grote 13

Process risk Residual risk level Tolerable or Acceptable risk level sensor(s) logic solver final element(s) relief valves rupture disks break pins Required overall risk reduction piping classes control systems operational envelopes Inherent process risk level (not tolerable) SIS (functional safety) Mechanical Design Process (EUC) e.g. 0.6x0.00 e.g. 0.00 e.g. 0. e.g. 0.01 e.g. 0.1 Analysed Process Risk 27 Basics of Functional Safety in Process Industry W. Grote SIL classification (Personal Safety) Level Control Plant information Tank is within 25 m of a guard house There is always one person present in the guard house (24/7) Operator visits tank during 5 min. per shift The oil is a light crude that produces easy ignitable gasses. There are electrical pumps in the vicinity. Valve LCV Level LZA HH Valve LZV LC rd = radar Let s classify the risk and thus the required risk reduction!! 28 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 14

Risk graph SIL2 Risk graph for injury to persons in accordance with IEC 61508 / IEC 61511 29 Basics of Functional Safety in Process Industry W. Grote What is SIL? IEC 61511/61508 describes four safety levels that describe the measures for handling risks from plants or plant components. The Safety Integrity Level (SIL) is a relative measure of the probability that the safety system can correctly provide the required safety functions for a given period of time. The higher the safety integrity level (SIL), the greater the reduction of the risk. 30 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 15

Safety Integrity Levels (SIL) SIL Safety Integrity Levels SIL 1 SIL 2 SIL 3 SIL 4 Demand mode RRF Risk reduction factor 100 to 10 1000 to 100 10000 to 1000 100000 to 10000 Through the SIL level we define how good the safety instrumented function (SIF) has to be!! The SIL level is defined for the total set of components of the safety instrumented function (SIF). 31 Basics of Functional Safety in Process Industry W. Grote Pipe to pipe Pipe to pipe Process pipe Process pipe Input A A D D Logic solver Protection Protection logic logic Output O O Vent. Air Safety valve Transmitter Sensors Final elements 32 Basics of Functional Safety in Process Industry W. Grote Safety Instrumented Function SIF Wilfried Grote 16

AGENDA 1. Introduction 2. Why do we care for Functional Safety? Examples of historical accidents in process industry Short overview of standards and regulations 3. Identification and Quantification of Risks What is a risk? Risk identification (HAZOP) Risk Analysis How to quantify the risk? 4. Parameter for SIL-Classification Types of failure HFT, SFF, PFD, λ, MTBF SIF / SIS SFF Analysis / PFD 33 Basics of Functional Safety in Process Industry W. Grote Types of Failure Two reasons for the loss of the safety function: Systematic failure (controllable), for example: - measurement range wrong - Sensor/ Actuator off permitted operating temperature - wrong Sensor for the medium Random failure (uncontrollable), for example: - Hardware failure - Failure of sensor 34 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 17

Overall Safety Lifecycle 1 2 Concept Overall scope definition 3 Hazard and risk analysis 4 Overall safety requirements 5 Overall Safety requirements allocation 6 Overall operation & maintenance planning Overall planning 7 Overall safety validation planning 8 Overall installation & commissioning planning 9 10 E/E/PE system safety requirements specification E/E/PE safety-related systems Realisation (see E/E/PE system safety lifecycle) Other risk 11 reduction measures Specification and Realisation 12 Overall installation & commissioning 13 Overall safety validation Back to appropriate overall safety lifecycle phase 14 Overall operation, maintenance & repair 15 Overall modification and retrofit Source: IEC 61508-1 ED2.0 2010 fig. 2 16 Decommissioning or disposal 35 Basics of Functional Safety in Process Industry W. Grote example (demand mode, PFD) Protective function: tank with overfill protection LZA Safety function is only activated in the case of abnormal circumstances. Level LZA HH Level Control LC rd = radar Valve LCV Valve LZV SIF 36 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 18

HFT (Hardware Fault Tolerance) Dangerous fault tolerance level : HFT = 0 1 channel: one mistake means the loss of safety HFT = 1 Redundant version: works in presence of 1 fault... 37 Basics of Functional Safety in Process Industry W. Grote Safety Instrumented Function (Definition Dangerous Failure) NO Fail HH OK HH TRIP Dangerous Failure HH OK DANGER HH OK 38 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 19

Demands from IEC standards: 1. Hardware Fault Tolerance 2. Safe Failure Fraction 39 Basics of Functional Safety in Process Industry W. Grote Demands on the system architecture (acc. IEC 61511) Requirement for the sensors, actuators, non-progr. Logic Systems (solvers) SIL minimum hardware fault tolerance 1 0 2 1 3 2 4 It sets out specific requirements. See IEC 61508 40 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 20

Fault Tolerance Example Sensor 1oo1 HFT = 0 1oo1 SE Digital input Controller 1oo1 Logic 1oo1 The reaction is triggered and the sensor detects a dangerous state. (no Dangerous Fault Tolerance requirement) High probability of a dangerous failure 41 Basics of Functional Safety in Process Industry W. Grote Fault Tolerance Example Sensor 1oo2 HFT = 1 Controller 1oo2 SE SE Digital input Digital input 1oo2 Logic 1oo2 The reaction is triggered when one of the two sensors detects a dangerous state. (DFT Dangerous Fault Tolerance) Significant reduction of the probability of a dangerous defect 42 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 21

Hardware Fault Tolerance (HFT) Example: In a system with a hardware fault tolerance of 1, where the failure of a component, given the proper function of security remain. 1oo2 1oo2 Definition: Voting How many sensors or subsystems do I need to reach a safe condition? 43 Basics of Functional Safety in Process Industry W. Grote Fault Tolerance Example Sensor 1oo3 HFT = 2 SE Digital input Controller 1oo3 SE SE Digital input Digital input 1oo3 Logic 1oo3 The reaction takes place when one of the three sensors detect a dangerous condition. (DFT Dangerous Fault Tolerance) Very high reduction of the probability of a dangerous failure 44 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 22

Safety Instrumented Function (Definition Dangerous & Safe Failure)) NO Fail HH OK HH TRIP Dangerous Failure HH OK DANGER HH OK Safe Failure NUISANCE HH TRIP HH TRIP 45 Basics of Functional Safety in Process Industry W. Grote Fault Tolerance Example Sensor 2oo2 HFT = 0 Controller SE Digital input 2oo2 2oo2 SE Digital input Logic 2oo2 - The reaction takes place when both sensors detect a dangerous condition. (SFT Safe Fault Tolerance) Lower probability of a random error (spurious trip), which means we have a higher availability of the plant Higher probability of a dangerous failure 46 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 23

Fault Tolerance Example Sensor 2oo3 HFT = 1 SE Digital input Controller 2oo3 SE SE Digital input Digital input 2oo3 Logic 2oo3 The reaction takes place when two of the three sensors detect a dangerous condition. (DFT & SFT) Significant reduction of the probability of a dangerous defect (has an error tolerance of 1) Lower probability of a random error (spurious trip) 47 Basics of Functional Safety in Process Industry W. Grote Summary Architectural constraints Hardware Fault Tolerance (HFT) A hardware fault tolerance of N means that N+1 faults could cause a loss of the safety function. is a measure of redundancy is determined for each sub-system (each component) the weakest link of a subsystem determines the fault The voting is defined as follows The number of paths (N), which is the sum of the redundant paths (M) are required to run the safety function. Frequently referred to as NooM or XooY Examples 1oo2, 2oo3, 2oo4, etc. 48 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 24

Examples fault tolerance requirements Dangerous fault tolerance level: HFT=0: 1oo1 (no DFT requirement), 2oo2, 3oo3, 4oo4, 5oo5 HFT=1: 1oo2, 2oo3, 3oo4, 4oo5 (works in presence of 1 fault) HFT=2: 1oo3, 2oo4, 3oo5, 4oo6 (works in presence of 2 faults) The following systems are Safe Fault Tolerant: 2oo2, 2oo3, 3oo3, 2oo4, 3oo4, 4oo4, 2oo5, 3oo5, 4oo5, 5oo5, etc. 49 Basics of Functional Safety in Process Industry W. Grote example (demand mode) Protective function: tank with overfill protection LZA Level Control LC rd = radar Level LZA HH Valve LCV Valve LZV SIF 50 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 25

example (demand mode) Protective function: tank with overfill protection LZA HFT = 0 Level Control LC rd = radar 1oo1 for each device in the safety loop Level LZA HH Valve LCV Valve LZV SIF 51 Basics of Functional Safety in Process Industry W. Grote Demands from IEC standards: 1. Hardware Fault Tolerance 2. Safe Failure Fraction 52 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 26

Mean Time Between Failures (MTBF) operation No operation MTTF MTBF = MTTF + MTTR M T T R time MTBF is the expectation of the operating time between failures MTTF = Mean Time To Failure MTTR = Mean Time To Restore (Detect + Repair) 53 Basics of Functional Safety in Process Industry W. Grote Failure rate including diagnosis How devices fail? DU SU S total failure ratedd D SD Total failure rate λ Safe failure Safe detected (SD) Safe undetected (SU) Dangerous failure Dangerous detected (DD) Dangerous undetected (DU) Only for devices with constant failure rate MTBF = 1 / λ acc. IEC 61508 Teil 7 D.2.3.2 54 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 27

Safe Failure Fraction (SFF) IEC 61508 / 61511 SFF = λ SD + λ SU + λ DD λ SD + λ SU + λ DD + λ DU = 1 - λ DU λ Total What is it? A measure of the effectiveness of the built-in diagnostic 55 Basics of Functional Safety in Process Industry W. Grote Architectural constraints Hardware safety integrity Safe Failure Fraction (SFF) Hardware Fault Tolerance (HFT) Typ A Typ B N = 0 N = 1 N = 2 --- 0%...< 60% --- SIL1 SIL2 0%...< 60% 60%...< 90% SIL1 SIL2 SIL3 60%...< 90% 90%...< 99% SIL2 SIL3 SIL4 90% 99% SIL3 SIL4 SIL4 IEC 61508 Teil 2, Kap. 7.4.3.1.1 / Tab. 2&3 The behaviour of simple (type A) devices under fault conditions can be completely determined. The failure modes of all constituent components are well defined. Such components are metal film resistors, transistors, relays, etc. The behaviour of complex (type B) devices under fault conditions cannot be completely determined. The failure mode of at least one component is not well defined. Such components are e. g. microprocessors. 56 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 28

Safety manual Extract datasheet / safety manual (MACX MCR-UI-UI-UP) Type A-device (acc. EN 61508-2) Architectural 1oo1 HFT = 0 λsd λsu λdd λdu SFF 0 1,5 x 10-7 0 5,89 x 10-8 85,9 % Question: What is the highest SIL-ability? 57 Basics of Functional Safety in Process Industry W. Grote SFF Consideration: (demand mode, PFD) Protective function: tank with overfill protection LZA HFT = 0 Level Control LC rd = radar Level LZA HH Valve LCV Valve LZV SIF 58 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 29

Architectural constraints Hardware safety integrity Safe Failure Fraction (SFF) Hardware Fault Tolerance (HFT) Typ A Typ B N = 0 N = 1 N = 2 --- 0%...< 60% --- SIL1 SIL2 0%...< 60% 60%...< 90% SIL1 SIL2 SIL3 60%...< 90% 90%...< 99% SIL2 SIL3 SIL4 90% 99% SIL3 SIL4 SIL4 IEC 61508 Teil 2, Kap. 7.4.3.1.1 / Tab. 2&3 The behaviour of simple (type A) devices under fault conditions can be completely determined. The failure modes of all constituent components are well defined. Such components are metal film resistors, transistors, relays, etc. The behaviour of complex (type B) devices under fault conditions cannot be completely determined. The failure mode of at least one component is not well defined. Such components are e. g. microprocessors. 59 Basics of Functional Safety in Process Industry W. Grote SFF Consideration: Qualification of the individual components: Sensor (SE) Isolator F-Input F-Output Isolator Actor (FE) Safety SFF = 55% SFF = 85,9% PLC SIL3 Type A PLC SIL3 SFF = 85,9% SFF = 65% Type A PLC Type A Type A SIL 1 SIL 2 SIL 3 SIL3 SIL 3 SIL 2 SIL 2 SFF analysis of all components: SFF component allows only SIL 1 But, we need SIL2, How to achieve? 60 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 30

Architectural constraints Hardware safety integrity Safe Failure Fraction (SFF) Hardware Fault Tolerance (HFT) Typ A Typ B N = 0 N = 1 N = 2 --- 0%...< 60% --- SIL1 SIL2 0%...< 60% 60%...< 90% SIL1 SIL2 SIL3 60%...< 90% 90%...< 99% SIL2 SIL3 SIL4 90% 99% SIL3 SIL4 SIL4 IEC 61508 Teil 2, Kap. 7.4.3.1.1 / Tab. 2&3 The behaviour of simple (type A) devices under fault conditions can be completely determined. The failure modes of all constituent components are well defined. Such components are metal film resistors, transistors, relays, etc. The behaviour of complex (type B) devices under fault conditions cannot be completely determined. The failure mode of at least one component is not well defined. Such components are e. g. microprocessors, ASICs. 61 Basics of Functional Safety in Process Industry W. Grote SFF Consideration: (demand mode, PFD) Protective function: tank with overfill protection LZA (Redundancy) HFT = 1 Level Level Control LC HH rd = radar LZA HH 002 Level Valve LCV Valve LZV 002 LZA HH Valve LZV 62 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 31

SFF Consideration: Qualification of the individual components: Sensor (SE) Sensor (SE) SFF = 55% Type A SIL 1 SFF = 55% Type A Sensor (SE) SIL 1 Sensor SIL (SE) 2 Isolator SFF = 85,9% Type A SIL 2 F-Input PLC SIL3 SIL 3 PLC safety DCS SIL3 F-Output Isolator PLC SIL3 SFF = 85,9% Type A SIL 3 SIL 2 Actor (FE) SFF = 65% Type A SIL 2 Sensor (SE) SFF = 55% Type A SFF = 55% Type A SIL SIL 1 1 SFF analysis of all components: SFF component now allows SIL 2 Conclusion: Redundancy requirements depend on the suitability of the individual components. Question: Is this solution good enough? 63 Basics of Functional Safety in Process Industry W. Grote SFF Consideration: (demand mode, PFD) Protective function: tank with overfill protection LZA (Redundancy) HFT SE = 1 Level Level Control LC HH rd = radar LZA HH Level LZA HH Valve LCV Valve LZV 64 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 32

Solution of hardware fault tolerance Level switch (Vibration) Redundant Equipment Level switch (Vibration) Oil storage tank TK 65 Basics of Functional Safety in Process Industry W. Grote Redundancy What is redundancy? Definition: The use of multiple elements or subsystems to achieve the same (or parts of) safety function How redundancy can be achieved By the same hardware and / or SW or through diversity Does not always help against common cause failure 66 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 33

Examples of redundancy Level switch (Vibration) Redundant Equipment Level switch (Vibration) Errors in system 1 Common cause failure ß (<10%) Errors in system 2 The beta factor is the failure rate for the simultaneous failure of two or more channels following an incident with a common cause. 67 Basics of Functional Safety in Process Industry W. Grote Level gauge (Radar) Examples of diverse redundancy Level switch (Vibration) Diverse Equipment Errors in system 1 ß (~2%) Errors in system 2 The beta factor is the failure rate for the simultaneous failure of two or more channels following an incident with a common cause. 68 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 34

SFF Consideration: Sensor (SE) SFF = 55% Type A SIL 1 Sensor (SE) SIL 2 Isolator SFF = 85,9% Type A SIL 2 F-Input PLC SIL3 SIL 3 PLC safety DCS SIL3 F-Output Isolator PLC SIL3 SFF = 85,9% Type A SIL 3 SIL 2 Actor (FE) SFF = 65% Type A SIL 2 Sensor (SE) SFF = 55% Type A SIL 1 SFF analysis of all components: SFF component now allows SIL 2 Conclusion: Redundancy requirements depend on the suitability of the individual components. From an architectural view required SIL achieved, but. 69 Basics of Functional Safety in Process Industry W. Grote Overall Safety Lifecycle 1 2 Concept Overall scope definition 3 Hazard and risk analysis 4 Overall safety requirements 5 Overall Safety requirements allocation 6 Overall operation & maintenance planning Overall planning 7 Overall safety validation planning 8 Overall installation & commissioning planning 9 10 E/E/PE system safety requirements specification E/E/PE safety-related systems Realisation (see E/E/PE system safety lifecycle) Other risk 11 reduction measures Specification and Realisation 12 Overall installation & commissioning 13 Overall safety validation Back to appropriate overall safety lifecycle phase 14 Overall operation, maintenance & repair 15 Overall modification and retrofit Source: IEC 61508-1 ED2.0 2010 fig. 2 16 Decommissioning or disposal 70 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 35

PFD avg (Probability of Failure on Demand) demand mode SIL Safety Integrity Level PFD Probability of failure on demand RRF Risk Reduction Factor SIL 4 >=10-5 to <10-4 100000 to 10000 SIL 3 >=10-4 to <10-3 10000 to 1000 SIL 2 >=10-3 to <10-2 1000 to 100 SIL 1 >=10-2 to <10-1 100 to 10 PFD -> predominant in process industry! 71 Basics of Functional Safety in Process Industry W. Grote SIL defines required loop PFD Pipe to pipe Process pipe Process pipe Input A A D D Logic solver Protection Protection logic logic Output O O Vent. Air Safety valve Transmitter Sensors Final elements SIL PFD target for the SIF PFD SIF = PFD sensor(s) + PFD logic solver + PFD final element(s) 72 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 36

Simple example (demand mode) Protective function: tank with overfill protection LZA HFT = 0 1oo1 Level Control LC Level LZA HH Valve LCV Valve LZV SIF 73 Basics of Functional Safety in Process Industry W. Grote Formulas IEC 61508-6 Mode Architecture with low demand rate High demand or continuous mode 1oo1 PFDG = ( λdu + λdd ) tce λdu T1 λdd tce = + MTTR + MTTR λd 2 λd PFHG = λ DU 1oo2 2oo3 2 T1 PFDG = 2( ( 1 βd) λdd+ ( 1 β) λdu) tcet GE + βdλ DDMTTR+ βλdu + MTTR 2 λdu T1 λdd tce = + MTTR + MTTR λd 2 λd λdu T1 λdd tge = + MTTR + MTTR λd 3 λd 2 T1 PFDG = 6( ( 1 βd) λdd+ ( 1 β) λdu) tcet GE + βdλddmttr+ βλdu + MTTR 2 λdu T1 λdd tce = + MTTR + MTTR λd 2 λd λdu T1 λdd tge = + MTTR + MTTR λd 3 λd 2 PFH G = 2( ( 1 β D ) λdd + ( 1 β ) λdu ) tce + β DλDD + βλdu λdu T1 λdd tce = + MTTR + MTTR λd 2 λd 2 PFH G = 6( ( 1 β D ) λdd + ( 1 β ) λdu ) tce + β DλDD + βλdu λdu T1 λdd tce = + MTTR + MTTR λd 2 λd 1oo2D T1 PFDG = 2( 1 β) λdu( ( 1 βd ) λdd + ( 1 β) λdu + λsd) tce' tge' + βdλddmttr+ βλdu + MTTR 2 T1 λdu + MTTR + ( λdd + λsd) MTTR t 2 CE' = λ + λ + λ DU T1 λdu + MTTR + ( λdd + λsd) MTTR t 3 GE' = λ + λ + λ DU DD DD SD SD PFH = 2( 1 β ) λ (( 1 β ) λ + ( 1 β ) λ + λ ) t ' + β λ + βλ G DU T1 λdu + MTTR + ( λdd + λsd ) MTTR t 2 CE ' = λ + λ + λ DU DD D DD SD DU SD CE D DD DU 74 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 37

PFD simplify acc. ANSI / ISA S-84.01 1oo1 PFD avg = λ DU x TI 2 1oo2 PFD avg = ( λ DU ) 2 x TI 3 2 + β x λ DU x TI 2 1oo3 PFD avg = ( λ DU ) 3 x TI 4 3 + β x λ DU x TI 2 2oo3 PFD avg = ( λ DU ) 2 2 x TI + β x λ DU x TI 2 2oo4 PFD avg = ( λ DU ) 3 3 x TI + β x λ DU x TI 2 λ DU = Proportion of dangerous undetected faults β = Error that impacts on more than one channel of a redundant system (Common Cause) TI = Interval between manual functional testing of component 75 Basics of Functional Safety in Process Industry W. Grote Implementation PFD avg (T [PROOF) = 1 Jahr) SIF Safety Instrumented Function Sensor (SE) Isolator F-Input F-Output Isolator Actor (FE) Safety PLC SFF = 83% SFF = 85% SFF = 83% SFF = 65% Typ A HFT = 0 λdu = 43 FIT PFDavg = 1,9E-4 Typ A HFT = 0 λdu = 60 FIT PFDavg = 2,7E-4 SFF = 99% HFT = 0 λdu = 3 FIT PFDavg = 1E-6 Typ A HFT = 0 λdu = 73 FIT PFDavg = 3,2E-4 Type A HFT = 0 λdu = 124 FIT PFDavg = 1,1E-3 SIL 2 SIL 2 SIL 3 SIL 2 SIL 2 PFDSIF = PFDSensor + PFDIsolator + PFDPLC + PFDIsolator+ PFDActuator PFDSIF = 1,9*10-4 + 2,7*10-4 + 1*10-6 + 3,2*10-4 + 1,1*10-3 PFDSIF = 0,881 = ~ 1,9*10-3 SIL 2 requirement is achieved at T[Proof] = 1 Year PFDaim 10-3 < 10-2 1 FIT = 1 mistakes/ 10 9 h 76 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 38

Verification of a SIS SIS= Safety Instrumented System Sensor Sensor Digital Input Analog Input Logic System Digital Output Analog Output Actuator Actuator A safety instrumented system for one or more safety instrumented functions. 10 % Signal path 35% Sensor system and signal path 15 % Safety PLC 10 % Signal path 50% Actuator and signal path A safety instrumented system includes sensor(s), Logic system (solver) and actuator(s). Failure distribution in a safety instrumented control circuit 77 Basics of Functional Safety in Process Industry W. Grote Summary We know the history of the standards We are able to identify the risks (HAZOP) and quantify (Risk graph). We know the important SIL parameter (HFT, SFF, PFD,...) We are able to do a SFF Analysis and a simple PFD - calculation. 78 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 39

Safety Manual (Extract datasheet) λsd 0 λsu 3,7 x 10-7 λdd 0 λdu 6,0 x 10-8 SFF 85,9% T[Proof] = PFDavg = 1 Jahre 2 Jahre 3 Jahre 4 Jahre 5 Jahre 2,7 x 10-4 5,3 x 10-4 7,9 x 10-4 10,6 x 10-4 13,2 x 10-4 79 Basics of Functional Safety in Process Industry W. Grote Definitions 80 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 40

Definitions 81 Basics of Functional Safety in Process Industry W. Grote Definitions 82 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 41

Thank you for your attention. Be safe! Questions??? 83 Basics of Functional Safety in Process Industry W. Grote Wilfried Grote 42

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information