Вы находитесь на странице: 1из 33
TEESSIDE Section
TEESSIDE
Section

07/11/2012

04/03/2013

TEESSIDE Section 07/11/2012 04/03/2013 your safety … our future The Logical Solution for Safety 3

your safetyour future

The Logical Solution for Safety

3

TEESSIDE Section • Burner Management (BMS) • Emergency Shutdown System (ESD) • Fire & Gas

TEESSIDE

Section

TEESSIDE Section • Burner Management (BMS) • Emergency Shutdown System (ESD) • Fire & Gas Detection

Burner Management (BMS)

Emergency Shutdown System (ESD)

Fire & Gas Detection (F&G)

High Integrity Pressure Protection Systems (HIPPS)

Integrated Control & Safety System (ICSS)

Control Panels

Marshalling Cabinets

Instrument Cabinets

PLC Panels

DCS / SCADA

Tiled Mosaics

Train Control Systems selective door opening

Customer Information Systems (CIS)

Radio Remote Control

Locomotives

Cranes

Telemetry

SCADA

04/03/2013

Control • Locomotives • Cranes • Telemetry • SCADA 04/03/2013 07/11/2012 The Logical Solution for Safety
Control • Locomotives • Cranes • Telemetry • SCADA 04/03/2013 07/11/2012 The Logical Solution for Safety
Control • Locomotives • Cranes • Telemetry • SCADA 04/03/2013 07/11/2012 The Logical Solution for Safety

07/11/2012

The Logical Solution for Safety

4

TEESSIDE Section Hima-Sella is an independent market specialist, designing and supplying integrated safety, control and

TEESSIDE

Section

TEESSIDE Section Hima-Sella is an independent market specialist, designing and supplying integrated safety, control and

Hima-Sella is an independent market specialist, designing and supplying integrated safety, control and automation systems to the following industries :

control and automation systems to the following industries : l Chemical l Defence l 04/03/2013 Nuclear

l

Chemical

automation systems to the following industries : l Chemical l Defence l 04/03/2013 Nuclear l Oil

l

Defence

systems to the following industries : l Chemical l Defence l 04/03/2013 Nuclear l Oil &

l

04/03/2013

Nuclear

industries : l Chemical l Defence l 04/03/2013 Nuclear l Oil & Gas l Petrochemical l

l Oil & Gas

: l Chemical l Defence l 04/03/2013 Nuclear l Oil & Gas l Petrochemical l Power
: l Chemical l Defence l 04/03/2013 Nuclear l Oil & Gas l Petrochemical l Power
: l Chemical l Defence l 04/03/2013 Nuclear l Oil & Gas l Petrochemical l Power
: l Chemical l Defence l 04/03/2013 Nuclear l Oil & Gas l Petrochemical l Power

l

Petrochemical

l

Power

l

Steel

l

Transport

07/11/2012

The Logical Solution for Safety

5

TEESSIDE Section 04/03/2013 HIMatrix F30 Planar4 HIQuad 07/11/2012 The Logical Solution for Safety H I

TEESSIDE

Section

TEESSIDE Section 04/03/2013 HIMatrix F30 Planar4 HIQuad 07/11/2012 The Logical Solution for Safety H I M
TEESSIDE Section 04/03/2013 HIMatrix F30 Planar4 HIQuad 07/11/2012 The Logical Solution for Safety H I M

04/03/2013

HIMatrix F30

Planar4

HIQuad

07/11/2012

The Logical Solution for Safety

HIMax

6

TEESSIDE Section SIL Calculations Easy or Difficult Presentation by Ian Parry Functional Safety Specialist 07/11/2012

TEESSIDE

Section

TEESSIDE Section SIL Calculations Easy or Difficult Presentation by Ian Parry Functional Safety Specialist 07/11/2012

SIL Calculations

Easy or Difficult

Presentation by Ian Parry Functional Safety Specialist

07/11/2012

04/03/2013

The Logical Solution for Safety

7

TEESSIDE Section SIL calculations are easy Just follow Part 6 of the standard IEC 61508

TEESSIDE

Section

TEESSIDE Section SIL calculations are easy Just follow Part 6 of the standard IEC 61508 07/11/2012

SIL calculations are easy

Just follow Part 6 of the standard IEC 61508

07/11/2012

04/03/2013

The Logical Solution for Safety

8

TEESSIDE Section   Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10

TEESSIDE

Section

TEESSIDE Section   Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to
 

Abbreviations

Term (units)

Parameter ranges in tables B.2 to B.5 and B.10 to B.13

T

1

Proof test interval (h)

One month (730 h) 1 Three months (2 190 h) 1 Six months (4 380 h) One year (8 760 h) Two years (17 520 h) 2 10 years (87 600 h) 2

MTTR

Mean time to restoration (hour)

 

8

h

Note MTTR=MRT=8 hours based on the assumptions that the time to detect a dangerous failure, based on automatic detection is << MRT

MRT

Mean repair time (hour)

 

8

h

Note MTTR=MRT=8 hours

based on the assumptions that the time to detect a dangerous failure, based on automatic

04/03/2013

detection is << MRT

DC

Diagnostic coverage (expressed as a fraction in the equations and as a percentage elsewhere)

0 %

60 %

90 %

99 %

07/11/2012

 

The Logical Solution for Safety

9

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to

TEESSIDE

Section

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to B.13

Abbreviations

Term (units)

Parameter ranges in tables B.2 to B.5 and B.10 to B.13

β

The fraction of undetected failures that have a common cause (expressed as a fraction in the equations and as a percentage elsewhere) (tables B.2 to B.5 and B.10 to B.13 assume β = 2 × β D)

 

2 %

10

%

20

%

β

D

Of those failures that are detected by the diagnostic tests, the fraction that have a common cause (expressed as a fraction in the equations and as a percentage elsewhere)

 

1

%

 

5

%

(tables B.2 to B.5 and B.10 to B.13 assume β = 2 × βD)

10 %

β

DU

Dangerous Failure rate (per hour) of a channel in a subsystem

0.05 × 10 -6

0.25 × 10 -6

 

0.5

× 10 -6

2.5 × 10 -6

5.0

× 10 -6

25 × 10 -6

PFD G

Average probability of failure on demand for the group of voted Channels (If the sensor, logic or final element subsystem comprises of only one voted group, then PFDG is equivalent to PFDS, PFDL or PFDFE respectively)

 

PFD S

Average probability of failure on demand for the sensor subsystem

 

PFD L

Average probability of failure on demand for the logic subsystem

 

PFD FE

04/03/2013

Average probability of failure on demand for the final element

 

subsystem

PFD SYS

Average probability of failure on demand of a safety function for

 

the E/E/PE safety-related system

07/11/2012

The Logical Solution for Safety

10

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to

TEESSIDE

Section

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to B.13

Abbreviations

Term (units)

Parameter ranges in tables B.2 to B.5 and B.10 to B.13

PFH G

Probability of failure per hour for the group of voted channels (if the sensor, logic or final element subsystem comprises of only one voted group, then PFH G is equivalent to PFH S , PFH L or PFH FE respectively)

 

PFH S

Probability of failure per hour for the sensor subsystem

 

PFH L

Probability of failure per hour for the logic subsystem

 

PFH FE

Probability of failure per hour for the final element subsystem

 

PFH SYS

Probability of failure per hour of a safety function for the

 

E/E/PE safety-related system

07/11/2012

04/03/2013

The Logical Solution for Safety

11

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to

TEESSIDE

Section

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to B.13

Abbreviations

Term (units)

Parameter ranges in tables B.2 to B.5 and B.10 to B.13

λ

Total Failure rate (per hour) of a channel in a subsystem

 

λ

D

Dangerous failure rate (per hour) of a channel in a subsystem, equal to 0,5 λ (assumes 50 % dangerous failures and 50 % safe failures)

 

λ

DD

Detected dangerous failure rate (per hour) of a channel in a subsystem (this is the sum of all the detected dangerous failure rates within the channel of the subsystem)

 

λ

DU

Undetected dangerous failure rate (per hour) of a channel in a subsystem (this is the sum of all the undetected dangerous failure rates within the channel of the subsystem)

 

λ

SD

Detected safe failure rate (per hour) of a channel in a subsystem (this is the sum of all the detected safe failure rates within the channel of the subsystem)

 
 

04/03/2013

 

07/11/2012

The Logical Solution for Safety

12

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to

TEESSIDE

Section

TEESSIDE Section Abbreviations Term (units) Parameter ranges in tables B.2 to B.5 and B.10 to B.13

Abbreviations

Term (units)

Parameter ranges in tables B.2 to B.5 and B.10 to B.13

t

CE

Channel equivalent mean down time (hour) for 1oo1, 1oo2, 2oo2 and 2oo3 architectures (this is the combined down time for all the components in the channel of the subsystem)

 

t

GE

Voted group equivalent mean down time (hour) for 1oo2 and 2oo3 architectures (this is the combined down time for all the channels in the voted group)

 

t

CE

Channel equivalent mean down time (hour) for 1oo2D architecture (this is the combined down time for all the components in the channel of the subsystem)

 

t

GE

Voted group equivalent mean down time (hour) for 1oo2D architecture (this is the combined down time for all the channels in the voted group)

 

T

2

Interval between demands (h)

 

K

Fraction of the success of the auto test circuit in the 1oo2D system

04/03/2013

 

PTC

 

Proof Test Coverage

 

1

High demand or continuous mode only.

 

2

Low demand mode only

07/11/2012

The Logical Solution for Safety

13

TEESSIDE Section SIL calculations are easy Just follow Part 6 of the standard IEC 61508

TEESSIDE

Section

TEESSIDE Section SIL calculations are easy Just follow Part 6 of the standard IEC 61508 And

SIL calculations are easy

Just follow Part 6 of the standard IEC 61508

And the formulae therein.

07/11/2012

04/03/2013

The Logical Solution for Safety

14

TEESSIDE Section IEC 61508-2000 Part 6 formulae 07/11/2012 t CE = λ DU λ D

TEESSIDE

Section

TEESSIDE Section IEC 61508-2000 Part 6 formulae 07/11/2012 t CE = λ DU λ D P

IEC 61508-2000 Part 6 formulae

07/11/2012

t CE =

λDU

λD

PFD G =

04/03/2013

( T1

2

1oo1

+ MRT) +

λDD

λD

(λ DU + λ DD )t CE

MTTR

The Logical Solution for Safety

15

t GE = λ DU λ D ( T 1 3 TEESSIDE Section 1oo2 +

t GE =

λDU

λD

( T1

3

TEESSIDE

Section

1oo2

+ MRT) +

GE = λ DU λ D ( T 1 3 TEESSIDE Section 1oo2 + MRT )

λDD

λD

MTTR

PFD G = 2 ((1- β D )λ DD + (1 – β) λ DU ) 2 t GE t CE

07/11/2012

+

β D λ DD MTTR + β λ DU ( T1

2

04/03/2013

+ MRT)

The Logical Solution for Safety

16

TEESSIDE Section 2oo2 07/11/2012 PFD G = 04/03/2013 2 ( λ D U + λ

TEESSIDE

Section

2oo2

TEESSIDE Section 2oo2 07/11/2012 PFD G = 04/03/2013 2 ( λ D U + λ D

07/11/2012

PFD G =

04/03/2013

2 (λ DU + λ DD )t CE

= 2 x 1oo1

The Logical Solution for Safety

17

TEESSIDE Section 1oo2D t CE l = ( T1 + MRT) + (λ DD +

TEESSIDE

Section

1oo2D

TEESSIDE Section 1oo2D t CE l = ( T1 + MRT) + (λ DD + λ

t CE l

=

( T1 + MRT) + (λ DD + λ DU λ SD 2
( T1
+ MRT) +
(λ DD +
λ DU
λ SD
2

λ DU + ( λ DD + λ SD )

)MTTR

t GE l

=

T1

3

+ MRT

PFD G = 2 (1- β)λ DU ((1 – β) λ DU + (1- β D )λ DD + λ SD )t CE l t GE l

07/11/2012

04/03/2013

+

2(1-K) λ DD t CE l + β λ DU ( T1

2

+ MRT )

The Logical Solution for Safety

18

TEESSIDE Section 2oo3 PFD G = 6 ((1- β D ) λ D D +

TEESSIDE

Section

2oo3

TEESSIDE Section 2oo3 PFD G = 6 ((1- β D ) λ D D + (1

PFD G = 6 ((1- β D )λ DD + (1 –β) λ DU ) 2 t CE t GE

07/11/2012

+

β D λ DD MTTR + β λ DU ( T1

2

04/03/2013

+ MRT )

The Logical Solution for Safety

19

TEESSIDE Section SIL calculations are easy Just follow Part 6 of the standard IEC 61508

TEESSIDE

Section

TEESSIDE Section SIL calculations are easy Just follow Part 6 of the standard IEC 61508 And

SIL calculations are easy

Just follow Part 6 of the standard IEC 61508

And the formulae therein.

07/11/2012

04/03/2013

The Logical Solution for Safety

20

TEESSIDE Section SIL calculations are easy So we have following failure rate data 07/11/2012 04/03/2013

TEESSIDE

Section

TEESSIDE Section SIL calculations are easy So we have following failure rate data 07/11/2012 04/03/2013 λ

SIL calculations are easy

So we have following failure rate data

07/11/2012

04/03/2013

λ DU = 1

x E-09

λ DD = 1 x

λ S

= 8 x

E-06

E-06

The Logical Solution for Safety

21

TEESSIDE Section What does ‘safe’ and ‘dangerous’ mean? Terms “safe failure”, “dangerous failure” and

TEESSIDE

Section

TEESSIDE Section What does ‘safe’ and ‘dangerous’ mean? Terms “safe failure”, “dangerous failure” and

What does ‘safe’ and ‘dangerous’ mean?

Terms “safe failure”, “dangerous failure” and hence the “safe failure fraction”

for an instrument are only relevant with respect to the declared specific

application

For example, if:

λ TO OPEN = 50 FITS;

λ TO CLOSE = 500 FITS

Note : 1 FITS = 1.00 x 10 -9

Then : SFF can be either 50/(50+500) = 9%

or 500/(50+500) = 91%

(depending on which failure mode is the safe one for your application)

04/03/2013

Don’t reject a certificate for an instrument where your specific safety context is not defined and hence no SFF is given this might be totally appropriate!

07/11/2012

The Logical Solution for Safety

22

TEESSIDE Section 1oo1 ( Tx, logic solver, valve) t CE = λ DU λ D

TEESSIDE

Section

TEESSIDE Section 1oo1 ( Tx, logic solver, valve) t CE = λ DU λ D (

1oo1 ( Tx, logic solver, valve)

t CE =

λDU

λD

( T1

2

λ DU = 1 x

E-09

λ DD = 1 x

E-06

+ MRT) +

λDD

λD

MTTR

MTTR = MRT = 8hr

If MTTR << MRT

T1 = 1yr = 8760Hr

MRT = 8hr

t CE = 12.3756

PFD G = (λ DU + λ DD ) t CE = (1.001 x E-6) x (12.3756 )

07/11/2012

04/03/2013

= 1.238 x E-5

The Logical Solution for Safety

23

TEESSIDE Section B.3.2.1 Procedure for calculations The average probability of failure on demand of a

TEESSIDE

Section

B.3.2.1

Procedure for calculations

TEESSIDE Section B.3.2.1 Procedure for calculations The average probability of failure on demand of a safety

The average probability of failure on demand of a safety function for the E/E/PE safety-related system is determined by calculating and combining the average probability of failure on demand for all the subsystems which together provide the safety function. Since in this annex the probabilities are small, this can be expressed by the following (see figure B.2):

PFD SYS = PFD + PFD + PFD

where

PFDSYS is the average probability of failure on demand of a safety function for the

E/E/PE safety-related system;

PFDS is the average probability of failure on demand for the sensor subsystem;

PFDL is the average probability of failure on demand for the logic subsystem; and

PFDFE is the average probability of failure on demand for the final element subsystem

04/03/2013
04/03/2013

07/11/2012

The Logical Solution for Safety

24

04/03/2013 TEESSIDE Section REMEMEBER SIL calculations Come as two calculations!!!!! PFD or PFH AND Safe

04/03/2013

TEESSIDE

Section

04/03/2013 TEESSIDE Section REMEMEBER SIL calculations Come as two calculations!!!!! PFD or PFH AND Safe Failure

REMEMEBER

SIL calculations

Come as two calculations!!!!!

PFD or PFH

AND

Safe Failure Fraction - SFF

AND

HARDWARE FAULT TOLERANCE - HFT

07/11/2012

The Logical Solution for Safety

25

TEESSIDE Section So it is that easy All you need to do is the calculations

TEESSIDE

Section

So it is that easy

TEESSIDE Section So it is that easy All you need to do is the calculations 07/11/2012

All you need to do is the calculations

07/11/2012

04/03/2013

The Logical Solution for Safety

26

TEESSIDE Section 07/11/2012 Now the DIFFICULT Voting configurations? DATA source? β Beta Factors? Proof Test

TEESSIDE

Section

TEESSIDE Section 07/11/2012 Now the DIFFICULT Voting configurations? DATA source? β Beta Factors? Proof Test Intervals?

07/11/2012

Now the DIFFICULT

Voting configurations?

DATA source?

β Beta Factors?

Proof Test Intervals?

04/03/2013

The Logical Solution for Safety

27

TEESSIDE Section Voting configurations! 1oo1 / 2oo3 easy 1oo2 Is it either one to maintain

TEESSIDE

Section

TEESSIDE Section Voting configurations! 1oo1 / 2oo3 easy 1oo2 Is it either one to maintain operation

Voting configurations!

1oo1 / 2oo3 easy

1oo2

Is it either one to maintain operation or any one out of two to trip

2oo2

Is it either both to maintain operation or two out of two to trip

07/11/2012

04/03/2013

The Logical Solution for Safety

28

TEESSIDE Section DATA Sources 1) Supplier SIL data/ Certification Reports 2) Proven in Use 3)

TEESSIDE

Section

DATA Sources

TEESSIDE Section DATA Sources 1) Supplier SIL data/ Certification Reports 2) Proven in Use 3) OREDA/

1) Supplier SIL data/ Certification Reports

2) Proven in Use

3) OREDA/ EXIDA/FARADIP data bases

07/11/2012

04/03/2013

The Logical Solution for Safety

29

TEESSIDE Section β Beta Factors Beta factors are utilised in the voting configurations and are

TEESSIDE

Section

β Beta Factors

TEESSIDE Section β Beta Factors Beta factors are utilised in the voting configurations and are the

Beta factors are utilised in the voting configurations and are the common cause factors

The standard defines three values

07/11/2012

β = 2%, 10% and 20%

β D = 2%, 10% and 20%

Normal value is either 10 % or 20%

2% is usually only valid if advised by the supplier.

04/03/2013

The Logical Solution for Safety

30

TEESSIDE Section Proof Test Interval This is usually allocated as 1 year ( 8760hrs) However

TEESSIDE

Section

TEESSIDE Section Proof Test Interval This is usually allocated as 1 year ( 8760hrs) However this

Proof Test Interval

This is usually allocated as 1 year ( 8760hrs)

However this value should be supplied by End User as it a function of

the site testing routine.

Also sometimes when claiming compliance with a SIL level we have seen proof test intervals of 1 month applied by suppliers.

Ideally unless there is a pressing reason and the End User is in agreement then the PTI should not be less than 1 year.

04/03/2013

BE CAREFUL the PTI should not be more than 50% of the demand rate.

07/11/2012

The Logical Solution for Safety

31

TEESSIDE Section So while the calculations are EASY There are other considerations which also need

TEESSIDE

Section

TEESSIDE Section So while the calculations are EASY There are other considerations which also need to

So while the calculations are EASY

There are other considerations which also need to be addressed To ensure the system is compliant with the allocated SIL level.

These are the difficulties as it requires a competent person to make

supportable decisions that will have an influence on the systems SIL

capability.

07/11/2012

04/03/2013

The Logical Solution for Safety

32

TEESSIDE Section Discussion As always the questions are: 07/11/2012 What? Why? 04/03/2013 When? W How?

TEESSIDE

Section

Discussion

TEESSIDE Section Discussion As always the questions are: 07/11/2012 What? Why? 04/03/2013 When? W How? Where?

As always the questions are:

07/11/2012

What?

Why?

04/03/2013

When?

WHow?

Where?

Who?

With thanks to Rudyard Kipling

The Logical Solution for Safety

33

TEESSIDE Section 61508 Association Toolbox talks available on our website www.61508.org for free and unlimited

TEESSIDE

Section

TEESSIDE Section 61508 Association Toolbox talks available on our website www.61508.org for free and unlimited

61508 Association Toolbox talks available on our website www.61508.org for free and unlimited distribution so long as acknowledgment of source is included.

Hymn sheets

• Directors

• Senior management

• Purchaser

• Project Manager

• Project Engineer

• Inspection and QA

• Operations

• Maintenance

• Service Engineer

• Sales Person

• Installers

Other important information

• What is Functional Safety Management

• Proven In use, Prior use claims

• Functional Safety management cross-reference between IEC 61508 and IEC 61511

04/03/2013

SAFETY INSTRUMENTED SYSTEMS are too important to leave to chance! © 2001-2005, 61508 Association UK, All rights reserved.

07/11/2012

The Logical Solution for Safety

34

TEESSIDE Section
TEESSIDE
Section

07/11/2012

04/03/2013

TEESSIDE Section 07/11/2012 04/03/2013 your safety … our future The Logical Solution for Safety 35

your safetyour future

The Logical Solution for Safety

35